Wednesday, December 31, 2008

Something Completely Different

A completely non-technical post to end the year on -- highlighting two albums i'm almost sure nobody reading this has ever heard, but are definately worth the listen.

Lazyboy TV - Lazyboy


Personally, I wouldn't have thought i'd like an album that is more "spoken word" than Pop -- but this is a great album that deals with everything from homelessness to drug use to oddities you'll find in the news combined with an infectious beat that gets this played over and over again.

Buy This Album from Amazon


Angles - Dan le Sac versus Scroobius Pip


This one was completely out of left field, I overheard the track Tommy C in a bar and then hung around to listen to the rest of the album -- it's kind of like the Lazyboy album, but with an sound that makes me think of what would happen if you threw electro and dubstep in a blender and put themes like youth suicide, fads and the evangelism of pop music over the top.

Buy This Album from Amazon

Friday, December 26, 2008

Automounting SAMBA Shares

note: This article is intended for a technical audience -- you should use caution when modifying a production system -- caveat emptor.

This is more of a collaboration of other people's posts, with some additions of my own for performance-related issues.

Basically, I manage a bunch of WD MyBook Network Drive (World Edition) boxes for various people -- typically, these are hooked up via SMB shares to various types of Linux install for redundant network backups over the LAN.

After various hacks, from mounting as part of a cronjob to modifying /etc/rc.local -- I decided to attempt automatic fstab mounting under the christmas break and figured i'd document my findings here.

First off, to automatically mount the filesystems on the MyBook -- you need to add lines similar to the following to your /etc/fstab file.


//[SMB SHARE]/[sharename] /media/[mountpoint] cifs credentials=/root/.smbcredentials,rw,iocharset=utf8,uid=[username],gid=groupname,file_mode=0664,dir_mode=0775 0 0


(note: Blogger has wordwrapped this post, but this should be one line when copied to your /etc/fstab file.)

Where:


  • SMB SHARE -- Is the NETBIOS name or IP address of the MyBook.

  • sharename -- Is the name of the share you need to mount (personally, I like to make at least shares based on the usernames using the box).




  • credentials=/root/.smbcredentials -- Is a plaintext file containing the username and password of the user you have created on the MyBook.




  • iocharset=utf8 -- Specifies that all files written or read from the device should be in the UTF-8 character set.

  • rw -- Specifies that access to the share should be read-write.

  • uid=username,gid=groupname -- Specifies the username and groupname on the local Linux machine.

  • file_mode=0664,dir_mode=0775 -- Specifies the octal permissions of the files written on the MyBook.




  • 0 0
  • -- Means fsck will not attempt to check the filesystem under any circumstances, this is always advisable when mounting SMB shares.


After you have edited your /etc/fstab file, you need to make your credentials file -- this file specifies the name and password of the user on the MyBook.

This file needs two lines, with a trailing blank line -- and should usually be placed in the /root or /etc/samba directory and have 0600 permissions.

An example of this file is:


username=winuser
password=winpassword


Save this file and change it's permissions, then alter your /etc/fstab file to point to it's location.

Once you've done this, you should be able to have your shares automatically mounted by your Linux box (after either rebooting or running mount -a as root).

One particular quirk you might find using this method -- is unmounting errors -- these occur because the shutdown routine (by default) shuts down the network devices (specifically, those machines running NetworkManager to control network resources) before unmounting any mounted network shares (ie. what we're trying to achieve here).

These errors usually halt the shutdown of your machine (usually meaning you have to power off using the power button, which can damage your filesystem).

To fix this, you can run the following as root:


ln -s /etc/init.d/umountnfs.sh /etc/rc0.d/K15umountnfs.sh
ln -s /etc/init.d/umountnfs.sh /etc/rc6.d/K15umountnfs.sh


Which will alter your system to unmount the network-attached shares before NetworkManager has a chance to shutdown the network devices.

Friday, December 19, 2008

Unattended Password Creation Failing?

Earlier, I was asked if I had any good solutions for scripting a user account generator in bash -- asking the user what they had already, I received:

useradd -n -g users -p [password] -s /bin/false [username]


I asked what the problem seemed to be, and the response was the password didn't seem to work -- if they used 'passwd' interactively, it'd work -- but unattended, it failed.

Having a look at the useradd manual, we see:


-p -- The encrypted password, as returned by crypt(3).


After trying various combinations - I thought about OpenSSL. What if I gave it the password and got it to do the crypt work first, then fed the encrypted string to useradd?

Something like:



#!/bin/bash
clear="[password]"
crypt="openssl passwd -crypt $clear"

success="0"
failure="1"

useradd -n -g users -p $crypt -s /bin/false [username]

exit $?



