ubuntu live 2007

Adam and I went down to Portland for Ubuntu Live. Eric and Andy made it down from Seattle as well. I don't go to many of these things because the technical contact is low and the costs are high. They seem generally designed to learn your average joe, not the geeks and hackers. Most of what I was looking forward to wasn't as interesting as the surprises.

The Keynotes were rad, but there were too many. At least, there got to be too much overlap. Keynote speakers were Mark Shuttleworth, Chris Kenyon and Matt Zimmerman of Canonical; Tim O'Reilly; Doug Fisher of Intel (talking about Mobile & Ubuntu and the Intel/Ubuntu relationships); Mårten Mickos of MySQL; Jeff Waugh; Mitchell Kapor of Louts 1-2-3 fame and Eben Moglen. There were others as too. The message is clear, Ubuntu has grown up fast and is in a great position to provide a open platform to solve problems for people. I hadn't really expected the keynotes to be interesting and hadn't really noticed them until I was in the first set.

From the sessions, I most enjoyed AppArmor with Crispin Cowan, Linux-based firmware testing with Rolla Selbak and hardware compatibility mainly with Kyle McMartin. Props to Kyle for taking a minute to look at my weird bug where sata disks are coming up as /dev/eth2 (lp 127404).

So technically though, meh. I know better. The best part was of course meeting other developers and admins. It was interesting hearing more about Larry Augustine and others at Medsphere and FOSS license/DMCA evilness, see GPL Medicine for a little background.

We got to talk to Canonical devs a bit, as well as Shuttleworth both at the venue and at Kell's later. Most important was talking to these kinds of people who do rather than just talk.

The Ubuntu developer conferences were recommended, and I might look at attending one but I think I'll be sticking to cheap hacker cons for a while. I've got some Portland souvenirs, and had a good time bar hopping a bit, but I'll have to make it back down sometime without so many plans and hike about.

generating passwords in md5 or sha1 for an asp.net web.config

Quick note. In the course of updating some passwords I found a web.config file that contained clear text passwords. Passwords can be stored in cleartext, md5 or sha1 hashes as specified here. There's surprisingly no hash generator kicking around a default system. I've used /sbin/grub-md5-crypt in the past but the output is crypt compatible, not a standard hash. craSH pointed out 'openssl dgst' which worked great. It's normally for hashing a file, but will take input on stdin. Keep in mind that echo produces a \n by default, which affects the hash.

echo -n mypassword | openssl dgst -sha1

why juniper networks sells a bunch of shit.

So I have an NS50, and in the process of going through and trying to convert the VIP (pat) on the mail server to a MIP (nat) I've found a bug in the web interface that breaks the web interface when I remove a port mapping from this VIP address. Unfortunately I need to remove the port mappings before I can remove the address as a VIP, and I can't add the address as a MIP until it's no longer a VIP.

Anyways. I try to find a patch on the vendor site, but I need an account. I find an old account, but the warranty has expired and we don't have support. So I get a hold of Juniper and I'm told that to get the problem resolved, I'll need to upgrade, and to upgrade I need support. But not just support, I have to buy support for every year between I bought the thing and now when I didn't have support, as well as a possible 25% penalty. I've emailed my reseller to get a quote on this, but let's just say I'm not a huge fan of this shit right now.

changing the soekris boot order from linux nvram interface

[This may break your toys and doesn't work. You have been warned.]

So I wanted to change the Soekris on the side of the house to prefer pxe boot so I could reinstall pyramid without needing to take it down to get to the serial console. Of course, to set this setting, you need to get into the serial console. Unless...

The settings are supposedly stored in the nvram so the box will still boot in cases of the bios battery dieing. So I'm valiantly trying to brick a soekris in an effort to maintain my laziness.

