funk's corner of the interschnitzel

Trying out the new, integrated into GNOME and uses GStreamer -- Media Sharing daemon, Rygel.

First thoughts, it's a _lot_ easier to configure than Mediatomb -- I am using the "media export" plugin because my Ubuntu Jaunty installation is rather bastardised, so Tracker is "unreliable at best" on my system.

I'm using the packages from James Henstridge's PPA Repository -- because they're available for Jaunty, as well as the Vala Compiler from their PPA.

Getting it going with the PS3 was easy though, first of all -- I disabled the LPCM transcoding (for some reason, none of my MP3's appeared until I did that), by unchecking the tickbox -- set the interface to wlan0, added my media directory -- and away we went.

Still have the odd issue where Wirelessly, my PS3 doesn't see anything exported from the Ubuntu box -- but i'm figuring that's more a router issue, more than an Ubuntu one -- having recently experimented with Fedora as well.

So, Dad decided to mess with his Ubuntu installation over the weekend -- he upgraded from Hardy to Jaunty as a one-step upgrade, which, somewhat unsurprisingly, broke heaps of stuff.

(personal opinion: It is for this reason, I hope the Ubuntu guys don't go head-long into GNOME 3.0 for "whatever-the-hell-the-L-release-is-called" if it's going to be a standard 6-month release cycle AND an LTS -- because they'll have people from 8.04 or 6.06 triggering ungrades and no-one wants a repeat of the PulseAudio debacle but on a far bigger scale. Either a) leave GNOME 2.28, continue polishing it and push GNOME 3.0 for the release after the LTS, so it gets three releases (or 2 years) of polish before it goes to the masses, or b) make the release cycle 6 months longer for an LTS, just like 6.06 was, but for the right reasons.)

Anyway, after re-installing Jaunty from scratch, fixing his RAID, re-installing his printer and playing with DKMS because his nVidia card doesn't like the newest driver in Jaunty, but will happily work with anything older -- we tripped over the 'incredible, vanishing update manager issue'.

(personal opinion II: big, big cock-up on the part of the Ubuntu guys -- Windows has an update icon, MacOSX has an update icon, every other distribution of UNIX has an update icon, but a 50+ year old man can have a taskbar full of update-manager windows, which makes the one browser window icon in the window list appear as 3-pixels wide because he doesn't understand he has to close them all individually? It would have been better to pop up a dialogue in the middle of the screen that says "Security Updates Are Available for Your Computer, would you like to install them now?" (or "Non-Essential Updates" in the case of non-security updates), or leave the icon where it was and hack in OSD notifications (like NetworkManager does) -- but don't just leave a glowing taskbar window in the bottom left hand corner, UI or Accessibility designers would turn in their graves.)

Anyway ... Given the track record that Ubuntu has for making seat-of-the-pant changes like that and taking forever to admit it was a mistake and reverting it to sensible behaviour, I decided to give PackageKit a try.

Short story -- impressive.

Installation was a simple: apt-get -f install packagekit packagekit-gnome gstreamer0.10-packagekit

The Ubuntu packages in Jaunty do add a duplicate "Update Manager" icon to the System ⇢ Administration menu, but that's purely cosmetic -- upon install it does make itself the default package update manager, which is a step in the right direction.

I have always been concerned about the way updates are presented for non-technical users, Microsoft nearly has it right -- too much information scares the non-technical user, but most UNIX variations give too much superfluous information to the user, great for technical types who actually fix issues -- and certainly something that shouldn't be removed, just 'shielded' from the user somehow).

PackageKit does this well, it gives the user notification that updates are pending in the standard way (which was our major gripe that prompted the change) but is also laid out in such a way that Dad found easier to drive than the traditional package manager (as he put it, "I already like the idea you can press a button to review changes before they happen.").

As I may of mentioned before in this blog, my dad is not a unintelligent man, he's been involved with computers, electronics, data communications, radio and just about any other form of technology you'd care to mention forever -- we've worked together on some massive projects, including hardware design, starting our own UNIX distribution and starting up smaller technology projects together -- and he has been a Linux user for nearly 5 years himself, but he's firmly a "a computer is a tool, just make the thing work" man, rather than a "let's experiment" one.

(He also builds RC Boats for a hobby, which is just cool.)

