tag:blogger.com,1999:blog-73301180934937897822024-03-16T11:50:28.388-07:00Linux tricks, tutorials, hardware, politics and philosophyMy blog will mostly talk about Desktop Linux & it's administration, general philosophy and software politics.dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.comBlogger141125tag:blogger.com,1999:blog-7330118093493789782.post-25103334546019688162024-03-04T01:29:00.000-08:002024-03-04T01:29:46.901-08:00Washermod vs contact frame.<p>I recently got a contact frame and replaced it with washermod -- benchmarked it and found no difference.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-76436582401300168192023-12-25T22:48:00.000-08:002024-03-03T22:53:51.704-08:00Secure openwrt WOL with no open ports (firewall/nat etc...)<p><span style="font-family: arial;">The objective of this article is to achieve WOL in a setup where Internet access is behind a NAT or has a firewall which allows no open connections. We'll also cover the security aspect using purely iptables (instead of openwrt's built in firewall) -- this's particularly important since the openwrt installed on the router is outdated and it's discontinued (so it won't receive any security updates).</span></p><p><span style="font-family: arial;">To achieve WOL, we'll be using a simple shell script which will periodically download a text file and check it's contents; for a certain value within the text file, it'll trigger a WOL for a certain hardware address. Here is the script -- </span></p><p><span style="font-family: arial;">#! /bin/ash<br />while [[ j != k ]]<br />do<br /> if test '<wol string>' = "$(wget -q -O - -U 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) Edg/91.0.864.37' --no-check-certificate '<URL of text file>')"<br /> then<br /> /usr/bin/etherwake -D -i '<interface>' <hardware address of your system><br /> sleep 30<br /> fi<br />done<br /></span></p><p><span style="font-family: arial;">For this you need to install the </span><span style="font-family: arial;"></span><span style="font-family: arial;">etherwake package.</span></p><p><span style="font-family: arial;"></span><span style="font-family: arial;"><wol string> is the string written in the text file. For this string the WOL signal will be emitted. Therefore to disable WOL, you need to modify the text file to anything else other than this string.</span></p><p><span style="font-family: arial;"></span> <span style="font-family: arial;"><URL of text file> is a HTTP link. This may point to an s3 object which is a good candidate or any online office document (something hosted by google drive). Regardless, you must be directly able to download a text file using the link using wget.</span></p><p><span style="font-family: arial;"></span> <span style="font-family: arial;"><interface> is the interface via which your to-be-wol system is accessible.</span></p><p><span style="font-family: arial;">Make a file /usr/bin/wol.sh, write the script there and -- </span></p><p><span style="font-family: arial;">chmod 755 </span><span style="font-family: arial;"></span><span style="font-family: arial;">/usr/bin/wol.sh</span></p><p><span style="font-family: arial;">Add </span><span style="font-family: arial;">/usr/bin/wol.sh to the local startup script (found in luci in the startup page) as -- </span></p><p><span style="font-family: arial;">/usr/bin/wol.sh &</span></p><p><span style="font-family: arial;"> </span>And you're done!</p><p>Now for the firewall part. I've disabled the buitin firewall of openwrt because it was not working as expected -- </p><p>service firewall disable</p><p>Reboot router.</p><p>Add the firewall rules -- </p><p>iptables -A INPUT -i lo -j ACCEPT<br />iptables -A OUTPUT -o lo -j ACCEPT<br />iptables -A OUTPUT -o <router interface> -p icmp -s <router IP> -d <your system IP>,<default gateway IP>,255.255.255.255,<broadcast IP of your subnet> -j ACCEPT<br />iptables -A INPUT -i <router interface> -p icmp -s <your system IP>,<default gateway IP> -d <router IP>,255.255.255.255,<broadcast IP of your subnet> -j ACCEPT<br />iptables -A INPUT -i <router interface> -p tcp -m conntrack --ctstate NEW,RELATED,ESTABLISHED --dport <ssh port of your router> -s <your system IP> -d <router IP> -j ACCEPT<br />iptables -A OUTPUT -o <router interface> -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -d <your system IP> -s <router IP> --sport <ssh port of your router> -j ACCEPT<br />iptables -A OUTPUT -o <router interface> -p udp -m conntrack --ctstate NEW,RELATED,ESTABLISHED --dport 53 -d <DNs server IP> -j ACCEPT<br />iptables -A INPUT -i <router interface> -p udp -m conntrack --ctstate RELATED,ESTABLISHED --sport 53 -s <DNs server IP> -j ACCEPT<br />iptables -A OUTPUT -o <router interface> -p udp -m conntrack --ctstate NEW,RELATED,ESTABLISHED --dport 123 -d <NTP server IP> -j ACCEPT<br />iptables -A INPUT -i <router interface> -p udp -m conntrack --ctstate RELATED,ESTABLISHED --sport 123 -s <NTP server IP> -j ACCEPT<br />iptables -A OUTPUT -o <router interface> -p tcp -m conntrack --ctstate NEW,RELATED,ESTABLISHED -d <list of public IPs> -s <router IP> -m multiport --dports 80,443 -j ACCEPT<br />iptables -A INPUT -i <router interface> -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -m multiport --sports 80,443 -s <list of public IPs> -d <router IP> -j ACCEPT<br />iptables -P INPUT DROP<br />iptables -P OUTPUT DROP<br />iptables -P FORWARD DROP</p><p><your system IP> is the system using which you're accessing the router over SSH.