Expat-IT Tech Bits




Search this site:


/ (289)
  Admin/ (123)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (7)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (31)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)


  • 2019/06
  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Wed, 24 Sep 2014

    /Linux/Debian: Debian Multiarch on amd64

    You will need this for Skype, for example. If you try to install the current version


    on a newish 64-bit Debian machine, it will complain about a bunch of missing dependencies. What you need to do:

    dpkg --add-architecture i386
    apt-get update
    dpkg -i /path/to/skype-debian_4.2.0.11-1_i386.deb
    apt-get -f install

    after which a whole pile of *:i386 32-bit packages should install on your 64-bit machine. And skype should start now. But, you may find your sound does not work, as there seems to be a missing dependency. This

    apt-get install libpulse0:i386

    fixed it for me. Further note that you may have to add

    deb http://www.deb-multimedia.org <debian-version> main

    to your /etc/apt/sources.list to find some dependencies that are sometimes not available in vanilla Debian.

    posted at: 20:16 | path: /Linux/Debian | permanent link to this entry

    Sat, 06 Jul 2013

    /Linux/Debian/APT: Adding an Ubuntu PPA to Debian

    I seem to need to look this up once a year or so, so let's stop that. Add a line to /etc/apt/sources.list like this:

    deb http://ppa.launchpad.net/csoler-users/retroshare/ubuntu raring main

    You will need to tweak which version of Ubuntu to pull from, to correspond to your Debian version. After the first "apt-get update" there might be an error complaining about missing repository keys. Import as follows:

    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0AA42215

    where you get the last item from the error message. Re-run the update, and now (in this example) you can install retroshare.

    posted at: 05:40 | path: /Linux/Debian/APT | permanent link to this entry

    Tue, 30 Oct 2012

    /Linux/Debian/APT: Apt-Pinning and Mixing Multiple Repositories in the Same Machine

    I generally run a Debian Testing box, but frequently find the need to install stuff from the unstable repository. And I am getting tired of juggling my sources.list manually.

    So I have created the following file, with thanks to Paul Wise[1]:

    Package: *
    Pin: release a=testing
    Pin-Priority: 800
    Package: *
    Pin: release a=unstable
    Pin-Priority: 700
    Package: lintian
    Pin: release a=unstable
    Pin-Priority: 900

    and included sources for both testing and unstable in my sources.list. Note that a higher Pin-Priority gives that source a higher priority for sourcing the specified package(s).

    So now when I do an "apt-get upgrade" APT will pull updates from testing only, UNLESS the package does not exist in testing and only exists in unstable. And installing a newer version of a package that already exists in testing from the unstable repo is the usual

    apt-get install -t unstable packageName

    [1] http://bonedaddy.net/pabs3/log/2012/10/29/thoughts-on-debian-testing/

    posted at: 01:44 | path: /Linux/Debian/APT | permanent link to this entry

    Sat, 12 Sep 2009

    /Linux/Debian: Quick Start Networking on Debian

    This simple tutorial is meant to show the basics of how to get networking working on Debian Linux from the command line, and assumes at least that your network card has been recognized, the appropriate kernel module has been loaded, and a viable network interface initialized for the network card. This should all happen automatically on boot or card insertion, and if it does not, getting your card to work is unlikely to be a simple task.

    (Note that there are various GUIs that try to make networking "easy" in Linux, but in my experience they do not work very well, and once you know the command line method you will rarely crave a GUI....)

    All commands in this tutorial require a root terminal. The commands we are going to use are:

    To find out what live network interfaces you have, enter ifconfig:

    # ifconfig eth1 Link encap:Ethernet HWaddr 00:30:bd:d0:16:d0 inet addr: Bcast: Mask: inet6 addr: fe80::230:bdff:fed0:16d0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:41490 errors:57 dropped:0 overruns:0 frame:0 TX packets:43735 errors:10 dropped:15 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29486719 (28.1 MiB) TX bytes:13372215 (12.7 MiB) Interrupt:3 Base address:0x3100 lo Link encap:Local Loopback inet addr: Mask: inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 B) TX bytes:600 (600.0 B)

