Tuesday, July 29, 2014

Bad headphones

Don't go near http://www.ifrogz.com/earbuds/luxe-buds-earphones-in-ear-mic or http://www.complyfoam.com/products/s-400/.  I'll post more about headphones, but stick with Skullcandy on the low end and http://en-us.sennheiser.com/ and audio-technica, and http://www.monoprice.com/Product?c_id=108&cp_id=10823&cs_id=1082302&p_id=8323&seq=1&format=2 if you don't have the chedda for pricier 'cans.

Thursday, July 24, 2014

Applescript and Nerdtool for unread mail notification redux

Okay, so I also wanted to check mailboxes other than the inbox for different accounts. I extended the previous AppleScript to this:
-- http://erikslab.com/2007/08/31/applescript-how-to-split-a-string/
on split(theString, theDelimiter)
    -- save delimiters to restore old settings
    set oldDelimiters to AppleScript's text item delimiters
    -- set delimiters to delimiter to be used
    set AppleScript's text item delimiters to theDelimiter
    -- create the array
    set theArray to every text item of theString
    -- restore the old setting
    set AppleScript's text item delimiters to oldDelimiters
    -- return the result
    return theArray
end split

on run args
    set a to 0
    repeat with arg in args
        set splitted to split(arg, ":")
        set thisAccount to item 1 of splitted
        set thisMailbox to item 2 of splitted
        tell application "Mail"
            if it is running then
                set a to a + the (unread count of mailbox thisMailbox of account thisAccount)
            end if
        end tell
    end repeat
    return a
end run

Now, one can pass any number of "Account:Mailbox" tuples to check all the mailboxes one wishes.

Wednesday, July 23, 2014

Applescript and Nerdtool for unread mail notification

I previously blogged about updating Mail Unread Menu (http://loganrockmore.com/mailunreadmenu/) -- http://www.k336.org/2012/09/mail-unread-menu-and-53.html  I've long liked the functionality (I really don't like notifications popping up all the time and distracting me -- much better to have an unobtrusive indicator that I can look at when I want), but that went away with my upgrade to Mavericks.  I understand the work involved in keeping software up to date when OSs etc. change, so I have no problems with it falling behind. Instead, I wrote an AppleScript and connected it to Nerdtool (http://mutablecode.com/apps/nerdtool.html) that I really like.  Here's the AppleScript:
on run argv
    set a to 0
    repeat with currentAccount in argv
        tell application "Mail"
            set a to a + the (unread count of mailbox "INBOX" of account currentAccount)
        end tell
    end repeat
end run

One needs to call it with the Mail.app accounts one wants checked:

What would be even better is if some wrote a Cocoa/Objective C app that monitors a file or listens to a name FIFO and displays a short text string in the menubar. I wish I had time to write such a beast -- maybe when I retire...

Monday, July 14, 2014

Notes from a Mavericks upgrade

Went pretty well, all in all.  To get rid of a pesky "can't be opened because it is from an unidentified developer" error, I did:
xattr -dr com.apple.quarantine /Applications/ShellHere.app

Wednesday, June 4, 2014

OSSEC custom rules

I use and like OSSEC (http://www.ossec.net/) on all my machines, but to cut down on some of the noise, I have a few local rules. These first two block IP addresses immediately on bad ssh login attempts (for root and admin (I don't allow root logins on any machines -- that's why there is sudo)) -- no reason to wait for multiple attempts.
<group name="syslog,">

  <rule id="100001" level="10">
    <if_sid>5500</if_sid>
    <match>user=root$|user=admin$</match>
    <description>Root login attempted.</description>
    <group>authentication_failed,</group>
  </rule>

  <rule id="100002" level="10">
    <if_sid>5700</if_sid>
    <match>^reverse mapping</match>
    <regex>failed - POSSIBLE BREAK</regex>
    <description>Reverse lookup error (bad ISP or attack).</description>
  </rule>

</group>

Monday, May 19, 2014

Google limiting IMAPS connections

Well, it was bound to happen: Google rejecting IMAPS connections because I had too many simultaneous connections.  Too many accounts for the places I'm affiliated with.  In Apple mail, turn off "Use IDLE command if server supports it", and life should be better:

Tuesday, May 13, 2014

Restart backintime

There's a directory "~/.local/share/backintime" where backintime keeps its information.  Specifically, the worker.lock contains the PID of the process; "kill `cat ~/.local/share/backintime/worker.lock`" stop the currently-running process. The "worker.message" file contain the message displayed in the tray notifier or backintime-gnome, and the "takesnapshot_.log" contains lots of good debugging messages if needed.