Start by making sure you have the /dev/nvram interface. In Pyramid you need to make it:

cd /dev ; ./MAKEDEV nvram

The nvram module will load when you access the device, provided modules.conf contains:

alias char-major-10-144 nvram

Grab a copy of the nvram:

cp /dev/nvram nvram.bin

I used hexdump to check out the nvram. If you're running pyramid you'll need to grab the binary. See the package website and grab bsdmainutils-6.1.2ubuntu1 (pyramid currently runs breezy) provided the mirrors are still up (canonical has started taking down breezy mirrors). You can grab hexdump out the deb:

mkdir hexdump-temp ; cd hexdump-temp
ar p ../bsdmainutils_6.1.2ubuntu1_i386.deb | tar xv
cd usr/bin
scp hexdump root@my.soekris:/usr/bin

Soekris 4526 (Metrix Mark I):

sunrise:~# hd nvram.bin
00000000  00 00 00 51 f0 00 01 80  02 00 fc 0f 2f 00 00 00  |...Q......../...|
00000010  00 00 00 80 81 f0 ff 00  00 00 00 00 00 00 00 00  |................|
00000020  05 ee 00 fc 19 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 05 28 08 06 0d 22  80 09 00 0c 06 2a 40 58  |...(...".....*@X|
00000040  0f 04 84 11 47 40 00 20  00 00 00 05 00 08 42 00  |....G@. ......B.|
00000050  07 00 c5 20 00 00 02 00  08 02 40 42 01 40 00 02  |... ......@B.@..|
00000060  84 4c 00 10 0b 20 00 34  c3 08 50 00 44 42 91 00  |.L... .4..P.DB..|
00000070  00 20                                             |. |
00000072

Soekris 4501:

sunrise:~# hexdump -C nvram.orig.4501 
00000000  00 00 00 51 f0 00 01 80  02 00 fc 0f 2f 00 00 00  |...Q......../...|
00000010  00 00 00 80 81 f0 ff 00  00 00 00 00 00 00 00 00  |................|
00000020  05 ee 00 fc 19 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 4c 32 0a 41  42 11 81 00 09 24 1d 80  |....L2.AB....$..|
00000040  0d 04 18 03 04 24 00 00  50 84 06 72 81 01 53 34  |.....$..P..r..S4|
00000050  c1 08 88 02 08 80 01 22  49 04 00 00 10 02 01 00  |......."I.......|
00000060  10 49 0a 02 22 04 48 06  07 48 08 25 06 61 00 02  |.I..".H..H.%.a..|
00000070  99 26                                             |.&|
00000072

In both cases I'm assuming 0x13 - 0x16 controls the boot order. 80 Primary IDE (flash), 81 Secondary IDE, f0 network boot and ff I have no clue.

I copied the file to my laptop and used hexer (vim like hex editing tool) to rewrite those bytes (use r for overwrite) then rewrite the nvram using:

cat nvram.new > /dev/nvram

I rebooted and the box came back up. But I didn't see any network traffic. I booted up a local 4826 and used the cmos monitor to try to figure it out:

> show

ConSpeed = 19200
ConLock = Enabled
ConMute = Disabled
BIOSentry = Enabled
PCIROMS = Enabled
PXEBoot = Enabled
FLASH = Primary
BootDelay = 5
FastBoot = Disabled
BootPartition = Disabled
BootDrive = 99 FF FF FF 
ShowPCI = Enabled
Reset = Hard

> cmosread
Addr  CMOS Data

00: 06 00 43 00 19 00 07 19 01 80 26 02 50 80 00 00 
10: 00 51 FF 00 01 80 02 00 FC 0F 1F 00 00 00 00 00 
20: 00 80 81 F0 FF 00 00 00 00 00 00 00 00 00 05 ED 
30: 00 FC 19 00 00 00 00 00 00 00 00 00 00 00 00 00 
40: D9 BF FB AE 0C 72 2B 84 9B FE 7B 7F 00 8C 10 05 
50: DD EB 5E FE 04 50 14 12 E7 DF 2F 73 A0 9E 42 01 
60: FB BB AD 77 0C 3B 40 BA 9B 9C F8 15 89 16 02 40 
70: 3D 97 A0 7A 4A 92 F8 24 B8 D9 

> 

I 'set BootDrive=99' to make it stand out, rather than the default 'set BootDrive=80,81,F0' and you can see the 80,81,F0 around 0x21-0x23 doesn't change. So I have no idea now where this data is actually stored.

viewing ms project in linux with ganttproject

I've searched for linux software a number of times to open microsoft project files and most of the information has been of the "well, I've never tried it variety".