</p><p>This system of rules assume you access the luci GUI over ssh tunneling which is recommended.</p><p>You need to change your ntp servers to something fixed -- otherwise most NTP server DNS has so many IPs behind it... Good luck finding such a service.</p><p><list of public IPs> is the list of public IPs of the service provider hosting your text file which the WOL script will monitor. Best of luck finding that.</p><p>After ensuring you're not cut off ssh access (otherwise reboot and then reattempt to fix the firewall rules) -- </p><p>iptables-save > /etc/custom-iptables</p><p>Then add to the local startup stript (via luci GUI) -- </p><p>iptables-restore < /etc/custom-iptables</p><p>Test all desired functionality.</p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-22172966891217106412023-11-07T22:52:00.002-08:002023-11-07T22:52:13.994-08:00Washer mod results on an i3.<p>I noticed that the temps on my i3 (Alder lake) was pretty high for an i3. So I did a washer mod and calculated an approx 12 degree drop in temps. FYI.</p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-33606092712888568992023-07-19T22:06:00.007-07:002023-07-19T22:06:55.946-07:00Using the script command to record all your shell output and commands transparently.<p><span style="font-family: arial;"> In your bashrc file (either /etc/bash.bashrc, or /etc/bashrc or /etc/bash/bashrc etc...) add the following lines by the very end -- </span></p><p><span style="font-family: arial;">if test -z "$script_running"; then export script_running=1; script -a <destination directory>`date +%s`.txt; exit; fi</span></p><p><span style="font-family: arial;">AFTER creating </span><span style="font-family: arial;"><destination directory> -- this is the place where all your recordings will be placed.</span><span style="font-family: arial;"></span></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-2336458156138467922023-06-19T23:26:00.001-07:002023-11-07T23:09:16.990-08:00Improving cooling of laminar cooler (on steroids, faster fans, mod/hack) by replacing it's stock fan.<p><span style="font-family: arial;">The great thing about Intel's laminar coolers is that you can take the fan off by removing 4 screws -- </span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcgoAXPlW7fAmlboUaWJsRQsUZnrU4nICSENwt9diRILCnaZ1Pwe8J_I47JKOETYwHUOkR_6JqjkS8mHpEOmn5N7d9rE34_ppKlWY6eYqIvBbbXwSmd6_CC7QXooiIh5aTkx9wA4pd0-XBXmfNRAeymwuzYcFs5uDDqkm2SRhH3gbp7P9RLRk6rsHFrRlA/s5184/DSCN9588.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="3888" data-original-width="5184" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcgoAXPlW7fAmlboUaWJsRQsUZnrU4nICSENwt9diRILCnaZ1Pwe8J_I47JKOETYwHUOkR_6JqjkS8mHpEOmn5N7d9rE34_ppKlWY6eYqIvBbbXwSmd6_CC7QXooiIh5aTkx9wA4pd0-XBXmfNRAeymwuzYcFs5uDDqkm2SRhH3gbp7P9RLRk6rsHFrRlA/s320/DSCN9588.JPG" width="320" /></a></div><br /><span style="font-family: arial;">Here I have it attached on the motherboard after removing the fan.</span><p></p><p><span style="font-family: arial;">Now you can attach a much more powerful fan on it by using hot glue on the plastic clips (4 in no.; the thing that fixes the heat sink to the motherboard). If you wish to attach a smaller fan, you can stick it directly to the copper heat sink.</span></p><p><span style="font-family: arial;">Hot glue sticks are good enough for the purpose and is easy to take off when the need arises. Here is the result -- </span></p><p><span style="font-family: arial;"></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjXCBLMv8JdhEaANL-9w626L2W3HLBnrmEtnq1DV3IDN70ur9uB2ddWhreNO1iRByT0GmLMqPdV0AVESG7zVTzu4b5boQwZMM8v9H7i6SS5L4RDvoYchvY6OIjRHpPoue-hF1w0HVMBj1y2nnrlnB6b-vjP0Z3b4jiqmeDGYCyxdj8XIaQP3eGGyBPfbu1F" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="3888" data-original-width="5184" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEjXCBLMv8JdhEaANL-9w626L2W3HLBnrmEtnq1DV3IDN70ur9uB2ddWhreNO1iRByT0GmLMqPdV0AVESG7zVTzu4b5boQwZMM8v9H7i6SS5L4RDvoYchvY6OIjRHpPoue-hF1w0HVMBj1y2nnrlnB6b-vjP0Z3b4jiqmeDGYCyxdj8XIaQP3eGGyBPfbu1F" width="320" /></a></div><br />Here I have a 92mm PWM server fan attached on the heat sink.<p></p><p><span style="font-family: arial;">This resulted in 5 degree lower temps.<br /></span></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-50940621274361452122022-09-21T02:49:00.003-07:002022-09-21T02:49:31.791-07:00Promql query to get the average/max/min CPU utlization, network rate and memory<p>CPU utilization in the last 24 hours -- <br /></p><p>highest – <br />100 - min_over_time((avg without(cpu)(((node_cpu_seconds_total{mode=`idle`} - (node_cpu_seconds_total{mode=`idle`} offset 1m))/60*100)))[24h:1m])</p><p>lowest -- </p><p>
