Posts by author rick

Uitdagingen bij de-Googling Android telefoon

Ik wilde mijzelf uitdagen om te kijken hoe goed een telefoon werkt zonder enige vorm van Google software en bibliotheken zoals Google Mobile Services (GMS).

Om de lat extra hoog te leggen maak ik ook geen gebruik van alternatieven welke GMS emuleren, zoals microG welke onder andere in /e/ gebruikt wordt. Ik maak gebruik van LineageOS.

Eerste uitdaging; ik kan niet makkelijk apps installeren. Als alternatief gebruik ik:

  • F-Droid
    • F-Droid Privileged Extension maakt automatische installatie via F-Droid mogelijk, echter dit was pittig lastig te installeren (sideloading met ADB root, script hacken, etc).
  • AuroraStore (helaas toch een beetje valsspelen, want deze maakt in de achtergrond gebruik van de Play Store infrastructuur).
    • Automatische installatie van apps vereist Aurora Services, welke bij mijn telefoon elke keer 'verdween' na een update (fix gemaakt).

Nu ik een manier had om apps te installeren kwam de volgende uitdagingen, heel veel apps gebruiken 'onbewust' delen van Google Mobile Services (GMS) of aanverwante Google bibliotheken, waardoor delen van de applicatie niet werkt.

Applicatie Niet/Matig/Bijna/Compleet Beschikbaarheid Opmerkingen
andOTP Compleet F-Droid
Catima Compleet F-Droid
Nextcloud Compleet F-Droid
Triodos Bankieren Compleet AuroraStore
NOS Bijna AuroraStore Push-notificaties werken niet. Bij afspelen van video's, waarschuwing 'geen ondersteuning' werkt wel
Signal Bijna AuroraStore Zeer hoog batterijverbruik
ParkMobile Matig AuroraStore Niet mogelijk om parkeeractie te starten (SMS of bellen als work-around, stoppen wel mogelijk
Strava Niet AuroraStore Inloggen werkt niet
DigiD Niet AuroraStore QR code scannen werkt niet, dus effectief niet te gebruiken
Tikkie Niet AuroraStore Inloggen werkt niet

Over de hoofdlijnen genomen is het een hele uitdaging om een telefoon te gebruiken zonder Google software en/of bibliotheken. Ik heb diverse (overheids) instellingen aangeschreven over de constatering dat hun applicatie niet (goed) werkt zonder Google bibliotheken, echter het uniforme antwoord is 'We nemen het mee in toekomstige ontwikkelingen'.

Kortom het nog wat voeten in aarde om software eco-systemen hier bewust van te maken en op te laten acteren.

GIMP at HiDPI screens

GIMP (2.10) has very small menu fonts on my screen which barely readable. I cannot found a way to increase the font size in the Preferences, how-ever editing the theme file is a easy quick fix.

For example for the 'System' theme:

$ diff -u /usr/share/gimp/2.0/themes/System/gtkrc.orig /usr/share/gimp/2.0/themes/System/gtkrc 
--- /usr/share/gimp/2.0/themes/System/gtkrc.orig        2021-09-14 16:26:24.970000000 +0200
+++ /usr/share/gimp/2.0/themes/System/gtkrc     2021-09-14 15:57:37.440000000 +0200
@@ -38,7 +38,7 @@
 
 # Uncommenting this line allows to set a different font for GIMP.
 #
-#font_name = "sans 10"
+font_name = "sans 20"
 
   GtkPaned::handle-size             = 6
   GimpDockWindow::default-height    = 300

CO2 compensatie voor gasverbruik is groenwassen

Bij tijd en wijlen komen er artikelen langs die spreken over CO2 'compensatie', zoals bijvoorbeeld bij de recente blogpost CO2-compensatie voor gasverbruik, hoe werkt dat? van samen|om.

Ik vind het storend om de term co2-compensatie en co2-reductie te gebruiken en vooral de manier waarop dit wordt gebruikt is feitelijk onjuist. Het gaat o.a. dan deze uitspraak: "Wanneer je aan CO2-compensatie doet, dan betekent dit dat je de hoeveelheid CO2 die je uitstoot op een andere manier weer terugdringt. Het resultaat hiervan is dat er netto geen extra CO2 bijkomt."

CO2-compensatie is geen "netto geen extra CO2 maatregel". Als je (bijvoorbeeld) 500kg CO2 uitstoot zonder CO2-compensatie, dan stoot je zonder CO2-compensatie 500kg CO2 uit. De CO2 die iemand anders uitstoot is hier niet aan verbonden en kan dan ook niet als uitgangspunt worden genomen.

Bij een CO2-compensatie van 500kg CO2 wordt er opeens gebruik gemaakt van een andere rekensom. Nu wordt wordt gesteld 500kg CO2 uitstoot + 500kg CO2 uitstoot door een externe partij. De laatste 500kg CO2 wordt verhinderd door de CO2-compensatie maatregel. De totale CO2 uitstoot is echter dan nog steeds 500kg CO2.

Het stellen dat bij CO2-compensatie 'netto geen extra CO2 bijkomt' is feitelijk onjuist, er komt in algemene zin namelijk nog steeds 500kg CO2 vrij. Het is niet zo dat met een klein bedrag de eigen impact 'afgekocht' kan worden, de impact is wel degelijk nog aanwezig.

Hierna spreken van CO2-reductie of CO2-neutraal is al helemaal verwarrend en onjuist, CO2 welke vrijkomt is per definitie een toename van de totale hoeveelheid CO2 in de atmosfeer. Zaken welke CO2 reduceren, dus de totale hoeveelheid CO2 verminderen in de atmosfeer, zijn zaken als CO2 direct air capture, bos bijplanten en bijhouden, onderhouden tot de eeuwigheid en dus niet 'CO2 compensatie uit andere projecten'.

Ik verwacht van 'om | nieuwe energie' een eerlijk en helder verhaal en dit valt hier niet onder.

Hardening TLS webserver to be 100% with internet.nl

Following the SIDN blogposts on implementing SPF, DKIM and DMARC in PostFix and implementing DANE in Postfix I got myself interested in getting two times an 100% score at the testing service internet.nl. The first badge is earned for mail services and secondly for web services.

Unfortually I cannot find a guide available which implements the IT Security Guidelines for Transport Layer Security (TLS) from National Cyber Security Centre (NCSC) within Apache HTTPD 2.4, which is my default webserver of choice.