Friday, May 9, 2014

OS X and tsocks

I wanted to play around with tsocks, but it had multiple issues with compiling and working under OS X.  I downloaded 1.8 beta 5 (from 2002!) from http://tsocks.sourceforge.net/  Here are the patches that worked for me, collected from a number of places hiding on the web.
===================================================================
RCS file: RCS/Makefile.in,v
retrieving revision 1.1
diff -c -r1.1 Makefile.in
*** Makefile.in    2014/05/09 16:50:45    1.1
--- Makefile.in    2014/05/09 17:28:10
***************
*** 13,19 ****
  
  SHELL = /bin/sh
  MKINSTALLDIRS = ${SHELL} mkinstalldirs 
! SHCC = ${CC} -fPIC 
  INSPECT = inspectsocks
  SAVE = saveme
  LIB_NAME = libtsocks
--- 13,19 ----
  
  SHELL = /bin/sh
  MKINSTALLDIRS = ${SHELL} mkinstalldirs 
! SHCC = ${CC}
  INSPECT = inspectsocks
  SAVE = saveme
  LIB_NAME = libtsocks
***************
*** 23,29 ****
  SCRIPT = tsocks
  SHLIB_MAJOR = 1
  SHLIB_MINOR = 8
! SHLIB = ${LIB_NAME}.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
  
  INSTALL = @INSTALL@
  INSTALL_DATA = @INSTALL_DATA@
--- 23,30 ----
  SCRIPT = tsocks
  SHLIB_MAJOR = 1
  SHLIB_MINOR = 8
! SHLIB = ${LIB_NAME}.dynlib
! DYNLIB_FLAGS=-dynamiclib
  
  INSTALL = @INSTALL@
  INSTALL_DATA = @INSTALL_DATA@
***************
*** 47,57 ****
      ${SHCC} ${CFLAGS} ${INCLUDES} -o ${INSPECT} ${INSPECT}.c ${COMMON}.o ${LIBS} 
  
  ${SAVE}: ${SAVE}.c
!     ${SHCC} ${CFLAGS} ${INCLUDES} -static -o ${SAVE} ${SAVE}.c
  
  ${SHLIB}: ${OBJS} ${COMMON}.o ${PARSER}.o
!     ${SHCC} ${CFLAGS} ${INCLUDES} -nostdlib -shared -o ${SHLIB} ${OBJS} ${COMMON}.o ${PARSER}.o ${DYNLIB_FLAGS} ${SPECIALLIBS} ${LIBS}
!     ln -sf ${SHLIB} ${LIB_NAME}.so
  
  %.so: %.c
      ${SHCC} ${CFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@
--- 48,57 ----
      ${SHCC} ${CFLAGS} ${INCLUDES} -o ${INSPECT} ${INSPECT}.c ${COMMON}.o ${LIBS} 
  
  ${SAVE}: ${SAVE}.c
!     ${SHCC} ${CFLAGS} ${INCLUDES} -o ${SAVE} ${SAVE}.c
  
  ${SHLIB}: ${OBJS} ${COMMON}.o ${PARSER}.o
!     ${SHCC} ${CFLAGS} ${INCLUDES} -o ${SHLIB} ${OBJS} ${COMMON}.o ${PARSER}.o ${DYNLIB_FLAGS} ${SPECIALLIBS} ${LIBS}
  
  %.so: %.c
      ${SHCC} ${CFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@
***************
*** 68,75 ****
  installlib:
      ${MKINSTALLDIRS} "${DESTDIR}${libdir}"
      ${INSTALL} ${SHLIB} ${DESTDIR}${libdir}
-     ln -sf ${SHLIB} ${DESTDIR}${libdir}/${LIB_NAME}.so.${SHLIB_MAJOR}
-     ln -sf ${LIB_NAME}.so.${SHLIB_MAJOR} ${DESTDIR}${libdir}/${LIB_NAME}.so
  
  installman:
      ${MKINSTALLDIRS} "${DESTDIR}${mandir}/man1"
--- 68,73 ----
===================================================================
RCS file: RCS/configure,v
retrieving revision 1.1
diff -c -r1.1 configure
*** configure    2014/05/09 16:42:31    1.1
--- configure    2014/05/09 16:42:45
***************
*** 4287,4293 ****
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for correct poll prototype" >&5
  $as_echo_n "checking for correct poll prototype... " >&6; }
  PROTO=
! for testproto in 'struct pollfd *ufds, unsigned long nfds, int timeout'
  do
    if test "${PROTO}" = ""; then
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
--- 4287,4293 ----
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for correct poll prototype" >&5
  $as_echo_n "checking for correct poll prototype... " >&6; }
  PROTO=
! for testproto in 'struct pollfd *ufds, nfds_t nfds, int timeout'
  do
    if test "${PROTO}" = ""; then
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
===================================================================
RCS file: RCS/tsocks.c,v
retrieving revision 1.1
diff -c -r1.1 tsocks.c
*** tsocks.c    2014/05/09 16:45:58    1.1
--- tsocks.c    2014/05/09 17:25:16
***************
*** 68,74 ****
  static char *conffile = NULL;
  