After requiring a fresh install of Ubuntu on my media-serving laptop due to disc failure -- I restored all the configuration settings from a backup, re-imported my library into Mediatomb, restarted the daemon and wandered into the lounge to watch TV via the PS3, a ritual with the two evening coffees before the cricket starts.

However, last night -- something strange kept happening, I could browse the videos, they even had thumbnails, but when I attempted to play them, a black screen would appear with "Network Error (000000000)".

Checked the configuration, checked the router settings, checked the wireless signal strength, all fine. (then figured, "paul, you'd not be able to see anything if these settings didn't work ;)")

Googled, no luck there either -- hence this post.

Enabled debugging mode by editing the /etc/default/mediatomb file and changing OPTIONS="" to OPTIONS="-D" and restarted the daemon and loaded up the /var/log/mediatomb.log file to find:

2009-09-17 23:34:00 DEBUG: [../src/io_handler_buffer_helper.cc:224] staticThreadProc(): starting buffer thread... thread: -1267590256
2009-09-17 23:34:02 DEBUG: [../src/process_io_handler.cc:234] read(): process exited with status 256
2009-09-17 23:34:02 DEBUG: [../src/io_handler_buffer_helper.cc:227] staticThreadProc(): buffer thread shut down. thread: -1267590256

Hmm, status 256 you say? "Could be something to do with the encoding then?" I thought.

Running ffmpeg -i testvideo.wmv -target dvd -y testvideo-ps3.avi from the command line, indeed gave me my answer:

Unknown encoder 'mpeg2video'

Turns out, the default ffmpeg installation for Ubuntu Jaunty and Karmic have mpeg2video support in ffmpeg disabled.

Two ways to fix this, the first is to implement a much, much, much longer command to encode your videos -- I use a generic script to encode videos based on their content type, but the PS3 can play (from Firmware 2.61, 3.00 and 3.01 anyway) anything encoded with the DVD profile (which encodes to MPEG2 based AVI's via the aforementioned mpeg2video codec), so instead of:

ffmpeg -i "$input" -target dvd -y "$output"

You'd use:

ffmpeg -i "$input" -vcodec mpeg1video -mbd rd -trellis 2 -cmp 2 -subcmp 2 -b 1500 -g 250 -y "$output"

(note: those commands are the only ones that are essential for making the video output work on the PS3, it'll produce a standards-compliant MPEG file with 64k MP2 audio -- but the quality may look suspect, as long as you leave those commands in, you can add things like "-flags qprd", "-bf 2" or "-flags +ilme+ildct" (good for interlaced video like animation) to improve the quality slighly)

Or, you can install the alternative versions of FFMPEG by enabling the multiverse repository (System ⇢ Administration ⇢ Software Sources) and then installing the -unstripped versions of FFMPEG with the command:

sudo apt-get -f install libavcodec-unstripped libavformat-unstripped

... and continue using the transcoding scripts you're using now :)

How can I tell if I have a broken FFMPEG installation?

The simplest way is to run: ffmpeg -formats | grep mpeg2video from the command line, if you receive:

D VSDT mpeg2video

Then you're missing the 'E'ncoding aspect of the codec, meaning you need to install the unstripped packages to make everything work correctly.

If it returns:

DEVSDT mpeg2video

Then you're all set to go :)

Recently, I had need to install a newer Banshee from the Ubuntu PPA on a friend's Ubuntu LTS machine (I only ever recommend LTSes to friends converting from Windows and thus not used to the 6-month upgrade dance).

He plugged in his iPod, after it had been restored with iTunes from his wife's PC and -- no, nothing happens.

Unplugged, Replugged -- yep, appears on the desktop as an iPod and Banshee starts correctly, the iPod just doesn't appear in it.

Checked dmesg, yes, the device is a 8GB iPod, no it does not need fsck'ing and yes, it uses the correct mountpoint.

Checked Synaptic, all the Banshee code is there.

Checked the Bugtracker, found bug #139226.

So, we ran:

sudo apt-get install podsleuth

Unplugged, Re-plugged the iPod. Success.

Question is, if podsleuth is that important to getting DAP's working in Banshee, shouldn't it be at a dependency of the install?

My default /etc/apt/sources.list.d/ has around 10-12 PPA listings in it all the time and with the release of 9.04, there doesn't seem to be an automatic way of ignoring authentication for packages on upgrades, so a number of upgrades choke because of unsatisfied authentication issues.