    In the above example, "lo" is the loopback interface (important but irrelevant to this tutorial) and "eth1" is the network interface with the outside world. In eth1, note:

    inet addr:

    which tells you that eth1 has an IP address (and in fact is my wireless card as I write this). Though not always strictly true, for the purposes of this tutorial, if there is no IP address, the network is not working. Now enter "ifconfig -a":

    # ifconfig -a eth1 Link encap:Ethernet HWaddr 00:30:bd:d0:16:d0 inet addr: Bcast: Mask: inet6 addr: fe80::230:bdff:fed0:16d0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:41860 errors:66 dropped:0 overruns:0 frame:0 TX packets:44166 errors:10 dropped:15 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29644024 (28.2 MiB) TX bytes:13420797 (12.7 MiB) Interrupt:3 Base address:0x3100 eth4 Link encap:Ethernet HWaddr 00:d0:59:c1:e6:79 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr: Mask: inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 B) TX bytes:600 (600.0 B)

    Note that "eth4" has now joined the party, and does not have an IP address. eth4 in fact is my on-board wired network card which I am not using and have turned off. "ifconfig" shows all active network interfaces, and "ifconfig -a" shows all network interfaces, including those that are not turned on.

    udev is the piece of software that is supposed to assign a unique network name (eth0, eth1, eth3, wlan0, etc.) to every network card plugged into your system, which should remain stable over reboots. (Of course, you can change this behavior and even choose what name is assigned to a given card.....)

    Now have a look at the file /etc/network/interfaces with your favorite text editor. Mine looks like this:

    # The loopback network interface auto lo iface lo inet loopback # wireless card auto eth1 iface eth1 inet dhcp wireless-essid any wireless-mode Managed # internal wired card iface eth4 inet dhcp
    Interfaces with an "auto" line should be started automatically on boot, in this case lo and eth1. "man interfaces" will tell you lots more about the contents of this file, but for the simplest case,
    iface eth4 inet dhcp

    specifies the configuration of the eth4 wired interface: the network will be queried for a dynamically assigned IP address via DHCP, and

    iface eth1 inet dhcp wireless-essid any wireless-mode Managed

    will do the same for the eth1 wireless interface. The 2nd and 3rd lines give the wireless card permission to connect to any wireless access point that it can find. (Of course, one can also not use DHCP and assign a static IP, and also specify the access point.... not covered here.)

    With a /etc/network/interfaces file with the above contents, at the root prompt issuing

    ifup eth1

    will start the wireless interface. If the card finds a willing and appropriately configured access point, ifconfig should show eth1 as having an IP address. You can find out more about what is going on with your wireless card (and reconfigure it) with the iwconfig command:

    # iwconfig lo no wireless extensions. eth4 no wireless extensions. eth1 IEEE 802.11-DS ESSID:off/any Mode:Managed Frequency:2.422 GHz Access Point: 00:40:05:D0:7F:9C Bit Rate:11 Mb/s Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=61/100 Signal level=27/100 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:35909

    You can also have a look at what other access points the wireless card is seeing with the iwlist command:

    # iwlist eth1 scan eth1 Scan completed : Cell 01 - Address: 00:40:05:D0:7F:9C ESSID:"15hao" Mode:Managed Channel:3 Quality:16/100 Signal level:16/100 Noise level:0/0 Encryption key:off

    Just one access point in this neighborhood....

    Suppose this is your home configuration, and at work you have a wireless network called 2WIRE162 protected (not very) with a WEP key. Add the following stanza to your /etc/network/interfaces file:

    iface work inet dhcp wireless-essid 2WIRE162 wireless-mode Managed wireless-key 0642243084
    In our /etc/network/interfaces file we have three physical network interfaces (lo, eth1, and eth4) and now we have added a "logical" interface called "work". A physical interface corresponds to a network card ("lo" is a special case that does not) and a logical interface *can be* associated with any physical interface. Ie.
    ifup eth1

    will cause eth1 to connect to any open access point in the vicinity, whereas

    ifup eth1=work

    will permit eth1 to only connect to an access point with an SSID of "2WIRE162" and a WEP key of "0642243084".