  /* Exported Function Prototypes */
- void _init(void);
  int connect(CONNECT_SIGNATURE);
  int select(SELECT_SIGNATURE);
  int poll(POLL_SIGNATURE);
--- 68,73 ----
***************
*** 100,105 ****
--- 99,105 ----
  static int read_socksv5_connect(struct connreq *conn);
  static int read_socksv5_auth(struct connreq *conn);
  
+ __attribute__((constructor))
  void _init(void) {
  #ifdef USE_OLD_DLSYM
      void *lib;
***************
*** 191,199 ****
      struct sockaddr_in *connaddr;
      struct sockaddr_in peer_address;
      struct sockaddr_in server_address;
!    int gotvalidserver = 0, rc, namelen = sizeof(peer_address);
      int sock_type = -1;
!     int sock_type_len = sizeof(sock_type);
      unsigned int res = -1;
      struct serverent *path;
     struct connreq *newconn;
--- 191,200 ----
      struct sockaddr_in *connaddr;
      struct sockaddr_in peer_address;
      struct sockaddr_in server_address;
!     int gotvalidserver = 0, rc;
!     socklen_t namelen = sizeof(peer_address);
      int sock_type = -1;
!     socklen_t sock_type_len = sizeof(sock_type);
      unsigned int res = -1;
      struct serverent *path;
     struct connreq *newconn;
I also rewrote the actual tsocks shell script, fixing it up for OS X in the process.
#!/bin/sh
# Wrapper script for use of the tsocks(8) transparent socksification library
#
# There are three forms of usage for this script:
#
# /usr/bin/tsocks program [program arguments...]
#
# This form sets the users DYLD_INSERT_LIBRARIES environment variable so that tsocks(8) 
# will be loaded to socksify the application then executes the specified 
# program (with the provided arguments). The following simple example might 
# be used to telnet to www.foo.org via a tsocks.conf(5) configured socks server:
#
# /usr/bin/tsocks telnet www.foo.org
#
# The second form allows for tsocks(8) to be switched on and off for a 
# session (that is, it adds and removes tsocks from the DYLD_INSERT_LIBRARIES environment
# variable). This form must be _sourced_ into the user's existing session
# (and will only work with bourne shell users):
#
# . /usr/bin/tsocks on
# telnet www.foo.org 
# . /usr/bin/tsocks off
# 
# Or
# 
# source /usr/bin/tsocks on
# telnet www.foo.org
# source /usr/bin/tsocks off
#
# The third form creates a new shell with DYLD_INSERT_LIBRARIES set and is achieved
# simply by running the script with no arguments 
# 
# /usr/bin/tsocks
#
# When finished the user can simply terminate the shell with 'exit'
# 
# This script is originally from the debian tsocks package by 
# Tamas Szerb <toma@rulez.org>

if [ $# = 0 ] ; then
   echo "$0: insufficient arguments"
   exit
fi

case "$1" in
    on)
        export DYLD_FORCE_FLAT_NAMESPACE=1 
        export DYLD_INSERT_LIBRARIES="/lib/libtsocks.dynlib"
        ;;
    off)
        unset DYLD_FORCE_FLAT_NAMESPACE
        unset DYLD_INSERT_LIBRARIES
        ;;
    show|sh)
        echo "DYLD_INSERT_LIBRARIES=\"$DYLD_INSERT_LIBRARIES\""
        ;;
    -h|-?)
        echo "$0: Please see tsocks(1) or read comment at top of $0"
        ;;
    *)
        export DYLD_FORCE_FLAT_NAMESPACE=1 
        export DYLD_INSERT_LIBRARIES="/lib/libtsocks.dynlib"

        if [ $# = 0 ]
        then
            ${SHELL:-/bin/sh}
        fi

        if [ $# -gt 0 ]
        then
            exec "$@"
        fi
    ;;
esac

#EOF

Hope this helps someone.