This thread was a lifesaver, download the script, install the dependencies, run it, then re-run sudo apt-get -f update ... problem solved!

After hunting around on the web for a while, I couldn't find anyone who answered this in a way that people could run step-by-step, so I hope this helps other people in the future.

I used Ubuntu 8.04.2 LTS for the purposes of this example, but a similar, if not identical set of commands should work for any version of Ubuntu Server.

First, you'll need to have installed VMWare on Windows or a UNIX server and have your Ubuntu Guest running, then you can go to "VM / Install VMWare Tools".

Your first problem, because you're not running a desktop system in your guest -- the CDROM is not automounted for you, so you'll need to do:

mount /media/cdrom

Next, you'll need to copy the .tar.gz file to a place on the installation that has write access, like /tmp:

cp /media/cdrom/VMwareTools-*.tar.gz /tmp/

Next, extract the file:

tar zvxf VMwareTools-*.tar.gz

Change to the directory:

cd /tmp/vmware-tools-distrib/

Now, before we actually run the installer, Ubuntu Server needs some packages installed so the new kernel modules can be built successfully.

apt-get -f install build-essential linux-headers-server linux-server

Once they've been successfully installed, you can run:

sudo perl vmware-install.pl

Most of the defaults are fine, when you are asked for "the location of the C header files for your running kernel" you'll need to answer with the include directory from the kernel you are currently running -- from the looks of things, this trips people up sometimes.

(Ubuntu doesn't ship with a /usr/src/linux directory, so if you press [ENTER] here, you'll get a "Directory not found" message and asked to re-enter the location)

As of the time of writing, the kernel is 2.6.24-23-server, so your location would be:

/usr/src/linux-headers-2.6.24-23-server/include

Once you've done that, the configuration routine will continue through to the end normally and you can reboot your guest OS in order for the changes to take effect.

I've tended to use this howto to tweak audio configurations whenever I install a new Ubuntu box for someone -- it makes everything from laptop speakers to Skype work much better, shockwave flash videos work (Youtube, etc) and it makes audio a much better experience all-round.

Today, a user who was having audio stuttering issues in Skype mentioned that when running it in verbose mode (with -vv), the following error occurred:

I: main.c: Called SUID root and real-time/high-priority scheduling was requested in the configuration. However, we lack the necessary priviliges:
I: main.c: We are not in group 'pulse-rt' and PolicyKit refuse to grant us priviliges. Dropping SUID again.
I: main.c: For enabling real-time scheduling please acquire the appropriate PolicyKit priviliges, or become a member of 'pulse-rt', or increase the RLIMIT_NICE/RLIMIT_RTPRIO resource limits for this user.
I: main.c: Note that real-time/high-priority scheduling is NOT normally required. If you experience crackling or other sound anomalies, consider one or more of the above solutions.

The easiest way to fix that, is to open a terminal window and run:

sudo usermod -G pulse-rt -a [username] (where of course, [username] is your desktop username.

(note: it needs to be a capital -G and a little -a to add your user to the pulse-rt group and leave your existing groups untouched, one of those check twice, then check again, then press enter moments)

If you re-run Pulseaudio now, you'll get:

I: main.c: PolicyKit refuses acquire-high-priority privilige.
I: main.c: We're in the group 'pulse-rt', allowing real-time and high-priority scheduling.
I: core-util.c: Successfully gained nice level -11.

Which tends to make Skype and WINE (the two applications the user in question was having stuttering audio issues with) behave more normally.

note: This article is intended for a technical audience -- you should use caution when modifying a production system -- caveat emptor.

Sometimes, Ubuntu (and before it, Debian) drives me up the wall.

Recently, an apache2.2-common upgrade saw fit to blow away my /etc/apache2/mods-enabled directory, but not recreate the defaults, so I was left with an empty directory and a server that wouldn't restart due to various errors that looked similar to:

"Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration"?"

Looking around on the web, this doesn't appear to be a new issue, but it doesn't appear to be terribly well answered either -- all I knew, was that I had a box that needed SSL, PHP, Expiry Headers and well, that's it -- aside from the basic functionality.

My first test was to purge the package and re-install it, which did give me back the functionality I wanted, together with a bunch of other modules I didn't need -- I proceeded to leave it and go to bed, only to be greeted with a message from the hosting provider telling me i'd overblown my shared-hosting's RAM quota for the day and that my account was temporarily suspended.