</p><p class="western">
100 - max_over_time((avg
without(cpu)(((node_cpu_seconds_total{mode=`idle`} -
(node_cpu_seconds_total{mode=`idle`} offset 1m))/60*100)))[24h:1m])</p><p> Average -- </p><p>100 - ((avg without(cpu) (max_over_time(node_cpu_seconds_total{mode="idle"}[24h])) - avg without(cpu) (min_over_time(node_cpu_seconds_total{mode="idle"}[24h])))/86400*100) <br /></p><p><style type="text/css">p { margin-bottom: 0.3cm; background: transparent }p.western { font-family: "Calibri", sans-serif; font-size: 14pt }a:link { color: #000080; so-language: zxx; text-decoration: underline }</style> Network upload/download rate (MBPS) for an interface in the last 24 hours -- </p><p>Average -- </p><p>((max_over_time(node_network_receive_bytes_total{device="team0"}[24h]) – min_over_time(node_network_receive_bytes_total{device="team0"}[24h]))/86400)/1024/1024</p><p>((max_over_time(node_network_transmit_bytes_total{device="team0"}[24h]) – min_over_time(node_network_transmit_bytes_total{device="team0"}[24h]))/86400)/1024/1024</p><p>Lowest -- </p><p>min_over_time(((delta(node_network_receive_bytes_total{device="team0"}[1m])/60))[24h:1m])/1024/1024</p><p>min_over_time(((delta(node_network_transmit_bytes_total{device="team0"}[1m])/60))[24h:1m])/1024/1024</p><p>Highest -- </p><p>max_over_time(((delta(node_network_receive_bytes_total{device="team0"}[1m])/60))[24h:1m])/1024/1024</p><p>max_over_time(((delta(node_network_transmit_bytes_total{device="team0"}[1m])/60))[24h:1m])/1024/1024</p><p>Memory utilization (in %) in the last 24 hours -- </p><p>Average -- </p><p>avg_over_time((((node_memory_MemTotal_bytes)-(node_memory_MemAvailable_bytes))/node_memory_MemTotal_bytes*100)[24h:1m])</p><p>minimum -- </p><p>min_over_time((((node_memory_MemTotal_bytes)-(node_memory_MemAvailable_bytes))/node_memory_MemTotal_bytes*100)[24h:1m])</p><p>maximum -- </p><p>max_over_time((((node_memory_MemTotal_bytes)-(node_memory_MemAvailable_bytes))/node_memory_MemTotal_bytes*100)[24h:1m])</p><p>Memory utilization (in GB) in the last 24 hours -- </p><p>Average -- </p><p>avg_over_time(((node_memory_MemTotal_bytes/1024/1024/1024)-(node_memory_MemAvailable_bytes/1024/1024/1024))[24h:1m])</p><p>Minimum -- </p><p>min_over_time(((node_memory_MemTotal_bytes/1024/1024/1024)-(node_memory_MemAvailable_bytes/1024/1024/1024))[24h:1m])</p><p>Maximum -- </p><p>max_over_time(((node_memory_MemTotal_bytes/1024/1024/1024)-(node_memory_MemAvailable_bytes/1024/1024/1024))[24h:1m])<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-82923188815008173622021-10-04T23:42:00.004-07:002021-10-04T23:42:57.409-07:00Ignoring XXX because its extensions are not built. Try: gem pristine…<p><span style="font-family: arial;"> After trying out whatever tips and tricks that others have suggested, and this issue still doesn't resolve, this maybe a permission issue; that's why things might running as root.<br /></span></p><p><span style="font-family: arial;">And no -- it's not less permissions, it maybe related to MORE permissions -- for certain files, the group or others executable permission bits might have been set. To fix this -- </span></p><p>
</p><p class="western"><span style="font-family: arial;">
find <gem paths> -type f -perm -u=x -exec chmod g+x,o+x {} +</span></p><span style="font-family: arial;">
</span><p class="western"><span style="font-family: arial;">find <gem paths> -type f -perm -u=rx -exec
chmod g+rx,o+rx {} +</span></p><p class="western"><span style="font-family: arial;">Of course if you're planning to use the gems system wide, all files and directories must be readable -- </span></p><p class="western">
</p><p class="western">
find <gem path> -type f -exec chmod o+r,g+r {} +; find <gem
path> -type d -exec chmod o+rx,g+rx {} +</p>
<p class="western"><style type="text/css">p { margin-bottom: 0.3cm; background: transparent }p.western { font-family: "Calibri", sans-serif; font-size: 14pt }</style><br /><span style="font-family: arial;"></span></p><span style="font-family: arial;">