Tuesday, April 29, 2014

Debian on a Soekris Net5501

CentOS requires an i686 processor, so that's out.
Thankfully, Debian releases a distribution for older processors, thanks Debian!
Debian does require 80M of memory, so the Net4501 is out. Use a BSD distribution for those.
Add a USB to serial connector and USB to ethernet connector.
Plug USB to ethernet connector into Eth 0 on Soekris.
Bring up USB to ethernet connector with address 192.168.0.1 (mine sits at eh3).

Start a tfpt server on by making sure /System/Library/LaunchDaemons/tftp.plist looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Disabled</key>
        <true/>
        <key>Label</key>
        <string>com.apple.tftpd</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/libexec/tftpd</string>
                <string>-i</string>
                <string>/private/tftpboot</string>
        </array>
        <key>inetdCompatibility</key>
        <dict>
                <key>Wait</key>
                <true/>
        </dict>
        <key>InitGroups</key>
        <true/>
        <key>Sockets</key>
        <dict>
                <key>Listeners</key>
                <dict>
                        <key>SockServiceName</key>
                        <string>tftp</string>
                        <key>SockType</key>
                        <string>dgram</string>
                </dict>
        </dict>
</dict>
</plist>

and then launching it with "sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist". You stop it with "sudo launchctl unload -w /System/Library/LaunchDaemons/tftp.plist" and can check if it's running with "netstat -ln -f inet -p udp | grep '\.69'" You then need to get a "netboot.tar.gz" from a "/debian/dists/wheezy/main/installer-i386/current/images/netboot/" respository. "gunzip" and "tar xf" that file into "/private/tftpboot", changing all the permissions to all everyone to read and write (!) The directory should look like

$ ls -l /private/tftpboot/
total 64
drwxrwxrwx@ 4 beaty-admin  wheel    136 Jan 29 09:47 debian-installer/
-rwxrwxrwx@ 1 beaty-admin  wheel  26474 Jan 29 09:47 pxelinux.0*
drwxrwxrwx@ 4 beaty-admin  wheel    136 Jan 29 15:13 pxelinux.cfg/
-rwxrwxrwx@ 1 beaty-admin  wheel     64 Jan 29 09:47 version.info*

You must change the pxelinux.cfg/default file

$ more pxelinux.cfg/default 
console 0
serial 0 19200 0

default install
label install
        menu label ^Install
        menu default
        kernel debian-installer/i386/linux
        append initrd=debian-installer/i386/initrd.gz -- console=ttyS0,19200n8

Now, set up the bootp server file in /etc/bootpd.plist to be

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>dhcp_enabled</key>
    <string>en3</string>
    <key>Subnets</key>
    <array>
        <dict>
            <key>name</key>
            <string>192.168.0</string>
            <key>net_mask</key>
            <string>255.255.255.0</string>
            <key>net_address</key>
            <string>192.168.0.0</string>
            <key>net_range</key>
            <array>
                <string>192.168.0.2</string>
                <string>192.168.0.254</string>
            </array>
            <key>allocate</key>
            <true/>
            <key>dhcp_router</key>
            <string>192.168.0.1</string>
            <key>dhcp_option_66</key>
            <string>192.168.0.1</string>
            <key>dhcp_option_67</key>
            <data>cHhlbGludXguMAA=</data>
        </dict>
    </array>
</dict>

That magic "cHhlbGludXguMAA=" string tell the client what to boot from, one can generate it using

$ printf 'pxelinux.0\0' | openssl base64
cHhlbGludXguMAA=

Now, you can start the bootp server via "sudo /usr/libexec/bootpd -D -d -i en3" in a differnet terminal window.
Next up, we need a http mirror. I tried the following, but it wouldn't get through the install without barfing, though I'm not sure why -- it's a simple forward of the local http port. I didn't spend the time to track this one down.

$ sudo su
$ while true; do netcat -L ftp.us.debian.org:80 -s 192.168.0.1 -p 80; done

What I did do was create a mirror on my Mac. I started up a Debian VM in VirtualBox and use apt-mirror. One needs to specify the i386 distro in "/etc/apt/mirror.list"

deb-i386 http://ftp.us.debian.org/debian wheezy main contrib
deb-i386 http://ftp.us.debian.org/debian wheezy-updates main contrib
deb-i386 http://ftp.us.debian.org/debian wheezy main/debian-installer

I linked the apt-mirror directory to one that I set up in VirtualBox:

# ls -l /var/spool/apt-mirror
lrwxrwxrwx 1 root root 31 Jan 29 13:46 /var/spool/apt-mirror -> /media/sf_VirtualBox/apt-mirror