I downloaded a GanttProject 2.0.4 deb from the merlinux site here and installed it in my typical trusting fashion ( it does dump a ton of shit in /opt/ganttproject, but that's fine as it's really an alien'd rpm.).

I downloaded the company project file, started GanttProject and important the MPP via File->Import. Everything looks fine, took 30-40 seconds for everything to stabilize such that I could resize the window and it would adjust, but that's probably because it's Java and it was searching for resources to waste or whatever. So it works somewhat at least, which is more than I've seen anyone else say.

Hopefully someone will package it. Other than me. In true ubuntu fashion. See bug 123275.

'open all in tabs' replaces / closes tabs in firefox

I keep sites grouped in the toolbar in FF and occasionally make the mistake of trying to use 'open all in tabs'. This closes / replaces what I have open. I'm not sure exactly, there's a lot of discussion about what it does do and what it should do. There's a ton of discussion in bug 175124 and bug 258224 about what it should do. If you always remember to middle click on the folder, that works well enough for me. To change the action of open all in tabs however, which you can't middle click on, change browser.tabs.loadFolderAndReplace to false in about:config (there's no option in preferences afaik).

text not appearing in ocsng login screen when using firefox

A while back I upgraded my inventory server to apache2/php5 and at some point OCSNG stopped showing the text labels on the login screen and buttons. I assumed it was an issue with the upgrade, which it may well have been caused by indirectly.

Recently ocsng announced OCS Packager, a more reasonable windows agent service packaging utility. I want to build this into the desktop deployment system and I've got a deadline coming up on some machines so I came back to dealing with this issue. First, I reinstalled OCSNG but still saw the same issue. I poked around a bit in the apache configs thinking there may be some disconnect when it came to translations but wasn't sure what I was looking for.

Eventually I tried the site from IE on Server 2003 and it worked fine. Assuming theres an issue with the user agent being passed by firefox, I installed tshark and started comparing the http GETs but they're pretty hefty. Unfortunately there isn't a lot of comments in the code and if there where, they'd probably be in French or such. I've spent enough time trying to figure it out, so I'm giving up and working around it instead.

Pushing the language appears to work, and I believe it gets saved in the session, it definitely gets saved to the cookie. Use: http://server/ocsreports/?lang=english in your browser and links.

I've opened bug 1748676 against OCSNG.

complex lvm on an alternative install of ubuntu (debian-installer)

I've been meaning to post my notes on this for a while but I wanted to post some code which needs to be stripped of the proprietary work. At my job, we have a need to do multiple installs a day of ubuntu via the network and require a fairly complex lvm configuration. When done on feisty, first you need to deal with the three minutes it takes to create the lvm devices. This is a bug, check out this post about it.

Partman-auto and partman-lvm-auto configuration recipes are pretty complex to begin with. If you're not simply formatting the whole disk, it can get really confusing, let alone figuring out the difference between partman and partman-lvm. There's some sample code out there, but it's hard to tell when era it's from. Upon learning that partman-auto wasn't going to support multiple disks, I started looking for alternatives. Thanks to cjwatson and fjp for pointing me in the right directions at times.

Finding the right hooks was the hard part. debian-installer (or d-i) is the alternative and network (pxe based) installer for ubuntu. It's very modular and uses anna (the lightweight version of apt) specific udeb (anna's version of debs) configurations to let d-i know in what order a specific module should be run. Basically what I did was force partman not to run, and have a shell script run instead.

Assuming that you've already got a pxe install going with a preseed file, use the following:

d-i preseed/early_command string wget http://server.example.com/ubuntu/config/lvm.sh -P /tmp ; chmod 755 /tmp/lvm.sh ; echo /tmp/lvm.sh installer >> /var/lib/dpkg/info/download-installer.postinst

This will download your script and set it to be executed after the base installer is downloaded. This is important because some of the install system is in the initrd, but a lot of it, partman included, is installed from a udeb after the initrd is loaded. So you can't just hack partman from inside the initrd.

lvm.sh is a two phase script. the first is run when the base installer is setup, by the earlier call in download-installer.postinst. This phase then sets itself to be run instead of partman, allowing you to create and mount your partitions at the correct time.