</span><p><style type="text/css"><span style="font-family: arial;">p { margin-bottom: 0.3cm; background: transparent }p.western { font-family: "Calibri", sans-serif; font-size: 14pt }</span></style></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-54976050985538995302021-06-06T23:37:00.002-07:002021-06-06T23:40:55.596-07:00Backporting gtk-gnutella on Debian buster.<p> It seems Debian 10 does not have this package in the repository, but Debian unstable has. So we'll try building a deb for Debian buster -- </p><p>aptitude install libdbus-1-dev libglib2.0-dev libgnutls28-dev=3.6.7-4+deb10u6 libgtk2.0-dev libxml2-dev zlib1g-dev fakeroot</p><p>apt-get source --compile gtk-gnutella</p><p>This'll result in the deb being generated. Install it -- </p><p>dpkg -i gtk-gnutella_1.1.15-1_amd64.deb</p><p>Alternatively, you may download the deb directly -- </p><p>https://drive.google.com/file/d/1YAMfQpgwWGWotwG7NZtRO-WNZMBHobCF/view?usp=sharing</p><p>Cleanup -- </p><p>aptitude markauto libdbus-1-dev libglib2.0-dev libgnutls28-dev libgtk2.0-dev libxml2-dev zlib1g-dev fakeroot<br />apt-get autoremove<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-68998306435742059112021-06-06T06:02:00.004-07:002021-06-06T06:08:17.280-07:00Debian buster -- Working VAAPI (hardware video decoding) for newer intel hardware (like ice lake/gen 11 intel GPU (UHD)).<p>In case you cannot get hardware video acceleration to work on your new Intel processor, apart from trying to install the backported kernel, you may also need a newer intel-media-va-driver (as of the current time 21.1.1 is the latest from testing).</p><p>In this article, it'll be shown how to backport these yourself (since no backports are available) from testing. Alternatively, you can find prebuild backports from here -- </p><p> https://drive.google.com/file/d/10rcxvetlJbe4wMUijficd-263S_QYhIj/view?usp=sharing</p><p>Extract and install all the debs (dpkg -i *.deb)</p><p>To test -- <br /></p><p>LIBVA_DRIVER_PATHS=/usr/lib/x86_64-linux-gnu/dri/ LIBVA_DRIVER_NAME=iHD vainfo</p><p>In case you want to build this yourself, take the following instructions -- </p><p>Add the following to /etc/apt/sources.list -- </p><p>deb http://mirror.csclub.uwaterloo.ca/debian-multimedia/ stable main<br />deb-src http://mirror.csclub.uwaterloo.ca/debian-multimedia/ stable main<br />#bullseye<br />deb http://mirror.csclub.uwaterloo.ca/debian/ bullseye main contrib non-free<br />deb-src http://mirror.csclub.uwaterloo.ca/debian/ bullseye main contrib non-free<br />deb http://security.debian.org/debian-security bullseye/updates main contrib non-free<br />deb-src http://security.debian.org/debian-security bullseye/updates main contrib non-free<br />deb http://mirror.csclub.uwaterloo.ca/debian/ bullseye-updates main contrib non-free<br />deb-src http://mirror.csclub.uwaterloo.ca/debian/ bullseye-updates main contrib non-free<br /><br />#sid<br />deb http://mirror.csclub.uwaterloo.ca/debian/ sid main contrib non-free<br />deb-src http://mirror.csclub.uwaterloo.ca/debian/ sid main contrib non-free</p><p>Next install packages -- <br /></p><p>aptitude install debhelper=13.3.3~bpo10+1 dwz=0.13-5~bpo10+1 libdrm-dev libgl1-mesa-dev libwayland-dev libx11-dev libxext-dev libxfixes-dev pkg-config build-essential libset-scalar-perl</p><p>Generate debs to be installed -- <br /></p><p>apt-get source --compile libva=2.10.0-1<br /></p><p>Install all the resulting debs -- </p><p>dpkg -i libva-dev_2.10.0-1_amd64.deb libva-drm2_2.10.0-1_amd64.deb libva-glx2_2.10.0-1_amd64.deb libva-wayland2_2.10.0-1_amd64.deb libva-x11-2_2.10.0-1_amd64.deb libva2_2.10.0-1_amd64.deb</p><p>Install build-depends of intel-media-driver -- </p><p>aptitude install debhelper=13.3.3~bpo10+1 dh-sequence-libva cmake libigdgmm-dev=20.4.1+ds1-1 libx11-dev pkg-config</p><p>Generate the debs -- </p><p>apt-get source --compile intel-media-driver=21.1.1+dfsg1-1</p><p>And install the generated debs.</p><p>Cleanup -- </p><p>aptitude markauto debhelper dwz libdrm-dev libgl1-mesa-dev libwayland-dev libx11-dev libxext-dev libxfixes-dev pkg-config build-essential libset-scalar-perl libva-dev libva-drm2 libva-glx2 libva-wayland2 libva-x11-2 libva2 dh-sequence-libva cmake libigdgmm-dev libx11-dev pkg-config <br /></p><p>apt-get autoremove<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-23750322017267040732021-05-25T20:25:00.001-07:002021-05-25T20:25:38.625-07:00Error: Server asked us to run CSD hostscan.<p>
</p><p class="western">
Anyconnect has provisions of a ‘CSD script’… via which
basically a remote program which’ll be downloaded from the VPN
server and will be executed on the host machine to gather information
about it and to be sent to the server.</p>
<p class="western">If a VPN server mandates running such a scan the
following errors will come up –
</p>
<p class="western">"Error: Server asked us to run CSD hostscan."</p>
<p class="western">For openconnect, you’ve to download external CSD
scripts. There are 2 CSD scripts – which communicate to the VPN
server either via post or by some other means.</p>