I went for 'good'-ish instead of 'suffient', since I can manage the fall-out if stuff breaks in unexpected ways.

Alter change ssl_module settings, I am running FreeBSD www/apache24, so mine are found at /usr/local/etc/apache24/extra/httpd-ssl.conf:

SSLCipherSuite 'HIGH:-EXP:-LOW:-MEDIUM:-aNULL:-eNULL:-SRP:-PSK:-kDH:-ADH:-AECDH:-kRSA:-DSS:-RC4:-DES:-IDEA:-SEED:-ARIA:-AESCCM8:-3DES:-MD5:-DH'
SSLProxyCipherSuite 'HIGH:-EXP:-LOW:-MEDIUM:-aNULL:-eNULL:-SRP:-PSK:-kDH:-ADH:-AECDH:-kRSA:-DSS:-RC4:-DES:-IDEA:-SEED:-ARIA:-AESCCM8:-3DES:-MD5:-DH'

SSLHonorCipherOrder on 

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLUseStapling On
SSLStaplingCache "shmcb:/var/run/ssl_stapling(32768)"
SSLStaplingStandardCacheTimeout 3600
SSLStaplingErrorCacheTimeout 600

The 'magic' value posted at SSLCipherSuite is interpreted by openSSL to a list of available ciphers to use. For example:

openssl ciphers -v 'HIGH:-EXP:-LOW:-MEDIUM:-aNULL:-eNULL:-SRP:-PSK:-kDH:-ADH:-AECDH:-kRSA:-DSS:-RC4:-DES:-IDEA:-SEED:-ARIA:-AESCCM8:-3DES:-MD5:-DH'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1

The optional features of hardening websites was a bit more troublesome. Take a good read at the documentation at Mozilla Developer Network (MDN) of Access-Control-Allow-Origin, X-Frame-Options, X-Frame-Options, X-Content-Type-Options, Content-Security-Policy and Referrer-Policy. Especially Content-Security-Policy is troublesome since it disallows inline javascripts, which broke some unexpected functionality.

To enable include snippet in VirtualHost entry or httpd.conf root if you like to have it enabled globally.

# Make sure headers_module is loaded/enabled
Header always set Access-Control-Allow-Origin "*"
Header always set X-Frame-Options "DENY"
Header always set X-Content-Type-Options "nosniff"
Header always set Content-Security-Policy "default-src 'self'; frame-ancestors 'self'"
Header always set Referrer-Policy "same-origin"

Restart your Apache HTTPD webserver and get yourself tested at internet.nl.

Foscam VMS not showing device username/password

I changed a username/password to of one of my foscam devices, which I forgot to write down. The password was stored in the 'Foscam VMS' application, how-ever the GUI did not allow me to retrieve it.

Luckily for me the application was written in .NET and was very well debug-able. With tooling like ILSpy and dnSpy, the the database was found to be SQLite with encrypting using Legacy_CryptoAPI, which is deprecated/removed.

Wrote some glue-code (see attached) to remove encryption from the database. The decryption password was stored plain text in code.

Next browsing the database with SQLite Browser and mission accomplished.

Microsoft Teams meeting without looking at yourself

I find looking at myself when attending an MS teams call really distracting. It feels like looking at the mirror how-ever with just a very small delay.

Apparently I am not the only one who has to deal with this issue and not liking it.

Turning off the video feature is not the preferred option, since I do think conversations with video makes a better conversation.

The good old solution is a sticky note glued to your screen, covering your selfview. A more elegant digital alternative can be produced by using 'Sticky Notes' and an open source application called DeskPins.

Much bettter:

Creative Sound Blaster Z no sound under Fedora 33

I got myself an old Creative Sound Blaster Z to replace my build-in sound card, to amplify my sound experience, how-ever on first install I got myself into a pickle:

feb 24 22:54:52 technetium kernel: snd_hda_intel 0000:09:00.0: Direct firmware load for ctefx-desktop.bin failed with error -2
feb 24 22:54:52 technetium kernel: snd_hda_intel 0000:09:00.0: Direct firmware load for ctefx.bin failed with error -2
$ sudo lspci -v -s 09:00.0
09:00.0 Audio device: Creative Labs Sound Core3D [Sound Blaster Recon3D / Z-Series] (rev 01)
	Subsystem: Creative Labs SB1570 SB Audigy Fx
	Flags: bus master, fast devsel, latency 0, IRQ 39, IOMMU group 14
	Memory at fca04000 (64-bit, non-prefetchable) [size=16K]
	Memory at fca00000 (64-bit, non-prefetchable) [size=16K]
	Capabilities: [40] Power Management version 3
	Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
	Capabilities: [70] Express Endpoint, MSI 00
	Capabilities: [100] Advanced Error Reporting
	Capabilities: [140] Virtual Channel
	Capabilities: [170] Device Serial Number 00-00-00-00-00-00-00-00
	Capabilities: [180] Power Budgeting <?>
	Kernel driver in use: snd_hda_intel
	Kernel modules: snd_hda_intel

Found a brilliant suggestion Raymond (back in 2016):

$ dnf provides /lib/firmware/ctefx.bin
$ sudo dnf install alsa-firmware

Reboot the system and it was al working as expected.

Bonus tip if you want to switch between headphone and speaker output

If you STILL don't have sound, try opening alsamixer, selecting your card with
F6, and toggling "HP/Speaker Auto Detect" with the 'm' key. This switch sets
whether or not you want to manually select the output with the 'Output Select' control.

Credits The original writer of the driver Conmanx360

Output switch script

This will provide a shortcut to quickly switch between headphone and speaker output with (as bonus) an shortcut key for Gnome:

Create install directory if does not exists:

$ mkdir -p $HOME/bin

'Install' script audio-switch-output.sh script:

$ cat << 'EOF' > $HOME/bin/switch-audio-output.sh && chmod 755 $HOME/bin/switch-audio-output.sh
#!/bin/sh
#
# Quickly switch between headphones and speakers 
# Tested on Creative Sound Blaster Z soundcard which is assumed to be card0
#
cmd="amixer -c 0"
if $cmd sget 'Output Select',0 | grep -q "Item0: 'Speakers'"; then
	$cmd -q sset 'Output Select',0 'Headphone'
else
	$cmd -q sset 'Output Select',0 'Speakers'
fi
EOF

Warning: Be careful, this will override any existing custom gnome shortcut keys, use Gnome GUI Settings -> Keyboard Shortcuts.