For some reason, not all the necessary files were brought over by apt-mirror, so I did the following on the Debian VirtualBox instance:

mkdir -p /media/sf_VirtualBox/apt-mirror/mirror/ftp.us.debian.org/debian/dists/w
heezy/main/i18n
cd /media/sf_VirtualBox/apt-mirror/mirror/ftp.us.debian.org/debian/dists/wheezy/main/i18n
wget http://ftp.us.debian.org/debian/dists/wheezy/main/i18n/Translation-en.bz2

mkdir -p /media/sf_VirtualBox/apt-mirror/mirror/ftp.us.debian.org/debian/dists/wheezy/main/source
cd /media/sf_VirtualBox/apt-mirror/mirror/ftp.us.debian.org/debian/dists/wheezy/main/source
wget http://ftp.us.debian.org/debian/dists/wheezy/main/source/Sources.bz2

Having this in place, I fired off a python web server in a different terminal window as it's there and ready to go

cd ~/Desktop/VirtualBox/apt-mirror/mirror/ftp.us.debian.org; sudo python -m SimpleHTTPServer 80

Connect to the Soekris serial port via something along the lines of

sudo cu -l /dev/tty.PL2303-00* -s 19200

You'll need to turn off the firewalling.  I tried for a little while to do so via either pfctl and the application firewall (http://krypted.com/tag/socketfilterfw/) but no happiness, so I shut the whole thing down, after removing the box from the net. Lame.

Boot the Soekris, and start through the install procedure.  When you get to choosing the mirror, select the very first possbility "enter information manually".

 Then specify the interface you are using, "192.168.0.1" in my case.
Choose manual partitioning of the disk. Create a 64MB partition at the beginning for /boot and a 500MB partition at the end for swap. Use the remainder for /.
One final bit of trickiness comes at the end. When you see the last screen:

 Choose "Go Back" then:

"Execute a shell", then:
$ mount --bind /proc /target/proc
$ mount --bind /sys /target/sys
$ chroot /target /bin/bash --login
$ vi /etc/initramfs-tools/initramfs.conf

and change MODULES=most to MODULES=dep
Then:
$ vi /etc/default/grub

and uncomment GRUB_DISABLE_LINUX_UUID=true
Then
$ update-initramfs -u
$ grub-install --recheck /dev/sda
$ dpkg-reconfigure grub-pc
$ exit
$ exit

These last few steps from http://debian.takhis.net/soekris/soekris.html

Sunday, March 23, 2014

Debian/Ubuntu no ip

sudo cp debian.noip2.sh /etc/init.d/noip2
sudo chmod 755 /etc/init.d/noip2
sudo update-rc.d noip2 defaults

Tuesday, February 11, 2014

Printer driver Easter egg after OS X upgrade

This post: https://discussions.apple.com/message/20156136#20156136 was a huge help after I upgraded OS X and couldn't get the correct printer drivers installed. Sure, it removes all the current printers, but adding them back is easy and one gets the newest drivers in the process.

Speeding up audio books

I really like to listen to audio books as I spend a lot of time on the road. I've had several that we essentially "unlistenable" due to the narrator reading so slowly. With help from http://lifehacker.com/5458052/how-do-i-speed-up-hundreds-of-audio-files I created two chains in Audacity and could then use the File->Apply Chains... to the audio files:

Friday, February 7, 2014

exim taking forever to start

I ran into troubles with exim4 on debian taking forever to start. Strace'ing it revealed it was trying to look itself up using DNS, ignoring what was in /etc/hosts and /etc/nsswitch.conf. I was testing a box before I hooked to a network that had a DNS server running. Commenting out everything in /etc/resolv.conf took care of things. What if I only wanted exim4 for local delivery, which I did? BTW, it also makes logging in with ssh a lot faster as sshd is doing reverse lookups.

Tuesday, January 14, 2014

dbus error on connection to CentOS 6 and SELinux

There are a number of postings around talking about 'Could not connect to session bus: An SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender "(unset)" interface "org.freedesktop.DBus" member "Hello" error name "(unset)" destination "org.freedesktop.DBus")' with suggestions it's solved. Not for me, not using NoMachine, even with SELinux being permissive. Weird. Anyway, here's what worked:
$sudo grep dbus /var/log/audit/audit.log | audit2allow

#============= ROLES ==============

role system_r types unconfined_dbusd_t;

$ sudo grep dbus /var/log/audit/audit.log | audit2allow -M dbus
$ sudo semodule -i dbus.pp