So, I removed the directory and started working piece by piece to put things back together until both Wordpress and OSCommerce booted up and ran correctly.

note: You can also do this with Apache's handy a2enmod program, but i'm a purist -- so i'm going to do it here via 'ln -s'.

First, to obtain basic functionality, you'll need to log in as root (or sudo to root) and issue the following commands, depending on which error your Apache 2.2 installation gives you.

If you see: "Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration?", run:

ln -s /etc/apache2/mods-available/authz_default.load /etc/apache2/mods-enabled/authz_default.load
ln -s /etc/apache2/mods-available/authz_host.load /etc/apache2/mods-enabled/authz_host.load

If you see: "Invalid command 'DirectoryIndex', perhaps misspelled or defined by a module not included in the server configuration?", run:

ln -s /etc/apache2/mods-available/dir.load /etc/apache2/mods-enabled/dir.load

If you see: "Invalid command 'Alias', perhaps misspelled or defined by a module not included in the server configuration?", run:

ln -s /etc/apache2/mods-available/alias.conf /etc/apache2/mods-enabled/alias.conf
ln -s /etc/apache2/mods-available/alias.load /etc/apache2/mods-enabled/alias.load

If you see: "Invalid command 'AddType', perhaps misspelled or defined by a module not included in the server configuration?", run:

ln -s /etc/apache2/mods-available/mime.conf /etc/apache2/mods-enabled/mime.conf
ln -s /etc/apache2/mods-available/mime.load /etc/apache2/mods-enabled/mime.load

If you don't see any of those, but Wordpress 2.6.x (or 2.7.x) will not let you login (ie. you can install it, and you see the admin screen, but you get 'permission denied', 'forbidden' or a directory index -- rather than your admin dashboard) then try running:

ln -s /etc/apache2/mods-available/asis.load /etc/apache2/mods-enabled/asis.load

and restart Apache.

update [12-12-2008]: Wordpress 2.7 will fail to install unless you have the 'env' module installed, so you may also need to run:

ln -s /etc/apache2/mods-available/env.load /etc/apache2/mods-enabled/env.load

Once you've restarted, your Apache installation should basically work -- to add advanced functionality, you should visit the Apache 2.2 Modules Documentation pages and adapt the lines above to suit the function you need.

Playing with a possible fix for these bugs in Totem.

There's packages for Ubuntu Hardy here -- that are the same as the release ones except one rather messy hack that shifts the Hue plus-or-minus 90 from whatever position Totem starts in.

It's basically the code from here cleaned up a tad and dropped in as a patch.

They seem to work for me, using the GStreamer pipelines I presented in the last post.

Not a clean solution, but I can play a full playlist of videos without the colour skewing once -- which is better than upstream can do at present.

This morning, while trying to move some files between my mobile phone and my Ubuntu 8.04.1 machine -- I was greeted with a "Operation Not Supported By Backend" message with the address of my phone and the drag between Nautilus windows was terminated.

Turns out, it is because the GVFS backend for Bluetooth doesn't support the device -- and using the older, GNOME-VFS way isn't supported either.

The 'Send-To Bluetooth' option (right-clicking the files you want to send and selecting your mobile) works as per normal and successfully transferred 25M of files to my phone in under a minute.

I've been bitten by these bugs fairly often on my HP DV6000 laptop -- and with nVidia claiming it's nothing to do with them, I decided to do a little investigation.

Turns out, Totem seems to reset the video settings after each video has been played.

If the quality sliders in Totem are dead center for all four settings (Saturation, Contrast, Hue and Brightness) ...

... the video displays with a bluish tinge unless you use the following GStreamer Video Output pipeline:

ffmpegcolorspace ! video/x-raw-yuv,format=(fourcc)YV12 ! videobalance contrast=1 brightness=0 hue=-1 saturation=1 ! autovideosink

If the colour settings slider for Hue is at the far left (as has been suggested as a solution by several people), the following pipeline works:

ffmpegcolorspace ! video/x-raw-yuv,format=(fourcc)YV12 ! videobalance contrast=1 brightness=0 hue=0 saturation=1 ! autovideosink

However, regardless of which pipeline one chooses, Totem seems to reset itself each time, seemingly trying to adapt to the optimum setting, which means the first video you play will display correctly, but following videos will be blue.