Add shortcut to call script quickly:

$ cat <<EOF | DCONF_PROFILE=user dconf load /org/gnome/settings-daemon/plugins/media-keys/
[/]
custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/']

[custom-keybindings/custom0]
binding='<Primary><Alt>AudioMute'
command='$HOME/bin/switch-audio-output.sh'
name='Switch audio output'
EOF

Brother DCP-L3550CDW printer not printing

My DCP-L3550CDW printer was not printing multiple copies of the same document when asked via LibreOffice using the default (driverless) driver. It is most likely caused due to the fact the default driver does not implement the collate CUPS feature well so was hoping the Brother vendor provided DCP-L3550CDW driver is going to work fine.

How-ever printing revealed no output at all. Debugging output for the cups wrapper could be enabled (DEBUG=1) at file:/opt/brother/Printers/dcpl3550cdw/cupswrapper/brother_lpdwrapper_dcpl3550cdw which in turns stores debug logging at file:/tmp/br_cupswrapper_laser.log and file:/tmp/br_cupswrapper_laser_lpderr.

The last one give me a good error message:

Can't locate File/Copy.pm in @INC (you may need to install the File::Copy module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /opt/brother/Printers/dcpl3550cdw/lpd/filter_dcpl3550cdw line 9.
BEGIN failed--compilation aborted at /opt/brother/Printers/dcpl3550cdw/lpd/filter_dcpl3550cdw line 9.

The fix is easy:

$ sudo dnf install perl-File-Copy

And voila, printing of multiple copies is working. Big thanks to brother for providing linux printer drivers which can be debugged (unlike other vendors)!

Trac FullBlogPlugin comment spam

Even though I have enabled spam filtering the blog get swarmed with blog comment spam for some reason.

Since their are no user generated comments, time to start fresh again:

$ sudo -u www sqlite3 trac.db
sqlite> DELETE from fullblog_comments;

Next job, find out how the comments get here in the first place.


UPDATE 1 dec 2020:
Seems like Recaptcha2 is being automated or abused somehow:

Captcha (15): Human verified via CAPTCHA (Recaptcha2)

Deleted it in favor of my own running my own version... to be continued.

Fixing Medion GPU replacement issues

Got myself a old(er) MEDION "PC Medion Erazer X5308 F / B551 EU" with specs:

Model: MT 20
Type: MET MT 8047N
MSN: 1002 0291

on which I would like to downgrade the GPU since the installed one (NVIDIA GTX 970) was overspected and more useful somewhere else. Hoping to install an old ATI Radeon HD7870 card.

Trying to boot the machine resulted in a beeping system (long - short - short), this BIOS error code means something is wrong with the GPU.

Made sure PSU and GPU were both functioning as expected by plugging them into an alternative system, leaves me with a bit of a puzzle. Since the mainboard (type MS-7848) is custom made no manual could be found for good debugging.

After some searching around I stumbled on a similar error, how-ever the use-case is completely different. Thanks to Dragna at the MEDION Cummunity forum for answering his own question I found the hint I was looking for.

  - In the BIOS > Advanced > OS Settings -> Select Win7/Other.
  - Go in the CSM menu which just appeared and set everything to UEFI except "Launch Video OpROM policy" which should be set "Legacy".

Root cause pretty simple after all,the Sapphire HD 7870 does not support UEFI at all. Hence the modification of the BIOS settings to support the old legacy stuff.

Voila, problem solved. Yet another piece of hardware saved from the e-waste.

Testing 3 different USB ethernet dongles

Intro

I sometimes need extra ethernet connectivity for debugging and development. Lets have a look at some I have around. All dongles are tested with USB3 host system, unless otherwise stated. Testing is done with iperf3.

Linksys USB3GIG-EJ

Box says Linksys USB Ethernet adapter gigabit USB 3.0, works like a charm:

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51080 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   112 MBytes   943 Mbits/sec    0   3.15 MBytes       
[  5]   1.00-2.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   2.00-3.00   sec   111 MBytes   933 Mbits/sec    0   3.15 MBytes       
[  5]   3.00-4.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   4.00-5.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   5.00-6.00   sec   112 MBytes   943 Mbits/sec    0   3.15 MBytes       
[  5]   6.00-7.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   7.00-8.00   sec   111 MBytes   933 Mbits/sec    0   3.15 MBytes       
[  5]   8.00-9.00   sec   112 MBytes   943 Mbits/sec    0   3.15 MBytes       
[  5]   9.00-10.00  sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.10 GBytes   942 Mbits/sec    0             sender
[  5]   0.00-10.06  sec  1.10 GBytes   935 Mbits/sec                  receiver

iperf Done.

Wavlink NWU220G

The Wavlink WL-NWU220G is a USB 2.0 to Gigabit Ethernet Adapter. It's using the axe(4) driver under FreeBSD.

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51086 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  34.0 MBytes   285 Mbits/sec    0   1.56 MBytes       
[  5]   1.00-2.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   2.00-3.00   sec  30.0 MBytes   252 Mbits/sec    0   3.00 MBytes       
[  5]   3.00-4.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   4.00-5.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   5.00-6.00   sec  30.0 MBytes   252 Mbits/sec    0   3.00 MBytes       
[  5]   6.00-7.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   7.00-8.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   8.00-9.00   sec  30.0 MBytes   252 Mbits/sec    0   3.00 MBytes       
[  5]   9.00-10.00  sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   312 MBytes   261 Mbits/sec    0             sender
[  5]   0.00-10.13  sec   311 MBytes   258 Mbits/sec                  receiver

iperf Done.

Still impressive, it's almost maxing out the maximum transfer speed of USB2.0 protocol, but by far not the gigabit port.

Sitecom LN-030v3

Also have a old Sitecom LN-030v3 adapter lying around. It is a USB 2.0 adapter with 100 Mbit ethernet speed. It's using the ure(4) driver under FreeBSD.