    WPA encryption, unlike WEP, provides real security, but is a little complicated to setup and will not be covered here. If you want WPA, you need to configure a piece of software called "wpasupplicant".

    posted at: 09:13 | path: /Linux/Debian | permanent link to this entry

    Sat, 23 May 2009

    /Linux/Debian/APT: Software Package Management in Debian (and Ubuntu)

    I particularly dislike graphical package managers, as they are all seem slow and, I think, not much easier to use then the command line. Here is a little quick start guide to using the command line to install and remove software in Debian or Ubuntu:

    Search for software:

    apt-cache search {space separated list of key words}
    Display information about a particular package:
    apt-cache show {name of package}
    Upgrade: update your software list and then upgrade all installed software to the latest version:
    apt-get update
    apt-get upgrade
    Install a defined list of packages:
    apt-get install {space separated list of package names}
    wajig, a useful utility: install wajig and less:
    apt-get update
    agt-get install wajig less
    Then "wajig list-commands", which will produce output that is more then one page long, so even better is:
    "wajig list-commands | less"

    (Exit less by entering "ZZ")

    "|" is the "pipe" operator, found on the same key as "\" on my keyboard, and is one of those whiz-bang UNIX features that, after you accumulate a short list, will leave you quite disinterested in ever going back to Micro$oft Windows.

    Hold a package and exclude it from automatice upgrades:

    'echo -e "python-pysqlite2 hold" | dpkg --set-selections'

    where python-pysqlite2 is the package to be held. Thereafter, when one performs an "apt-get upgrade" the held package appears in the "following packages have been kept back" section, and requires a manual "apt-get install python-pysqlite2" to re-instate the latest version.

    Revert a package to an older version:

    For instance, if you track "testing", but want to use the occasional unbroken package in "stable", your "/etc/apt/sources.list" should contain the following two lines:

    deb http://ftp.us.debian.org/debian/ testing main contrib non-free
    deb http://ftp.us.debian.org/debian/ stable main contrib non-free

    "testing" will take precedence over "stable" as it appears first in the list. Now suppose a just updated piece of "testing" software is broken. First find out what versions are available in your current archive:

    apt-cache policy python-pysqlite2

    To install an older version:

    apt-get install python-pysqlite2=2.4.1-1

    where the version identifier comes after the "=". And now, to prevent your just downgraded package from being clobbered by automatic upgrades, put the package on "hold", as described in the previous section.

    posted at: 04:35 | path: /Linux/Debian/APT | permanent link to this entry

    Tue, 06 Jan 2009

    /Linux/Debian: Debian: How to Modify a Source Package / Build a New Binary Package[1]

    Downloading, building, tweaking, and rebuilding a source tarball is not that difficult a concept for me at this point. Debian, however, has a very sophisticated (complex? obtuse? But I still love Debian....) packaging system.

    Quick & Dirty Method[5]:

    Say I am trying to debug something with the cron package:

    apt-get build-dep cron
    cd /to/where/you/want/to/install/your/source
    apt-get source cron
    cd cron-3.0
    modify the code
    DEB_BUILD_OPTIONS=debug,nostrip fakeroot debian/rules binary

    where dpkg-buildpackage builds a .deb and places it one directory up and debi installs the package. DEB_BUILD_OPTIONS are optional, but extremely useful if you are going to use gdb for debugging.

    Note that the package version is not changed with this method, and the next time you run "apt-get upgrade" it will want to replace your debug version of the package with the repository version.

    Patches & Versioning:

    Sorting out how to mess with source code using the "Debian way"[3] is not at all transparent. Roberto Sanchez' "Debian Package Customization HOWTO"[4] is better:

    Suppose someone sends you a patch that you want to test. Here is how you would obtain, patch, and build the source to create a new .deb with a unique version number, ready for installation:

    apt-get source foo
    cd foo-1.0
    patch -p0 < /path/to/patch/file/ # apply patch to source
    debchange -nmu  # See note below
    sudo apt-get build-dep foo # install build dependencies
    dpkg-buildpackage # build binary package from source

    "debchange -nmu" will bring up the changelog in your default editor. In addition to modifying the text of the log, it is also possible to modify the package version number in the header of the changelog entry. Sanchez[4] recommends decrementing the version, adding a ".0.0" to the end, then adding a "name.0" to that. "name.0" is the part you use locally to track local changes. The preceding decremented-version.0.0 tries to ensure that any packages that appear in the repository afterwards will take precedence over the local package, so that upstream updates get installed (assuming that is what you want).