At this point, i'm not really sure how to fix it -- but nVidia suggest that it isn't their problem and Totem should fix it.

The interesting thing about that, is if I take a screenshot of a playing video -- the screenshot is the correct colour, all the time.

More of a remember this for later post, but the content took over an hour to figure out, even though it was remarkably simple.

XDG allows you to alter the default directories for a number of commonly used locations found on a users desktop.

This file is stored in $HOME/.config/user-dirs.dirs, you can change -- for example, Videos to be My Videos (making it more like Windows), or hide the Templates directory by changing it to .config/nautilus/Templates (which, you'll need to create first)

However, after editing this file and logging out/in, the GNOME panel and filechooser may show duplicates of these directories (once for the old directory, once for the new one).

The solution, is to remove the $HOME/.gtk-bookmarks file, then log out and re-log in, the file gets generated at login if it doesn't exist and will read the contents of your $HOME/.config/user-dirs.dirs file in order to get the correct locations.

I'm posting this here for two reasons, a) the solution works but sounds like overkill and b) because I couldn't find any information on the interschnitzel directly -- it just happened to be a solution for another application that worked in this case too.

After updating Transmission (my favourite bittorrent client) on my Ubuntu 8.04 desktop machine, I found that torrent files I downloaded weren't appearing in my client, but they weren't appearing on my desktop either.

Sometimes they worked if I downloaded the .torrent file more than once, but more often than not, they didn't.

Looking through all the usual suspects (MIME-types in Nautilus, etc) proved unsatisfying, so I had a look in my .xsession-errors file (using: tail -f ~/.xsession-errors from a terminal while downloading a file, and found:

GCJ PLUGIN: thread 0x816c470: NP_GetMIMEDescription
GCJ PLUGIN: thread 0x816c470: NP_GetMIMEDescription return
GCJ PLUGIN: thread 0x816c470: NP_GetValue
GCJ PLUGIN: thread 0x816c470: NP_GetValue: returning plugin name.
GCJ PLUGIN: thread 0x816c470: NP_GetValue return
GCJ PLUGIN: thread 0x816c470: NP_GetValue
GCJ PLUGIN: thread 0x816c470: NP_GetValue: returning plugin description.
GCJ PLUGIN: thread 0x816c470: NP_GetValue return

GCJ?

Ah, the Open Java Variation of Sun's Java Runtime.

Turns out, if you have the Ubuntu Multiverse and Universe repositories configured & you install the ubuntu-restricted-extras package (the one that gives you multimedia encoding and playback capabilities, Java, Flashplayer amongst other things) it installs the Open Java (openjdk-6-jre) variations and not the Sun one.

To install the Sun Java Runtime from Multiverse, run the following from a terminal window:

sudo apt-get install sun-java6-bin

Then, to make Ubuntu use it, instead of the OpenJDK code, type:

sudo update-java-alternatives -s java-6-sun

Then restart Transmission & your chosen Web Browser and try downloading your .torrent files again.

As a follow-up to my recent post about the Fluendo Codecs, I decided to take a look at the GStreamer FFMPEG Plugin. -- and because a new release had just appeared with a lot of new fixes, built packages for it.

The packages are here, are based around the recently released 0.10.4 release and been built using the recommended upstream build of FFMPEG's libavcodec and libavformat code, rather than the (much) older code that ships by default in the Ubuntu 8.04 release.

These should be drop-in replacements for anyone using the current packages in the Ubuntu Multiverse repository.

I've been playing about over the last week integrating a bunch of useful patches into my preferred music player, Rhythmbox.

The packages are here, are based around SVN revision 5710 and have a number of extra patches that haven't made it into the tree yet, including:

Bug 528814: RB should use podcast date and time when transferring to iPod (useful if you put your podcasts in playlists)
Bug 529873: The artdisplay plugin should be able to supply metadata (useful if you have coverart embedded in tracks and you'd like it transferred to the iPod)
Bug 345975: Show album covers embedded in files e.g. mp3 ID3 tags (very, very useful if you have art embedded in music from iTunes or some other tagging program)
Bug 140020: Song skips when position is moved maximum right (fixes a big bugbear i've had for some time, where clicking forward or back within the first second or two after fast-forwarding/rewinding with the slider causes Rhythmbox to skip the next track).

If you have been looking to try a newer Rhythmbox on your Ubuntu 8.04 installation, or have an iPod that you'd like to get more use out of, you might want to give these a go.