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51094 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  14.1 MBytes   118 Mbits/sec    0    595 KBytes       
[  5]   1.00-2.00   sec  11.2 MBytes  94.3 Mbits/sec    0   1.14 MBytes       
[  5]   2.00-3.00   sec  11.2 MBytes  94.4 Mbits/sec    0   1.70 MBytes       
[  5]   3.00-4.00   sec  11.2 MBytes  94.4 Mbits/sec    0   2.26 MBytes       
[  5]   4.00-5.00   sec  11.2 MBytes  94.4 Mbits/sec    0   2.83 MBytes       
[  5]   5.00-6.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.00 MBytes       
[  5]   6.00-7.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.00 MBytes       
[  5]   7.00-8.00   sec  10.0 MBytes  83.9 Mbits/sec    0   3.00 MBytes       
[  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    1   1.41 KBytes       

iperf3: error - unable to receive control message: Connection reset by peer

Using USB3 ports is causing the module to 'choke' and resets itself, which is highly unwanted. Trying on an (old) USB2 port:

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51106 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  13.6 MBytes   114 Mbits/sec    0    601 KBytes       
[  5]   1.00-2.00   sec  12.4 MBytes   104 Mbits/sec    0   1.15 MBytes       
[  5]   2.00-3.00   sec  11.2 MBytes  94.4 Mbits/sec    0   1.71 MBytes       
[  5]   3.00-4.00   sec  11.2 MBytes  94.3 Mbits/sec    0   2.27 MBytes       
[  5]   4.00-5.00   sec  10.0 MBytes  83.9 Mbits/sec    0   2.83 MBytes       
[  5]   5.00-6.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   6.00-7.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   7.00-8.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   8.00-9.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   9.00-10.00  sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   115 MBytes  96.3 Mbits/sec    0             sender
[  5]   0.00-10.27  sec   115 MBytes  93.7 Mbits/sec                  receiver

iperf Done.

Excellent speed, how-ever 10x slower of course then the Linksys alternative.

Conclusion

If you need maximum performance, use the adapter suited for the job, how-ever when performance is not critical the older adapter are also still well suited for the job, how-ever bear in mind potential issues with USB devices dropping out, so (stress-)test your hardware before using it.

Fun fact: All USB Ethernet dongles roughly costed 20-25 EUR the moment I bought them, which makes interesting to see that technology really ages quickly, since the old dongles are basically worth-less :-).

UNIX programming under Windows 10: Dead key issue

Typing the shortcuts to your home directory with the tilde (~) sign, requires an extra space after the character when using an 'US International keyboard' layout which could be rather annoying since I type a lot.

Setting keyboards and languages is a mess under windows GUI settings, luckaly powershell to the rescue (thanks to this reddit post for the suggestion):

# Set some sane defaults (for NL programmer)
Set-WinUserLanguageList en-NL -Force

PS C:\Users\info> Get-WinUserLanguageList
LanguageTag     : en-NL
Autonym         : English (Netherlands)
EnglishName     : English
LocalizedName   : English (Netherlands)
ScriptName      : Latin
InputMethodTips : {2000:00000409}
Spellchecking   : True
Handwriting     : False


# Default keyboard layout of en-NL is 'US International', which includes dead keys
# really annoying for (UNIX) programming input.
PS C:\Users\info> Set-WinUserLanguageList en-NL -Force
PS C:\Users\info> Get-WinUserLanguageList


LanguageTag     : en-NL
Autonym         : English (Netherlands)
EnglishName     : English
LocalizedName   : English (Netherlands)
ScriptName      : Latin
InputMethodTips : {2000:00020409}
Spellchecking   : True
Handwriting     : False


# Change to 'US' to get rid of dead-keys
PS C:\Users\info> $someVar = Get-WinUserLanguageList
PS C:\Users\info> $someVar[0].InputMethodTips.Remove('2000:00020409')
True
PS C:\Users\info> $someVar[0].InputMethodTips.Add('2000:00000409')
PS C:\Users\info> Set-WinUserLanguageList $someVar -Force

PS C:\Users\info> Get-WinUserLanguageList


LanguageTag     : en-NL
Autonym         : English (Netherlands)
EnglishName     : English
LocalizedName   : English (Netherlands)
ScriptName      : Latin
InputMethodTips : {2000:00000409}
Spellchecking   : True
Handwriting     : False

Missing EXIF tags could make your android gallery look bad

I recently helped migration to an new android phone. One part of the process was to store old (WhatsApp) stored images on internal storage towards the external storage SD Card.

Installing the new phone revealed an unexpected fall-out of having all the old pictures being sorted as being taken today.

Close inspection revieved Android Media Store uses the EXIF CreateDate to store the moment the picture was taken, missing the tag, it will use the file modification date as backup. How-ever this modification date of course was reset, because the file was copied from internal storage, without preserving the file modification dates.

The first attempt of fixing the issue was by turning off the phone, removing the SD card and fix the modification time of every file, based on the date identifier found in the file e.g. $ touch -a -m -t 201906230000 IMG-20190623-WA001.jpg.

After an re-insert of SD and turning the phone back on, it was not fixing anything. Basically the re-indexing needed to be forced. This is best done by removing all data from the 'Media Storage' System App. Go to Settings -> Apps -> "3 dots button" -> "Show System Apps" -> "Media Storage" -> Storage -> "Clear Data" -> OK. And next reboot the phone and open the images overview on the SD card using Settings -> "Device Care" -> Storage -> "SD Card" -> "Images". Depending on the amount of pictures this could take a while before your device is responsive again.

So finally all pictures and videos are indexed again and the Gallery shows pictures and videos in good order again. All happy right? ... but wait what about Facebook App ... personally I would nuke it and never look back, how-ever some people do not care about being 'the product' and will happily 'pay' for the service by providing lots of personal data. Having this said, I like a good engineering puzzle, so let's get started.

Facebook App (and maybe others) are still showing pictures garbled, which is annoying when for example wanting to upload older pictures, since you have to scroll down a long while before getting to the good stuff again. Apparently facebook does not rely on the metadata generated by the "MediaStore" and generates it's own, how-ever it blindly ignores the file modified date if EXIF data is missing and simply tags the picture as being taken the moment it is indexed. So how-to fix it?

First and foremost we need help, by some very powerful software EXIFTool, this will help us create the required EXIF tags based on the date string found in the filename. So turn off the phone again and plug the SD Card into a computer ones more.