<p class="western"><a href="https://gist.githubusercontent.com/l0ki000/56845c00fd2a0e76d688/raw/61fc41ac8aec53ae0f9f0dfbfa858c1740307de4/csd-wrapper.sh">https://gist.githubusercontent.com/l0ki000/56845c00fd2a0e76d688/raw/61fc41ac8aec53ae0f9f0dfbfa858c1740307de4/csd-wrapper.sh</a></p>
<p class="western">The above is a script sends the collected info via
non-POST means. Another official, openconnect CSD script sends it via
POST. It’s called csd-post.sh. If you’ve used the wrong script,
the following errors will occur –
</p>
<p class="western">"Refreshing +CSCOE+/sdesktop/wait.html after
1 second"</p>
<p class="western">Repetitively.</p>
<p class="western">In the above csd-wrapper.sh script, you’ve edit
it and fill in your VPN host’s DNS name in an environment variable.</p>
<p class="western">Switches to openconnect –
</p>
<p class="western">--csd-wrapper <path to CSD wrapper script></p>
<p class="western">--csd-user <user name> – Run the CSD
script as this user.</p>
<p><style type="text/css">p { margin-bottom: 0.3cm; background: transparent }p.western { font-family: "Calibri", sans-serif; font-size: 14pt }a:link { color: #000080; so-language: zxx; text-decoration: underline }</style> <br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-88973125538105546852021-03-17T23:36:00.000-07:002021-03-17T23:36:01.055-07:00Restricting access based on IP on NFS v4 with fsid=0<p>
</p><p class="western">
There’s a scenario when you want to restrict people from
mounting things under a directory, for e.g. /home/test/ based on
their IP address; but as you know the /etc/exports entry for
/home/test/ which has fsid=0 must allow for Ips which is a superset
of all other host entries in /etc/exports (and under /home/test);
otherwise access will be denied for the other entries. Here you can
use nocrossmnt. With nocrossmnt for the /etc/exports entry if you’ve
mount –bind inside a directory X inside /home/test, the NFS server
will not allow the client to descent into X unless you’ve another
entry for X in /etc/exports and if it explicitly allows the client’s
IP to mount it.</p>
<p><style type="text/css">p { margin-bottom: 0.3cm; background: transparent }p.western { font-family: "Calibri", sans-serif; font-size: 14pt }a:link { color: #000080; so-language: zxx; text-decoration: underline }</style> <br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-60343624347334596862021-02-04T00:27:00.000-08:002021-02-04T00:27:00.832-08:00Running older systems (which need cgroupv1) on systems running over cgroupv2 (systemd.unified_cgroup_hierarchy)<p><span style="font-family: arial;">Run the command -- mount | grep cgroup on your host system, and if you see the all the mount entries as cgroup2 fs (instead of cgroup), then you wont be able to run run older OSs as containers on this host. If you try to force cgroup2 over cgroupv1, the following errors will occur -- </span></p><p><span style="font-family: arial;">Cannot determine cgroup we are running in: No such file or directory</span></p><p><span style="font-family: arial;">Failed to allocate manager object: No such file or director</span></p><p><span style="font-family: arial;">An e.g. of what happens in centos 7 on lxc.</span></p><p><span style="font-family: arial;">For older systems which don't support cgroupv2, you’ll need cgroupv1 mounted in /sys/fs/cgroup/systemd on the host. There doesn't seems to be way to do this using lxc.mount.auto = ; so you’ve to use scripts (lxc.hook.mount). For this script to mount a cgroup (named X) in the guest, a cgroup named X must also be mounted on the host; this same cgroup will be made available to to the guest. Alternatively, you may mount –bind in this script from the host’s cgroupv1 mounted directory to the guest’s directory; this’s a better approach since this allows you to create cgroups inside X exclusively for the container, so the guest may not play around with other processes's cgroups.<br />As an e.g. – <br />#! /bin/bash<br />mount -t tmpfs -o size=1M tmpfs $LXC_ROOTFS_MOUNT/sys/fs/cgroup/ <br />mkdir -p $LXC_ROOTFS_MOUNT/sys/fs/cgroup/systemd <br />#mount -t cgroup -o none,name=cgroupv1 cgroupv1 $LXC_ROOTFS_MOUNT/sys/fs/cgroup/systemd &>> /tmp/script_out.log<br />mount --bind /tmp/cgroup1/lxc_containers $LXC_ROOTFS_MOUNT/sys/fs/cgroup/systemd <br />exit 0</span></p><p><span style="font-family: arial;">Can't get cgroupv1 mounted no your host? Getting "already mounted or mount point busy." -- in this case ensure the cgroup that you're mounting is not being attached to any subsystem/controllers, which is the default behavior. This's the right approach -- </span></p><p><span style="font-family: arial;">mount -t cgroup -o none,name=lxc_compat systemd /tmp/cgroup1<br /></span></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-91267506488169561622020-11-19T06:44:00.003-08:002020-11-19T06:44:50.336-08:00Asus P1440FA-3410Z linux compatibility.