Had a phone-call earlier about this as well as a few e-mails since DSA 1571-1 appeared, so i thought i'd post this here in order to respond to multiple birds with one stone.

Servers that run Ubuntu 6.06 LTS in it's default configuration (or it's LAMP configuration) are not vulnerable to the OpenSSL problem, because they are running OpenSSL 0.9.7, not 0.9.8c-1, which is the first version to exhibit the bug.

Systems which are running any of the following releases are vulnerable to this bug:

Ubuntu 7.04 (Feisty)

Ubuntu 7.10 (Gutsy)

Ubuntu 8.04 LTS (Hardy)

Ubuntu “Intrepid Ibex” (development): libssl <= 0.9.8g-8

Debian 4.0 (etch) (see corresponding Debian security advisory)

This is not mean that you shouldn't check your users keys -- if you've got users who use affected versions of Debian or Ubuntu (above), you should use the dowkd.pl script available here (GPG key) with the user option to scan your servers for users who have potentially compromised keys.

You can scan the local server using:

perl dowkd.pl host localhost

... and local users with keys using:

perl dowkd.pl user

If you see something like:

/home/[username]/.ssh/id_dsa.pub:1: weak key

You should re-generate keys for that user, using:

ssh-keygen -t [rsa/dsa] -b [1024/2048/4096]

... depending on your individual security needs.

note: If you see:

/home/[username]/.ssh/id_dsa.pub:1: 2048 bits DSA key not recommended

You are not necessarily vulnerable, there's nothing wrong with using 2048-bit DSA keys, as longer key lengths provide better security at the cost of decreased performance.

note II: Using a blank passphrase for your public key is strongly discouraged -- if a would-be-intruder can just press the ENTER key to enter your machine, what security is a public key?

(The most-used analogy I have for passphrase-less SSH keys is: 'A public key with a passphrase is like a door with a lock -- without one, it's just a door.)

note: This article is intended for a technical audience -- and while it seems to works for the two systems i've tried it on since, you should use caution when modifying a production system -- caveat emptor.

A 'remember these for later brain' post, mainly because I always forget the order when I haven't done it for a while.

note:, you can do this with any distribution -- Ubuntu Server works and I use that, but you can substitute the names of your distributions packages instead and still get much the same result.

First, having installed Ubuntu Server, you'll need the universe repository, as privoxy isn't officially blessed by the Ubuntu maintainers.

Next, you'll need to install the various packages you'll need to make this fly -- as root, run:

apt-get install squid privoxy shorewall

After that's done, you'll want to make SQUID work first -- using Ubuntu 8.04, this entails opening the default SQUID configuration at /etc/squid/squid.conf and:

Adding transparent to the port configuration by changing:

--- http_port 3128
+++ http_port 8080 transparent

Adding your {W/L}AN block to the ACL list by adding:

+++ ACL local_network src 192.168.0.0/24

... and enabling it in the http_access list by adding:

+++ http_access allow local_network

Save the configuration and exit the editor.

Now restart SQUID with: /etc/init.d/squid restart to have your changes take effect.

At this point, configure a browser to use a manual proxy on the server's IP address on port 8080 and make sure it actually works, if you receive an error that talks about Access Control Lists, check that you added the right network mask to the SQUID local_network line you added above.

If that works, we can move on to the Privoxy part of things. Privoxy, for those who are unaware is one of the best 'web-crud(tm)' filters i've ever had the pleasure of using, it was originally built from the Internet Junkbuster (IJB) but has now got many more features, is stable on pretty much any platform for a wide-variety of users and protects your privacy too.

By far, the easiest way to configure Privoxy is via the web-interface, but the Ubuntu package disables that by default, so before we hook it up to SQUID, we should enable that.

Open the /etc/privoxy/config file and make the following changes:

Enable editing of actions via the web interface by changing:

--- enable-edit-actions 0
+++ enable-edit-actions 1

Save the configuration and exit the editor.

Now restart Privoxy with: /etc/init.d/privoxy restart to have your changes take effect.

Now, we need to hook Privoxy up to our proxy as the default parent cache -- you'll need to open the SQUID configuration file again and make the following adjustments:

note: If you haven't done so already, it's a good idea at this point to make a backup copy of your /etc/squid/squid.conf file before making these changes.