We are going to use this magic:

$ exiftool \  
    "-datetimeoriginal-=" \
    '-datetimeoriginal<${filename;$_=substr($_,4,8)} 00:00' \
    "-createdate-=" \
    '-createdate<${filename;$_=substr($_,4,8)} 00:00' \
    '-filemodifydate<${filename;$_=substr($_,4,8)} 00:00' IMG-*WA*

To explain a little:

  • Do not update DateTimeOriginal EXIF tag if already exists:

"-datetimeoriginal-="

  • Base the DateTimeOriginal EXIF tag on the filename, by selecting the 5th until 12th character in the filename and expanding this with time midnight (00:00). This special rule is required to ensure file named like IMG-20190405-WA-1290.jpg could be parsed without issues, normal syntax is causing 90 to be specified as minutes which causes errors on importing.

'-datetimeoriginal<${filename;$_=substr($_,4,8)} 00:00'

  • Same applies for EXIF CreateDate:
       "-createdate-=" \
        '-createdate<${filename;$_=substr($_,4,8)} 00:00' \
    
  • our previous $ touch equivalent is a nice-to-have yet not required:

'-filemodifydate<${filename;$_=substr($_,4,8)} 00:00' IMG-*WA*

Now, put your SD card back in the phone and turn it back on. Clear your facebook data "Settings -> Apps -> Facebook -> "Clear Data" -> "Ok' and restart your Facebook Apps and wait a long time again. After your phone (literally) cools down it's time to enjoy the result.

Firefox GTK File Upload Dialog not showing previews

I am confused about Firefox under linux not being about to properly preview all images in the "File Upload" dialog. Since camera's do not generate meaning file-name trying to guess/remember/pick the file-name to be used is annoying time consuming.

More-over the behaviour is not consistent, it only seems to happen on large image files, the small ones are generated properly.

Turns out I looking at a work-around for a CVE issue fixed 5 years ago, as seen in Firefox bugzilla issue:1184009.

The work-around consist of disabling the preview for pictures larger than 4096px in height or width). It has been reported multiple times to have it fixed, how-ever all cases being closed, as it was not safe enough.

5 years down the road an new argument comes to table seen at issue:1571984. "They need to re-implement it ourself, since the external library cannot be trusted.", which seems to make sense at first glance.

Leaves me wondering what they mean with "rigging up their own imagelib". Since 10 months has passed since the last comment. I guess it's challenge accepted, I will try to write a patch somehow ....

Removing master references from github repositories

I recently found out the term 'master' as repository name is considered offensive, since it is often used in conjunction with the term 'slave' Which in hindsight is indeed not correct to use.

Since it is not technology limiting how a branch is named, changing is just a matter of making of spending some time on it. If I can make the world a better place by renaming a few of repository trees, it's time well spend.

Since FreeBSD and subversion is using the word trunk together with branches for ages, so I thought it would make a much better alternative.

Switching is a semi-easy, first create and new branch:

$ git checkout -b trunk
Switched to a new branch 'trunk'
$ git push -u origin trunk
Total 0 (delta 0), reused 0 (delta 0)
remote: 
remote: Create a pull request for 'trunk' on GitHub by visiting:
remote:      https://github.com/rickvanderzwet/nagios-plugins/pull/new/trunk
remote: 
To https://github.com/rickvanderzwet/nagios-plugins.git
 * [new branch]        trunk -> trunk
Branch 'trunk' set up to track remote branch 'trunk' from 'origin'.

Deleting old branch:

$ git push origin --delete master
To https://github.com/rickvanderzwet/nagios-plugins.git
 ! [remote rejected]   master (refusing to delete the current branch: refs/heads/master)
error: failed to push some refs to 'https://github.com/rickvanderzwet/nagios-plugins.git'

Whoops make sure to change the GitHub default branch, in mine case found at:

https://github.com/rickvanderzwet/nagios-plugins/branches

And try again:

$ git push origin --delete master
To https://github.com/rickvanderzwet/nagios-plugins.git
 - [deleted]           master

# Delete local branch:
$ git branch -d master
Deleted branch master (was 82e57d4d).

# Update head reference pointer:
$ git remote set-head origin trunk

Dear IBUS don't steal CTRL+ALT+e shortcut in Gnome

I use terminator as my favorite terminal emulator, which uses the shortcut CTRL+ALT+e to open a new window (vertical split).

How-ever recently the key-binding is hijacked by the emojicon hipsters on GNOME to allow inserting emojicons.

To re-claim the key-binding, use ibus-setup and head to the 'Emoji' tab to free the keybinding.

Hacking Samsung SGH-E530 to kids phone

I have a old Samsung SGH-E530 phone which I wanted to convert to play phone. One worry about the phone was the ability to call emergency services (112, 911).

Flight mode was no option, since the phone had to be powered-down, which makes it quite useless as play phone.

Option number two involves drastic measures. Since I will not be needing any GSM capabilities any-more, let's take it out or at least the antenna bit.

Opening the phone was easy peasy, just remove 5 standard philips screws and good to go. Located the antenna, both internal and external and removed a few filter capacitors using tweezers to break them off the board. This will decouple the antenna.

Re-assembly and turning it back in, "Limited service 5 bars". A bit flaky though (holding the phone would make it drop a few bars) how-ever still stable enough to make calls.

Time for a revised plan, time to dive in again. Now locating the Power Amplifier Module (PAM), took the de-soldering station and removed the SKY77328-13 chip from the PCB.

Re-assembly and turning it back in, "Limited service 2 bars"!!! I am located 500 meters from a GSM tower (line of sight), so I am guessing this also helped the process.

Still more to be removed apparently. The "complete RF front end for multi-band GSM and GPRS wireless communications" SI4205-BM is the next canidate for heat-gun removal.

Re-assembly attempt number 3 and finally "No service available", guess I have hit the bulls-eye :-)

Bonus-challenge is setting the date or more precisely the year. The SGH-E530 will not accept the current year (2020), further inspection reveals the date must be set between 1-1-2020 and 31-12-2016. Either no engineer bothered to look this far in the future or a classical case of planned obsolescence.

I would like to set the date correctly to allow learning the day of the week kind of things. Every year the weekday to shift by 1 weekday (365 mod 7), except on a leap year, which is causing the weekday to shift by 2 weekdays.

I order to work around the date restriction I have to improvise. 1-1-2020 was a Wednesday, 6 years earlier, mind the leap-year 2016 in between, 1-1-2014 should be the solution. How-ever 2014 is not a leap-year unlike 2020, thus first of March 2014 is on a Saturday. 1st of March 2020 is located on on a Sunday.

Going back 6 more years to 2008 reveals an other interesting case. The leap-year criteria matches, how-ever located on Tuesday it's incorrect, since there are now 2 leap-years (2012 & 2018) involved.