<p> This laptop in reality comes with Linux pre-installed (mine did); so is 100% linux compatible including the wifi.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-55660532192487533942020-11-06T20:47:00.006-08:002020-11-06T20:47:55.598-08:00Moto 3G (2015) (osprey) -- no audio from speaker or wifi.<p>I think this's a hardware issue.</p><p>To try and resolve the issue, make a call on mobile network and turn the speaker on. The issue must resolve.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-18884938852007015582020-10-16T01:37:00.000-07:002020-10-16T01:37:40.933-07:00[spreadsheet][ods]Unsprung/rotating mass (wheel/sprocket/tyre) power loss calculator for cars bikes and motorcycles<p> In case you're wondering how much power will you get when you replace you wheel or sprocket or tyres to lighter ones, this spreadsheet is for you.</p><p>https://drive.google.com/file/d/1bM1nyAbg6gJ8RFpCKRujqXe6EF4voAlF/view?usp=sharing<br /></p><p>Open in either libreoffice or google docs. </p><p>Realize that the power loss is not only dependent on unsprung mass, but also on other factors such as wind resistance (your vehicle's aerodynamics), mechanical losses etc... unsprung mass is only one of the losses. These other losses changes over the speed in which you're at, so while calculating, apart from dimensions, you've to also enter the speed and the time required to reach that speed in order to determine the power lost because of the wheel/sprocket/tyre. Another reason why you need to enter the speed and time it takes to reach that speed is that power is a function of energy. So if your vehicle takes less time to reach a certain speed, the mass will take less time to attain that RPM, but ultimately will result in having the same energy. Thus, same energy attained in less time means more power taken by up the rotating mass while accelerating. <br /></p><p>Only fill the required values in column B against the non-colored cells. The colored cells are calculated values.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-33690030975087960042020-10-08T21:17:00.002-07:002020-10-08T21:17:26.138-07:00 D-Link DWM-222 4G on Linux.<p>Will work on any new Linux distribution out of the box. No need to install the 'driver's.<br /><br />In case yours is an old Linux distribution, just eject the detected corresponding cdrom device (/dev/sr0 or /dev/sr1, sr2 etc...) and a modem will be spawned which can be used just as a standard modem using your networkmanager or using wvdial.<br /><br />In networkmanager or wvdial, just do not set the APN (or INIT3 string), the device will pick it up automatically. Older versions of networkmanager do not allow this, so you may face issues on it. In this caseu use wvdial with a high BAUD rate.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-36625964568630699792020-09-10T00:12:00.000-07:002020-09-10T00:12:01.066-07:00Mystery high feaver (ranging from 99 to 103) comes and goes with extreme chills (sometimes)<p>One of my relatives (old) had this kind of mysterious fever. It used to go away in 3 days, and then used to come back within around 5 days. The first day, fever was high (like 103), then it used to reduce over the next 2 days. The fever was high promenantly at night.</p><p>'Modern' medicine and 'specialists' got stuck with lung infection and various tests which gave no results. The blood test results were erratic and inconsistent pointing to a mix of all diseases. This had been going on with 6 months.</p><p>Then he though of taking a remedy of alternative medicine based on Indian origin (something related to Yoga). The practitioner said this's a result of food allergy. Apart from giving medications, he a black and whitelist of foods to avoid and prefer.</p><p>And that was it ... fever was gone.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-40461731781240909732020-09-01T02:34:00.001-07:002020-09-01T02:34:26.849-07:00Matching encoded URLs using regexp/regular expressions (optionally in fail2ban).<p>Your regular expression can fail against attackers doing attacks by encoding their URLs; fail2ban will not detect those, neither your regular expression; But you can modify your regexpes to match these encoded URLs also even in mixed form (partly encoded, and partly not); create regular expressions to replace each character with something like -- </p><p>(c|%63|%43)</p><p>Here I replace c with the above; this will match c, and it's capital and small form in encoded URLs. In fail2ban you need to replace the % with a %% -- </p><p>(c|%%63|%%43)</p><p>So I write .php as -- </p><p>(\.|%%2E)(p|%%70|%%50)(h|%%68|%%48)(p|%%70|%%50)</p><p>You may begin the regular expression with (?i) in fail2ban or define it as (?i:<your regexp>) elsewhere to ignore case of the character (so C and c are alike and %2e and %2E is also alike.