    You should find your new .deb one directory up (..) with the version number as specified in the changelog.

    Note that you might optionally want to put the source under the control of the git[2] revision control system if you are going to make modifications yourself and submit patches.

    [1] http://www.debian-administration.org/articles/556
    [2] http://blog.langex.net/index.cgi/Coding/git-basics.html
    [3] http://www.debian.org/doc/maint-guide/
    [4] http://people.connexer.com/~roberto/howtos/debcustomize
    [5] http://women.debian.org/wiki/English/BuildingTutorial

    posted at: 08:24 | path: /Linux/Debian | permanent link to this entry

    Tue, 16 Dec 2008

    /Linux/Debian/WPA: Easy wpasupplicant on Debian

    A little poking around revealed that this file /usr/share/doc/wpasupplicant/README.Debian.gz was the secret sauce for getting wpasupplicant painlessly functioning on a Debian machine.

    Like with wireless-tools, Debian has integrated wpasupplicant into the /etc/network/interfaces file.

    To talk to a simple WEP-encrypted access point, this is the stanza I am using in /etc/network/interfaces:

    auto eth1
    iface eth1 inet dhcp
       wpa-ssid linksys
       wpa-key-mgmt NONE
       wpa-wep-key0 8453017892
       wpa-wep-tx-keyidx 0

    To achieve the same with wireless-tools instead, I have this stanza:

    iface home inet dhcp
       wireless-channel 11
       wireless-mode managed
       wireless-key 8453017892
       wireless-essid linksys

    and of course, "ifup eth1" and "ifup eth1=home" will both connect, the former using wpasupplicant and the latter using wireless-tools.

    Of course, the whole point of wpasupplicant is to talk to a WPA-encrypted access point. Stay tuned until I get a chance to try it again....

    posted at: 03:10 | path: /Linux/Debian/WPA | permanent link to this entry

    Sun, 07 Sep 2008

    /Linux/Debian: Running a Blosxom Site on Both Desktop and Server

    The goal, obviously, is to edit the site locally on my desktop where everything is very fast and convenient, and then periodically sync with the copy of my site on the server. This also has the advantage of automatically enforcing backups.

    Of course, one needs Apache installed on the desktop to see what is going on with the site as you edit. I started by installing the (Debian) libapache2-mod-fastcgi and libapache2-mod-perl2 modules. Then copied my whole blosxom site into a sub-directory of ~/public_html.

    Then, when I pointed my browser at the blosxom directory, all it would do would display the blosxom.cgi script without executing it. If I executed the script from the command line, ie "./blosxom.cgi", it would actually generate the home page html nicely. So there was clearly something wrong with the Apache configuration.

    As it turns out, Debian installs Apache with cgi scripts restricted to one system directory. Apache refuses to execute them anywhere else, like in /home, for instance. The Apache website[1] turned out to be the best source for a solution. I added the following code:

    <Directory /home/*/public_html>
         Options +ExecCGI
         AddHandler cgi-script .cgi

    to /etc/apache2/sites-available/default, and it was fixed! Onto the next problem....

    The path to my blosxom site is different on my desktop and on my server, which gives me problems in a couple of different places.

    The easy one is the link to my CSS style sheet in head.html. I made this link absolute to the copy on my server, ie.

    <link rel="stylesheet" type="text/css"

    So now both copies of the site pull the style sheet off the server.

    Slightly harder are the several paths hard-coded into blosxom.cgi. To work around this, I settled for two versions of the script. I use unison-gtk[2] to synchronize between desktop and server, so that after forking the two copies of the file I just tell unison to "ignore" the difference in the future (ie. it does not sync that file). Furthermore, to ensure the server copy gets backed up, I hard linked it to another file name, ie.

    ln blosxom.cgi blosxom.cgi.server

    which unison then dutifully keeps a copy of on my desktop.

    I have some hard-coded menu links in head.html that now just work on the server, not on the desktop, but I consider that to be a minor issue....

    [1] http://httpd.apache.org/docs/2.0/howto/cgi.html
    [2] http://www.cis.upenn.edu/~bcpierce/unison/

    posted at: 11:48 | path: /Linux/Debian | permanent link to this entry