Adding Privoxy as a cache peer by changing:

+++ cache_peer 127.0.0.1 parent 8118 0 no-query no-delay no-digest no-netdb-exchange

note: because Privoxy cannot influence any of SQUID's cache settings, setting no-query no-delay no-digest no-netdb-exchange as options for the peer cache lessens the delay between Privoxy filtering the transaction and SQUID caching it of up to a second on slower hardware (for example, a Pentium 4 1.2Ghz machine with 1GB of memory).

Telling SQUID to always send traffic from the firewall directly to the internet by changing:

+++ always_direct allow localhost

Telling SQUID to never send traffic from the local LAN (thereby forcing users to use the Privoxy/SQUID cache) directly to the internet by changing:

+++ never_direct allow local_network

Save the configuration and exit the editor.

Now restart SQUID with: /etc/init.d/squid restart to have your changes take effect.

Finally we need to add the rules for transparently using our proxy to our Shorewall Firewall Configuration -- you'll need to open the Shorewall rules configuration file and make the following alteration:

note: For the purposes of simplicity, i'm assuming that your WAN interface is eth0, your LAN interface is eth1, your LAN IP range is 192.168.0.0/24 and your Shorewall configuration is already complete (for some reason I still don't fully understand, the Debian and Ubuntu packages don't ship with a default configuration file, so if you don't see a /etc/shorewall/rules file, you'll need to download one, or grab a prefabricated copy from the /usr/share/doc/shorewall directory and set it up first.

Adding a redirection to our transparent proxy by changing:

+++ REDIRECT loc 8080 tcp www -
+++ ACCEPT $FW net tcp www

note: the minus (-) with the trailing space at the end of the redirect line is important, it means it will ignore the source port when working out the request and force any already established request to continue to use the proxy.

Save the configuration and exit the editor.

Now restart the Shorewall Firewall with: /etc/init.d/shorewall restart -- fire up a browser, make sure it is not configured to use a proxy (ie. it uses a direct connection to the internet) and browse to your hearts content.

note: This article is intended for a technical audience -- and while it seems to works for the two systems i've tried it on since, you should use caution when modifying a production system -- caveat emptor.

Not-so-simple one line fix that shaves a good 5-10 seconds off the boot up time of a 1.8ghz HP Notebook machine.

Open a terminal and use sudo with your favourite text editor to edit the /etc/init.d/rc file, eg.

sudo vim /etc/init.d/rc

Then, around line 24, change:

--- CONCURRENCY=none
+++ CONCURRENCY=shell

Save the file, then the next time you reboot -- Ubuntu's base bootup speed will be even more similar to a Microsoft operating environment than ever before.

Having just upgraded my laptop to the recently released beta version of Ubuntu's next Long Term Service release (Hardy Heron -- aka. 8.04), I started up my preferred browser (Epiphany) and discovered that my saved web password database was empty.

After a bit of web hunting, I discovered that the new Firefox 3.0 betas have a new version of the signons.txt file that Mozilla/Firefox/Epiphany use to store the actual password.

Looking in my .gnome2/epiphany/mozilla/epiphany directory, I noticed a signons2.txt file and a new, blank signons3.txt file.

I also noticed that the datestamp on the key3.db file had been updated to today's date.

First, I tried renaming the signons2.txt file to signons3.txt and restarting Epiphany -- as expected -- the datestamp of signon3.txt was now the same as key3.db.

Going into the Personal Data / Passwords menu in Epiphany now gave me access to some passwords, but not all -- plus there was some duplication between passwords.

So, I tried deleting both the key3.db and the signons3.txt file -- and copying a backup version of both files (with an older datestamp) to my epiphany profile directory and then renaming signons2.txt to signons3.txt.

Restarted Epiphany and from a terminal window, noticed both files had been updated to the current time.

This time, going back to the Personal Data / Passwords menu in Epiphany now gave me access to all my old password information.

So, in a nutshell -- to upgrade from Ubuntu Gutsy to Ubuntu Hardy's Epiphany seamlessly, you should use a three step process:

* Backup your .gnome2/epiphany directory before doing your upgrade.

* After doing your upgrade, copy the key3.db and signons2.txt files from your backup into your updated .gnome2/epiphany/mozilla/epiphany directory.

* Before using Epiphany for the first time, copy your signons2.txt file to a new file called signons3.txt.

note: this issue has also been reported to the Ubuntu Bug Tracker as #180205.