</p><p>To convert URLs to their encoded form I've created a simple script -- </p><p>#! /usr/bin/ruby<br /># Converts the input string to a regular expression which will match the string either in the URL encoded form or mixed or unencoded form and case insensitively<br /># First argument is the string.<br />input = ARGV[0].dup<br />input.gsub!(/a/,'(a|%61|%41)')<br />input.gsub!(/b/,'(b|%62|%42)')<br />input.gsub!(/c/,'(c|%63|%43)')<br />input.gsub!(/d/,'(d|%64|%44)')<br />input.gsub!(/e/,'(e|%65|%45)')<br />input.gsub!(/f/,'(f|%66|%46)')<br />input.gsub!(/g/,'(g|%67|%47)')<br />input.gsub!(/h/,'(h|%68|%48)')<br />input.gsub!(/i/,'(i|%69|%49)')<br />input.gsub!(/j/,'(j|%6A|%4A)')<br />input.gsub!(/k/,'(k|%6B|%4B)')<br />input.gsub!(/l/,'(l|%6C|%4C)')<br />input.gsub!(/m/,'(m|%6D|%4D)')<br />input.gsub!(/n/,'(n|%6E|%4E)')<br />input.gsub!(/o/,'(o|%6F|%4F)')<br />input.gsub!(/p/,'(p|%70|%50)')<br />input.gsub!(/q/,'(q|%71|%51)')<br />input.gsub!(/r/,'(r|%72|%52)')<br />input.gsub!(/s/,'(s|%73|%53)')<br />input.gsub!(/t/,'(t|%74|%54)')<br />input.gsub!(/u/,'(u|%75|%55)')<br />input.gsub!(/v/,'(v|%76|%56)')<br />input.gsub!(/w/,'(w|%77|%57)')<br />input.gsub!(/x/,'(x|%78|%58)')<br />input.gsub!(/y/,'(y|%79|%59)')<br />input.gsub!(/z/,'(z|%7A|%5A)')<br />input.gsub!(/\./,'(\.|%2E)')<br />input.gsub!(/-/,'(-|%2D)')<br />puts input<br /></p><p>The first argument to this script will be your text input.<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-39815630789763577162020-06-01T08:16:00.006-07:002020-10-24T01:46:29.393-07:00Nikon A900 review and issues/problems/drawbacks.<p>Everything about the camera is expected; for the size, it's the best that you can get at night photography (which is still deficient) as of 2019.<br />
<br />
Before you buy, these are a few drawbacks --<br />
<br />
1) The slowest shutter speed is 8 seconds in reality. No it's not 25; 25 seconds is given by some 'mode' which useless actually.<br />
2) Black round bands are seen on the edges of the pictures sometimes. I think this is is because of the image stabilizer. Solution is to zoom in and then zoom out and soon it'll fix itself. This issue calls in for a warranty claim! And yes -- warranty has been claimed. The highly abused lens has now been replaced.<br />
3) Autofocus is terrible! Even while shooting videos. And there's no manual focus to make matters worst. To provide a global e.g. just try to shoot moon so it's craters can be seen. This's not possible without fully zooming into the moon.<br />
4) The camera hangs sometimes.<br />
5) Wi-Fi picture transfer feature is non-standard. It requires a Windows 'driver'; so it wont work on Linux/BSD. I use P2P over USB instead.<br />6) Transferring pictures to phone over wifi is broken. So is remote photography (actually the phone never connects to the 'smart device' over wifi).<br />7) Battery charging is extremely slow.<br />8) Battery display has only 2 levels -- full, and low (that 50% mark is not, medium, it's low actually, and you're hardly going to get any backup beyond that).<br />
<br />
On the very plus size, the IS is very good! Audio recording is great too!<br /></p>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-92166645787740637302019-08-12T11:04:00.002-07:002019-08-12T11:04:50.263-07:00Lineage/resurrection remix/Android: Audio stops when earphones are plugged in.Sometimes, when you plug in your earphones, the audio stop coming (from the earphones), but the notification sounds continue to come. You've to restart your device multiple times to resolve the issue.<br />
<br />
The corresponding logs in logcat --<br />
<br />
08-11 22:41:36.375 315 8872 E qcvirt : [vendor/qcom/proprietary/mm-audio-noship/audio-effects/safx/android-adapter/qcvirt/qcvirt.c:477] Assertion fail: status == PPSUCCESS<br />
<br />
Solution -- disable the equalizer in audioFX.dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-75432339784591497532019-05-12T05:43:00.000-07:002019-05-12T05:43:59.153-07:00Linux technologies (kernel, bash etc...) support for Windows -- for a better monopoly.<span style="font-family: Arial, Helvetica, sans-serif;">And when you start to think in modern times when Microsoft loves Linux and opensource; the question arises, is it really the truth? Does Microsoft really love opensource?</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">No, in fact Microsoft is still trying to enforce it's monopoly and support for opensource technologies makes it's monopoly stronger.