Going back to 2003 gives me the correct weekday, how-ever no leap year. Going back to 1997, disqualifies as being no leap year. Next in line 1992. Jackpot, first of all a leap-year and secondly 1-1-1992 weekday is Wednesday.

My surprise grows since this behaviour (28 years) is consistent since 1-1-1964 is the next candidate in line. Which is even before UNIX Epoch Time, making it an unlikely candidate to even to be considered :-). I have tried to wrap my head around the math involved to explain it, how-ever I have to leave it "exercise left to the reader".

Back to my pressing matter of setting the right year allowing the weekdays to match has proven to be a rather difficult issue. I can only deal with it by using a work-around. Set the year to 2014 and at 1st of March change the year to 2015. Sounds like next level daylight saving time/summertime :-).

Fix broken UEFI BCD on WinRE Command Prompt

Reduce firefox spell checker languages on Fedora

I switch a lot between en_GB and nl_NL for spell checking in firefox in the context menu (right mouse click).

The context menu how-ever is really bulky showing all kind of languages I never use. Firefox running on Fedora is using file:/usr/share/myspell directory to populate this list.

One quick and dirty solution is to remove the ones I do not use. Since the are (luckily) all symlinks, this could be done in a breeze:

$ sudo find /usr/share/myspell -type l -delete

Grub on HiDPI screen

Inspired by the blog post Increase Font in GRUB for High DPI Screens from Ward Muylaert. I decided to try to make it work under Fedora 32 on a system which uses EFI boot.

First make the font compatible for grub: $ grub2-mkfont /usr/share/fonts/dejavu-sans-mono-fonts/DejaVuSansMono.ttf --size=48 --output=/boot/efi/EFI/fedora/fonts/DejaVuSansMono48.pf2

Next update the grub configuration: $ sudo grub2-mkconfig -o /etc/grub2-efi.cfg

Strictly speaking not required, how-ever I like to keep the files in sync: $ sudo grub2-mkconfig -o /etc/grub2.cfg

Alter content of file:/etc/default/grub to include font reference. The GRUB_TERMINAL_OUTPUT is optional, it should be included by default when specifying a new font.

#GRUB_TERMINAL_OUTPUT="console"
GRUB_TERMINAL_OUTPUT="gfxterm"

GRUB_FONT=/boot/efi/EFI/fedora/fonts/DejaVuSansMono48.pf2

Running zoom.us on a HiDPI screen

Working from remote requires tooling to communicate with co-workers. some are using zoom.us which has good linux support.

How-ever when started the whole interface is tiny-tiny since the Qt application does not honour the settings used to combat unreadable windows on my HiDPI screen.

Altering file:/usr/share/applications/Zoom.desktop and adding the required Qt tweaks (QT_SCALE_FACTOR=1 QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_SCREEN_SCALE_FACTORS=2) did the trick:

[Desktop Entry]
Name=Zoom
Comment=Zoom Video Conference
Exec=env QT_SCALE_FACTOR=1 QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_SCREEN_SCALE_FACTORS=2 /usr/bin/zoom %U
Icon=Zoom.png
Terminal=false
Type=Application
Encoding=UTF-8
Categories=Network;Application;
StartupWMClass=Zoom
MimeType=x-scheme-handler/zoommtg;x-scheme-handler/zoomus;x-scheme-handler/tel;x-scheme-handler/callto;x-scheme-handler/zoomphonecall;application/x-zoom;
X-KDE-Protocols=zoommtg;zoomus;tel;callto;zoomphonecall;
Name[en_US]=Zoom

Jumping around in bash shell

I jump around a lot in the terminal between different projects and activities. To avoid endless typing I have created aliases which allows me to quickly perform this task.

By adding the following entries to your .bashrc you will give access to the powerfull tools of jcd scd lcd. First and foremost goto a directory you would like to earmark. Type scd <alias-of-choice> and your entry will be stored. To go back to this directory type jcd <stored-alias> and you arrived at your destination. Tab completion also works to save typing some more.

function jcd {
        cd "$(grep "${1:-blank} /" ~/.jcd | cut -d' ' -f  2-)"
}

function scd {
        ( grep -v "^${1:-blank} /" ~/.jcd; echo ${1:-blank} `pwd` ) > ~/.jcd.new
        mv ~/.jcd.new ~/.jcd
}

function lcd {
        cat ~/.jcd | sed 's/ /\t = /'
}

function _listcd {
        COMPREPLY=()
        cur="${COMP_WORDS[COMP_CWORD]}"
        opts=$(awk '{print $1}' ~/.jcd | grep "^$2")
        COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
        return 0
}

complete -F _listcd jcd
complete -F _listcd scd

How-to limit spelling languages options in Firefox right-click context menu

I keep on forgetting the answer to my own question. Hence a repost:

$ sudo find /usr/share/myspell -type l -delete

source: Firefox Support Forum

Something went wrong with Google Mail

Well you could always store my message and try again later :-)

Netflix Phishing report failures

Dear Netflix,

If you offer a service for users to report phishing mails. You might want to consider removing your spam and phishing filter from the particular account.

Else the user ends up with a catch-22 :-)

Vlag uit de knoop

Vlaggenstok hack

Ik woon in een winderige hoek, waardoor de vlag tijdens uithangen elke keer in de war gaat. Gelukkig bied een stukje PVC ter grootte van de vlag een paar ty-wraps en slangenklemmen een nette oplossing.

Leuk staalje DIY huisvlijt :-)

PS: Slangenklemmen aan beiden zorgen ervoor dat ik de vlag ook halfstok kan hangen mocht het nodig zijn.

Fedora 29 not booting on Acer Aspire ES1-731

Got myself an interessting issue after installing Fedora 29 on an Acer Aspire ES1-731. After start it goes into an reboot loop, stating a cryptic message with phases BootOrder not found and grubx64.efi .

It turned out the Secure Boot has to be modified to allow the GRUB (Fedora Bootloader) to be 'trusted'.

Following the excelent intructions of Krallan on the Acer Community Forum got myself an working system again.

Cool, thanks Krallan!

PS: Press F2 during boot to get into the BIOS

Slow Firefox startup at Fedora

Firefox was starting really slow, taking almost 2 minutes before the startup screen was disabled. As suggested by Redhat bug 1290894 disabling the network connection will Firefox start at normal speed again. How-ever this is rather useless :-).