Note that you should have your disk mounted as /target by the end of phase 2 as well as have your fstab configured. I'd also recommend running swapon against your swap, but keep in mind that the mkswap currently shipping will only prepare 2GB of swapspace, see bug 119900.

Theres some extra stuff in this script you won't need. It's also untested with my companies stuff removed. If having a bunch of lvms named 'stuffN' seems stupid, it's because that's my way of obfuscating the code so I won't have someone from work complain. As always, YMMV.

#!/bin/sh
# Manually create LVM configuration
# Partman does not currently support multi-disk lvm
# Designed to be run after download-installer but before partman-base
# This allows us to modify partman-base.postinst after it's been dropped in by anna
# Partman appears to be entirely an external program, removing the call to partman from partman-base.postinst prevents it from running.

case "$1" in
 installer)
  # we should have d-i downloaded by now.
  # partman comes in a udeb from the network so we have to hook here
  # and replace the partman-base.postinst file
  sed -i 's/partman/\/tmp\/lvm.sh partman/' /var/lib/dpkg/info/partman-base.postinst
  logger lvm.sh modified partman-base.postinst
 ;;
 partman)
  # do filesystem stuff: detect our config, fdisk, lvms, mount /target
  logger lvm.sh partition configuration starting
  modprobe dm_mod

  # FIXME: This is going to be really dirty to handle our configurations. More work will need to be done later.
  #      case1: sda: 1171842048 hda: 125056
  #      case2: sda: 976519168 hda: 58605120
  #      case3: sda: 732389376 hda:
  
  SIZE_SDA=`sed -n 's/.* \([0-9]*\) sda$/\1/p' < /proc/partitions`
  SIZE_HDA=`sed -n 's/.* \([0-9]*\) hda$/\1/p' < /proc/partitions`

  echo sda: $SIZE_SDA hda: $SIZE_HDA
  
  # pvcreate filters (ignored by filtering) if the there's a partition table
  dd if=/dev/zero of=/dev/sda bs=512 count=1
 
  # check for separate physical boot drive
  if [ $SIZE_HDA ] ; then
   # we have the boot disk create a primary partition
   echo ",,83" | sfdisk /dev/hda
  
   
   pvcreate -ff -y /dev/sda
   BOOT=/dev/hda1
   LVM=/dev/sda
  else
   # no separate boot drive
   echo -e ",256,83\n,,8e" | sfdisk -uM /dev/sda

   pvcreate -ff -y /dev/sda2
   BOOT=/dev/sda1
   LVM=/dev/sda2
  fi
  
  mke2fs -q $BOOT
  vgcreate -s 256M system $LVM
  
  if [ $SIZE_SDA -gt 700000000 ] ; then
   COMPLEXFS=1
   lvcreate -L 20G -n stuff1 system
   lvcreate -L 20G -n stuff2 system
   lvcreate -L 8G -n swap system
   lvcreate -L 20G -n stuff3 system
   lvcreate -L 200G -n stuff4 system
   lvcreate -L 200G -n stuff5 system
   lvcreate -L 200G -n stuff6 system

   for fs in stuff1 stuff2 stuff3 stuff4 stuff5 stuff6 ; do mkfs.reiserfs -q /dev/system/$fs 1>/dev/null; done

  else
   # FIXME: swap too big for vmware
   lvcreate -L 8G -n swap system
   lvcreate -l `pvdisplay | sed -n 's/Free PE \([0-9]*\)/\1/p'` -n config1 system

   mkfs.reiserfs -q /dev/system/stuff1 1>/dev/null
  fi

  # setup common swap
  mkswap /dev/system/swap
  swapon /dev/system/swap

  # Create directory structure
  mkdir /target
  mount /dev/system/stuff11 /target -treiserfs
  mkdir /target/boot
  mount $BOOT /target/boot -text2
  if [ $COMPLEXFS ] ; then
   mkdir -p /target/stuff2
   mkdir -p /target/stuff3
   mkdir -p /target/stuff4
   mount /dev/system/stuff2 /target/stuff2
  fi