I've spent the last few hours attempting to get a newly purchased D-Link USB Wireless Adapter working on one of my older desktop boxes that had a dead ISA NIC.

(Yep, not a PCI NIC, but an ISA one)

So, after purchasing a USB daughterboard with 4 ports on it and plugging in the USB adapter -- there's no lights.

A quick search on the web indicated that the card might be atheros based, but the Madwifi site didn't gleam any good answers.

Next, the box in question had a half-complete Ubuntu 7.04 install (upgraded from 6.10) on it and no working NIC.

Easier solution to that, having found the CDRW in the box doesn't like DVDRW discs -- putting the Ubuntu 7.10 installation on a USB key and mounting the ISO via loopback using:

mount -t iso9660 -o loop /media/disk/ubuntu-7.10-alternate-i386.iso /media/cdrom

Then adding:

deb file:///media/cdrom gutsy main restricted universe

To the /etc/apt/sources.list file, then doing a standard apt-get update && apt-get -f dist-upgrade command line got things underway.

After an hour or so, the upgrade had completed and prompted me to reboot -- after I did, it bombed to the command line and told me that /dev/sda1 had been used by another device or driver -- while the kernel spewed device-mapper lines across the screen talking about devices it couldn't locate.

Returning to the internet on another machine, I found this bug post that looked similar -- sure enough, removing EVMS with apt-get remove evms and rebooting did the trick.

At this point, I had a desktop -- but no Internet.

So I put the driver CD into the machine and run:

ndiswrapper -i /media/cdrom/Drivers/2KXP/NetA5AGU.inf

Which returns:

installing neta5agu ...
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64
forcing parameter MapRegisters from 256 to 64

Then ndiswrapper -l to make sure the driver is correctly loaded, which returns:

neta5agu : driver installed
device (2001:3A03) present

Finally, I modprobe the ndiswrapper module with modprobe ndiswrapper

... and the lights come on -- and clicking on the network-manager icon finds my network and prompts me for my password.

But that's as far as it gets, the lower green dot stays on for a good 90 seconds, then goes back to showing disconnected.

OK, off to get the newest drivers -- which are located here

Extract the drivers (use the 2KXP drivers and not the Vista ones, which are incompatible with ndiswrapper) and remove and replace the drivers.

Use modprobe -r ndiswrapper && ndiswrapper -r neta5agu to remove the drivers.

Then use the instructions above to install the new drivers, replacing /media/cdrom with the patch you extracted your downloaded drivers to.

But ...

Network Manager still didn't want to connect, I selected my network, entered my password and waited -- but Network Manager still didn't connect to my WLAN.

In a fit of desperation, I decided to backport the version of ndiswrapper that is in the upcoming version of Ubuntu to 7.10.

You can get those from here.

Then I installed those using dpkg -i ndiswrapper*.deb

Rebooted.

Then re-inserted the ndiswrapper module using modprobe.

... both lights came on ...

Logged into my machine.

... crossed my fingers while the green dot sat with the grey one ...

... then the green one ...

... then the strength bar! ...

At this point, I had networking, could use Epiphany and all.

So to finish up, I built the configuration for ndiswrapper using ndiswrapper -m then added ndiswrapper to the /etc/modules file so that the ndiswrapper module would be automatically loaded on startup.

I rebooted again, just to make sure everything remained in a working fashion -- everything came up normally, complete with the strength bar in the NetworkManager applet.

It's all good.

In summary, if you use the latest driver from D-Link and Ubuntu Hardy (8.0x) it might "just work" -- but if you use any of the earlier Ubuntu's and are having trouble getting your card working, I hope the instructions above work for you too.

Friday, September 18, 2009

How can I tell if I have a broken FFMPEG installation?

Tuesday, August 11, 2009

Thursday, July 9, 2009

Tuesday, April 14, 2009

Sunday, January 4, 2009

Thursday, November 20, 2008

Tuesday, August 19, 2008

Friday, August 15, 2008

Monday, August 4, 2008

Saturday, July 19, 2008

Sunday, June 15, 2008

Wednesday, June 4, 2008

Monday, June 2, 2008

Saturday, May 17, 2008

Monday, April 14, 2008

Wednesday, April 2, 2008

Tuesday, March 25, 2008

Tuesday, March 4, 2008

About Me

Links I Use

Blog Archive