Running wireshark and strace revealed an interesting observation. Firefox (like many other programs) is first trying to resolve the machine hostname. Since this was not properly configured on my machine, it was not able to find the right answer.

Fixing it by adding the entry file:/etc/hosts

echo "127.0.0.1 $(hostname)" >> /etc/hosts

Updating Axis 70U

My friend gave me an AXIS 70U Documents Server. Quite old, yet perfectly usable. Updating them using their manual resulted in an obscure message:

500 Command unrecognized or not implemented.
Passive mode refused.

Forcing ftp in active mode (the default back in the days), fixed the issue:

$ ftp -A 192.168.178.102
Connected to 192.168.178.102 (192.168.178.102).
220 AXIS 70U Network Document Server V3.00 Feb 09 2007  ready.
Name (192.168.178.102:rick): root
331 User name ok, need password
Password:
230 User logged in
ftp> bin
200 TYPE set to I.
ftp> put 7000.bin flash
local: 7000.bin remote: flash
200 PORT command successful.
150 Opening data connection for flash (192,168,178,99,168,75), (mode binary).
221-Transfer complete, flash programming finished OK.
    Starting new software...
221 Reset, closing connection.
2262494 bytes sent in 68 secs (33.25 Kbytes/sec)
ftp> quit
226 Transfer complete.

XS4ALL IPTV multicast sources changed

Some of my XS4ALL (KPN) IPTV channels stopped workking properly. The started to stutter, normally an indication of trouble at multicast subscriptions. Looking at the logfile (while the little one was trying to watch BabyTV) I found the culprit:

The source address 217.166.226.39 for group 224.0.252.39, is not in any valid net for upstream VIF[0]. This address is part of a multicast block 217.166.0.0/16 assigned to KPN.

Adding this new network to file:/usr/local/etc/igmpproxy.conf using the altnet 217.166.0.0/16 made it all work again.

Ubuntu Server shorten motd message

Ubuntu MOTD gets more lengthly every time a new release comes around with all kind of 'usefull' information and even 'newsflashes'. To disable bits remove executable permissions from parts you do not care about in file:/etc/update-motd.d/

For example to disable the introduction links, motd 'news' and livepatch 'spam':

$ sudo chmod 0666 /etc/update-motd.d/10-help-text $ sudo chmod 0666 /etc/update-motd.d/50-motd-news $ sudo chmod 0666 /etc/update-motd.d/80-livepatch

You can check the result using:

$ sudo run-parts /etc/update-motd.d/

ownCloud client disable update notification

For some reason the Fedora 27 ownCloud client is nagging me for more than 3 weeks about the fact that my version is not yet up2date. This is utterly useless on a package managed Linux system. Since they also do not provide Fedora 27 packages on their website there is no simple way of getting the latest version.

Lucky there is a way to turn it of the notifications

ownCloud documentation nicely describes how-to disable the update notification.

Welcome (back)

After 4 years I have decided to recreate my digital dumping place for various bits and pieces.

Revenge of the jumpers

Searching for two hours why my X and Y direction stepper motors where not travelling the same distance when evoking the same amounts of steps. Turned out to be 'interesting'. By closer inspection of my jumpers which controlled the step sizes, it turned out one was 'empty'.

By replacing the jumper all where happy again. During my testing I noticed that the steps where also limited to 200um instead of 100um. By closer inspection this is caused by slack on the timer-belt. I am hoping to improve it by the means of using different belt.

I used a very simple test program for testing purposes, this basic framework is also nice if you want to play with single steps and all kind of other accuracy settings.

Line 
1// Pin headers for Megatronics v2.0 (MOTHERBOARD 701 in Marlin Firmware)
2#define X_STEP_PIN 26
3#define X_DIR_PIN 27
4
5#define Y_STEP_PIN 4 // A6
6#define Y_DIR_PIN 54 // A0
7
8#define Z_STEP_PIN 56 // A2
9#define Z_DIR_PIN 60 // A6
10
11unsigned long prevMillis;
12int steps = 0;
13bool dir = HIGH;
14
15void loop () {
16 // Reverse direction after 100 steps
17 if (steps == 100) {
18 dir = !dir;
19 steps = 0;
20 }
21
22 digitalWrite(X_DIR_PIN, dir);
23 digitalWrite(Y_DIR_PIN, dir);
24 // digitalWrite(Z_DIR_PIN, dir);
25 steps += 1;
26
27 digitalWrite(X_STEP_PIN, HIGH);
28 digitalWrite(Y_STEP_PIN, HIGH);
29 // digitalWrite(Z_STEP_PIN, HIGH);
30 delay(5);
31
32 digitalWrite(X_STEP_PIN ,LOW);
33 digitalWrite(Y_STEP_PIN ,LOW);
34 // digitalWrite(Z_STEP_PIN ,LOW);
35 delay(3);
36
37
38}

My first panorama


Pre-editing with Gimp, stitching with Hugin (Large Version)

One Way to Support the FreeBSD project

One way to support the FreeBSD project is to donate funds, but a much more interesting way of donating to the FreeBSD project is to run your own freebsd router/appliance/server which joins in on the FreeBSD ISO torrent website.

This a rather simple job. First install file:net-p2p/transmission-daemon and depending on your favorite way go for the web solution file:www/transmission-web --make sure to change the ACLs to match your setup-- or the CLI file:net-p2p/transmission-cli.

Next make sure TCP port 51413 inbound is allowed (or configure your transmission-daemon to use a different one.

Make sure you install at least the most popular ones (the full release versions like (file:8.1-RELEASE-amd64-all and file:8.1-RELEASE-i386-all). By manually adding the torrent links to the queue. Wait... you can also try my hack to automatically use the latest available torrents (useful to quickly get in sync on a new releases). Take a look at source:transmission/rss-sync.sh

As I have FreeBSD installed on CF card readonly, I host the torrents of a mobile USB hard drive mounted at file:/data which makes my config source:transmission/settings.json a bit different than the usual ones.

EFI and GPT two new kinds in town

Introduction

EFI (Extensible Firmware Interface) GPT (GUID Partition Table) have been around for a while. As a matter of fact the have been under my fingers for almost two years, as my MacBookPro4,1 had both available.

So why the sudden interest in them? I got forced re-installing my operating systems when I was playing around with FreeBSD experimental installs (say bye-bye to the partion table, my own fault!). Hence I thought it would be nice to make a QuadBoot+ system of it.