Cut and Paste the above into a script and instantly you have a semi-autonomous way of adding generated (or defined) passwords to your machine, all with the help of OpenSSL.

Friday, December 12, 2008

Interesting Spin on Proposed Internet Filtering

Oh, December seems to be rant month.

Some Swinburne University students asked me for a little more clarification on why the proposed Australian Labour Government's filtering idea is a bad one.

I'll be writing my concerns up at length and back-posting them here as they are finished. However, because tomorrow is protest day, i'll post an couple of interesting links you may wish to read:



  • The ACMA's Report on Closed-Environment Filtering for 2008 : Basically suggests 'The Filters were better than the last time we tested them in 2005, because they filter SSL based traffic now, but they could still degrade network performance between 2 and 87 percent and still have a 23 to 40 percent chance of false-positive filtering.


  • Telstra Says No To Filtering - The Australian : When Australia's Largest Carrier decides they can't participate because of 'customer management issues' (possibly due to them moving a large chunk of their support staff, who'd receive the brunt of the complaints offshore earlier in the week) -- it says something about the ways this particular idea will effect everyone in the country, in one way or another.


  • How To Easily Bypass Australia's Internet Filters (for free) - Sydney Morning Herald : Explains to the technical neophyte how to use VPN software and other proxy methods to bypass the filter, in a worst case scenerio.


  • Labor’s Mandatory ISP Internet Blocking Plan - Electronic Frontiers Australia : Analysis of the ACMA proposal, discussions on why this proposal effects everything from online commerce to the civil liberties of Australian citizens and a well reasoned argument on why parents should filter their children's use, followed by a locally installed filter on the computers in the home -- If you haven't read this, you certainly should.

Wednesday, December 10, 2008

Apple Sued Over iPhone Performance Issues

I stumbled across this article on Wired a few days ago. US-centric as it is -- but the same drop-outs seem to happen here in Australia, whenever the phone switches from 3G to the older GSM network.

Two bars on 3G on my Nokia E66 or N73 versus 4 bars on the iPhone, less than 3 inches away from each from each other when the phones are idle, yet the Nokia's complete the calls and the iPhones drop out.

Back in August, Optus (SingTel) offered 'Goodwill Credits' to users who suffered woeful network performance following the launch of the iPhone, which they're not doing now -- yet the latest firmware update doesn't seem to make a scrap of difference.

Perhaps that's why I saw a paper-printed advert in my local Optus dealership that said 'iPhones available for pre-paid plans, $799 AUD for 8GB, $899 for 16GB - while stocks last.'

Does anyone else have similar issues with providers here, or is this just another case of 'never buy G1 hardware' coupled with 'if it isn't broken, don't replace it?'

Thursday, December 4, 2008

Regarding 'The Free World', 'The Internet' and You.

It's not often that politics gets my back up about something that I feel the need to post it here, but while watching Question Time in the Senate last night, the topic of the great firewall of Australia came up -- again.

For International Readers: This isn't exactly new, compulsory ISP-level filtering was tried in closed-quarters in 1999 and 2001 -- however, these were opt-out and focused on guarding against underaged illicit content.

For Local Readers: There's a protest going on in the state capitals for the weekend of the 13th and 14th of December, if you care -- you should be there.

For everyone: The EFA has a very well researched document into why said filtering of this type is a flawed exercise, which you should read.

This time around, there's at least two lists -- one banning underaged illicit content and the other banning 'undesirable content'.

Couple this with the fact both of these lists are privately built, without public consultation -- and the fact -- there's no ability to opt-out.

"Canberra, We may have a problem."

(oh, and the rest of the world is laughing at you, just by the by.)

Anyway...

While Conroy was discussing porn and blocked keyword sites that the ACMA list comprises of during the trial run (beginning on December 24th).

Senator Bernardi said:

I note that the minister failed miserably to answer that question, which was specifically about the number of people needed for a trial to be credible. I also note that in the expression of interest documents the second stream of the trial includes a filtering of other unwanted content. I ask the minister:
Has this unwanted content been identified, and by whom?


Senator Conroy came up with an interesting number in regards to the number of blocked sites, that i'd not heard before:

The list could contain 10,000 [potential sites].
When you look around the world at Interpol, the FBI, Europol and other law enforcement agencies and you look at the size of the lists that they are actually using at the moment, 1,300 would not be sufficient to cover the URLs that we would have supplied to us with the purpose of blocking.



(Quotes from Australian Government Senate Hansard - 03/12/2008) (any emphasis mine)

I wonder, Supplied by whom?

Given the ACMA already have a link for people to report prohibited content, one wonders if the government plans on listing these sites as well as the ones supplied by law enforcement verbatim, or at least vetting them to ensure rogue parties aren't submitting them for their own ends.