  # Create fstab 
  mkdir /target/etc
  echo \# /etc/fstab: static file system information. > /target/etc/fstab
  echo \# >> /target/etc/fstab
  echo "#                   " >> /target/etc/fstab
  echo $BOOT     /boot   ext2  defaults  1  2 >> /target/etc/fstab
  echo /dev/system/stuff1       /    reiserfs acl,user_xattr 1  1 >> /target/etc/fstab
  if [ $COMPLEXFS ] ; then
   echo /dev/system/stuff2  /stuff2   reiserfs acl,user_xattr 1  2 >> /target/etc/fstab
   echo /dev/system/stuff3  /stuff3  reiserfs acl,user_xattr 1  2 >> /target/etc/fstab
   echo /dev/system/stuff4  /stuff4  reiserfs acl,user_xattr 1  2 >> /target/etc/fstab
  fi  
  echo /dev/system/swap  none   swap  sw    0  0 >> /target/etc/fstab
  echo proc     /proc   proc     defaults        0       0 >> /target/etc/fstab

  # Secret udev rules hack for network cards
  mkdir -p /target/etc/udev/rules.d
  echo \# on board e100 > /target/etc/udev/rules.d/50-network.rules
  echo KERNELS==\"0000:00:06.0\", NAME=\"eth2\" >> /target/etc/udev/rules.d/50-network.rules
  echo \# on board tg3 \(2x1000\) >> /target/etc/udev/rules.d/50-network.rules
  echo KERNELS==\"0000:02:09.0\", NAME=\"eth0\" >> /target/etc/udev/rules.d/50-network.rules
  echo KERNELS==\"0000:02:09.1\", NAME=\"eth1\" >> /target/etc/udev/rules.d/50-network.rules

 ;;
 *)
  echo $0: This script is destructive and should only be run as part of the debian-installer process
 ;;
esac

Active Seattle Wireless Projects

There's a lot happening at SWN lately, and lots of room to help out.

Ken and Matt at Metrix obtained some new space on Capitol Hill. They've had a temporary node up for a while and switched it over to a Mark II today. There's a good link to the Westin via a directional fixed to the third floor window that's rebroadcasting local internet. We had HackNight there last week and will pick it back up in there space in another week as we're taking Independence day off.

I've moved my 4501 at NodeAwfulShark over to Pyramid SVN and moved the CM9 from my 4826 into it. (A 1/2" drill was required to make an hold for the antenna pigtail). I've approached an old roommate that lives a few blocks away about hosting a node there and possibly getting a good southerly view which I can use to hit NodeCentralDistrict or 2608-swn. I'll be getting a Mark I from Metrix this week which I'll put on the third floor balcony or the roof of NodeAwfulShark facing east. Be sure to check out the view on the node page.

I've been doing some work on Pyramid and we've been talking about redoing the web front end. It'll be two part, ideally with XML in the middle and possibly a command line interface utility down the road. I'm trying to recruit for this as I'm not Web 2.0 experienced, although I have been hacking on it a little trying to get some bugs and features added. Help is definitely appreciated if you want to get into the thick of it.

That's been put off for a few though as I've been working on another project. It looks like fR might be abandoning wnmap, the software that runs the swn nodemap (and others) as he's working on meshwork again. With nobody else stepping up I'm bringing some old school php back to town and trying to write some code to let users manage their nodes and add links on their own, which currently must be done by hand either in a php/xml file and/or in the database. Additionally, I'd like to see some method of email users and reminding them to update / maintain their nodes, removing them if they've moved and keeping SWN fresh in peoples minds.

Ken had issues apt-getting some source packages for Pyramid recently, which is loosely based on Ubuntu Breezy. It appears that Ubuntu has pulled the Breezy repos, so we may be upgrading Pyramid sooner than planned.

In the interim, I'd still like to get some of the portals working again and try to setup access points with portals about to increase SWN awareness.

I'll likely be working on some of these projects over the 4th. If you're around, drop by #swn on efnet.