Using the good old MBR way I could in theory host 4 Operating Sytems, but their is a 'hidden' EFI firmware-to-be-installed-and-used-maybe-in-the-future-partion causing this great plan to fail. As this was claiming one of my presious MBR partions. So here is where GPT comes into handy. This partion scheme allows us to use as many partions as we want. And with an hybrid setup the 4 partions are synced back to MBR partions allowing the ooldies in OS world to still boot somehow.

So here is where EFI comes around the corner. As this (in theory) allows booting to other partitions as this is NOT a standard PC-BIOS thing ---and so does not behave like one _really_!--- you will endup in some big pain if things go wrong.

Planned setup

First things first. The Planned Partion layout with type and mount point if needed. Due to the hybrid setup partions can be dual labeled.

  1. EFI firmware
  2. Linux (ext4) (/ mountpoint)
  3. FreeBSD (ufs)
  4. Windows XP (NTFS)
  5. MacOSX (hfs+)
  6. Linux (swap)
  7. Linux (ext4) (/home mountpoint)
  8. FreeBSD (swap)
  9. Windows7 x64

Problems

First thing to wonder, why Windows XP on partion 4, just because, if you don't it simply fail no explanation possible. It also does NOT support any EFI/GPT magic so you will need the good old 'bootcamp'/hybrid way.

Secondly Windows7 x64. Note that the i386 versions does not support EFI at all. Also MacbookPro4,1 has UEFI implementation 1.1 while Windows7 _really_ needs UEFI implementation 2.0. So no luck for the Windows7 as well.

Next Linux (or Ubuntu 10.10 in my case). When you try to run it with a native EFI boot loader by following the guide: http://grub.enbug.org/TestingOnMacbook you will find yourself in a pretty useless situation as the linux kernel (and both nouveau/nvidia kernel modules) makes all kind of assumptions about having a PC-BIOS at all. The provided emulation is not actived when booting with native EFI and grub is (not yet) smart enough to get all going again. So you will end up with a not working system (altough bootable and with some basic screen capacities).

FreeBSD (8.1-RELEASE) does not even support booting natively from EFI yet (motivation found so far: the EFI loaders, provide enough BIOS emulation to get it booting anyways), but does support GPT out-of-the-box. But their gptboot enabled loader thinks as beeing the only one in the world and is not capable of booting any other operating system. So we are going to need GRUB2 to fire off this partion.

Working setup

  1. First of all install MACOSX and create your partions using the 'Disk Utility'. You can format them HFS+, and the windows partion FAT32 as you can savely reconfigure at later stages. But you really only need one FAT32 in your list of first 4, else the windows installer gets confused.
  2. Now intall rEFIt, this GUI EFI loader will save you a lot of keypressing and hoping the embedded bootloader picks the right CD/disk/whatever.
  3. (Optional): Install Windows XP, I have not tried it, but it should work fine.
  4. Have rEFIt 'resync' partions before trying to boot anything.
  5. Install Ubuntu, the GRUB2 bootloader automatically get installed on the MBR bit which we later need to boot all kind of OS fun.
  6. Have rEFIt 'resync' partions before trying to boot anything.
  7. Install FreeBSD, the manual way, don't use the sysinstall and DO NOT install the bootloader/bootmanager as this will have you to restart again.
  8. Point your Grub boot loader to also allow booting to FreeBSD (see my previous blog post).

Conclusion

GPT is a pretty usefull and workable subsistute for MBR, to finally get rid of the pain which comes when installing multiple Operating Systems (or versions of it) and is also nicely supported by all modern operating sytems.

EFI on the other hand really needs working on. GRUB2 and Linux, kind of work. But FreeBSD is not supported/working yet and also does not provide a native loader to start with. Windows7 really needs modern hardware which seems like a resonable choice as mine notebook is older than 2 years and is barely specd to run it anyways.

Will keep you posted as I really like to run native EFI powered OS to finally say goodbye to PC-BIOS. Which is in my option be around for far to long.

How-to boot FreeBSD with Grub2 under Ubuntu 10.10

I recently upgrade to Ubuntu 10.10. Which also caused grub to be updated to version 1.98 (to be exactly {1.98+201000804-5ubuntu3), which used a different syntax to define partitions instead of numbers which where off by one, they now use msdosX style formatting.

My FreeBSD is located at /dev/sda3 on a good old MBR partition table and I want to use the good old FreeBSD boot loader as well (so chainloading is required). To activate within Ubuntu. Put the following contents in file:/etc/grub.d/40_custom:

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
menuentry "FreeBSD (on /dev/sda3)" {
        savedefault
        insmod chain
        set root='(hd0,msdos3)'
        chainloader +1
}

Note: My hd0 is file:/dev/sda under Linux and got named file:/dev/ad6 under FreeBSD If you want to boot of a GPT partion use the following syntax

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
menuentry "FreeBSD (on /dev/ad6p3)" {
        savedefault
        insmod ufs2
        set root='(hd0,gpt3)'
        kfreebsd /boot/loader
}

Update your grub and use should be done: rick-eee$ sudo update-grub

Image sorting with oneliners

I have many images on my devices, which can become messy after a while. Today I like to have all my images from my (old) Nokia N95 archived in two (year) folders:

Tip: This require installing the exif package. Note: The quotes and -I templating is needed as some files contained spaces within them.

First find me all pictures including the thumbnails and other junk from some old photo editing software program and store them in an folder called dir:/media/RICK_250GB/Pictures/N95/ :

$ find . | grep -i 'jpg$' | grep -v '/\.' | grep -v 'Data\.noindex'  |\
  xargs -n 1 -I % sh -c "exif '%' | grep -q 'N95' && \
  cp '%' /media/RICK_250GB/Pictures/N95/"

Some other raw pictures also got included, I only want the ones from the N95 which have exact 11 digits and have prefix jpg. So get rid of all others:

$ cd /media/RICK_250GB/Pictures/N95/
$ ls | grep -v -E '^[0-9]{11,11}\.jpg*' | xargs -n 1 -I % rm '%'

Now store all in the correct folder:

$ cd /media/RICK_250GB/Pictures/N95/
$ mkdir 2008 2009 2010
$ ls * | xargs -n 1 -I % sh -c 'echo mv % `exif -t 0x9003  -m % | cut -c 1-4`/%' | sh