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Reviewing from a few pages of history realize why Microsoft is a monopoly -- </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">1) It keeps all protocols hidden</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">2) All technologies will be patented in the US (Microsoft tax)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">3) It tires to hide the formats of files that their programs use and when they open up the format, the specs are not complete (to ensure only their programs are able to open their files) and ladened with patent warnings.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">None of this has changed; but now Linux programs can run on Windows officially. So to the unsuspecting consumer -- Windows has the power to run both their propitiatory, cryptic and hidden Windows program and open Windows files along with Linux capabilities; so the obvious question is, why will it switch to Linux? So let the monopoly commence and be better.</span>dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-43035935796322566712018-08-30T01:55:00.003-07:002019-05-12T04:05:55.353-07:00Fixing kernel: "unregister_netdevice: waiting for to become free. Usage count = "This's a kernel bug which'll cause docker to hang and is triggered by you stopping a container (which possibly does not stop gracefully, i.e. does not respond to SIGTERM). The only solution is a reboot. It's speculated that this's a network namespace related problem and reproducible on all lxc/docker/rkt etc....<br />
<br />
The thing that worked for me to reduce the probability of this bug is removing limits from the docker systemd service. Newer systemd has a default limit even if you didnt set it. Set LimitNOFILE=1048576, LimitNPROC=infinity, LimitCORE=infinity, TasksMax=infinity in docker systemd unit and this may just fix the issue; this also reduced the load average (CPU based).dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-90369309374687665042018-03-31T22:30:00.003-07:002018-03-31T22:30:47.480-07:00Bash history sanitize/cleaner.instead of cleaning your bash history, this script will remove problematic history entries, thus sanitize it.<br />
<br />
<br />
<pre>#! /bin/bash
# Without argument will print what it'll delete. If 1st argument is y, then it'll clean the history of the user.
# The regular expressions catch the good commands which are to be retained.
echo 'Would delete commands -- '
grep -vP --regexp='^[a-zA-Z0-9/./.#~>]' ~/.bash_history
grep -vP --regexp='^.{0,1000}$' ~/.bash_history
if test "$1" == 'y'
then
grep -P --regexp='^[a-zA-Z0-9/.#~>]' ~/.bash_history | grep -P --regexp='^.{0,1000}$' > /tmp/bash_history_cleaned || exit
mv /tmp/bash_history_cleaned ~/.bash_history
fi
</pre>
<br />
Read the comments for how to get this to work.dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-81246140376610241902018-03-31T22:23:00.003-07:002018-03-31T22:23:55.282-07:00The mysterious case of engine oil thinning (AKA oil sheering)If you're someone who rides at high RPM and have a vehicle which's capable of going to high RPMs (6000+) your engine oil might be subject to a phenomenon called oil sheering which thins down your engine oil and makes it's grade lower. Bad quality engine oil means more sheering.<br />
<br />
So it's better to check your engine oil for quality. Now question is what to check? Feel the viscosity of the engine oil on your fingers, and if it does not feel oily (and feels more watery), the engine oil is subjected to sheering and has thinned down.<br />
<br />
For other aspects, the engine oil might be ok -- it wont smell burnt, will not leave a soot when you rub it and of course will not be excessively thick; but regardless, if it has thinned this much, it's time for a change, and next time switch to fully synthetic engine oil since engine oils must not thin like this at all.dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0tag:blogger.com,1999:blog-7330118093493789782.post-12462405898404952352017-09-30T04:45:00.003-07:002017-09-30T04:45:54.406-07:00Understanding inner workings of crossdev.
<style type="text/css">p { margin-bottom: 0.12in; }p.western { font-family: "Calibri",sans-serif; font-size: 14pt; }</style>
<br />
<div class="western">
The crossdev executable is going to install a
toolchain in your host machine for a foreign architecture as regular
ebuilds. The root of this foreign architecture (RF) will be placed in
/usr/<archspec> where <archspec> is in the same syntax as
the -t switch to crossdev.</archspec></archspec></div>
<div class="western">
Now question is, where do you get the ebuild of
the toolchain for the foreign architecture? crossdev creates a
separate overlay (the directory of the overlay must be added to
PORTDIR_OVERLAY in make.conf of the host machine) which contains
packages within a newly created category (in that overlay) named
<archspec>; the packages (belonging to the toolchain) in this
overlay are basically symlinks to certain directories (belonging to
the toolchain) on the host system. These packages within category
<archspec> only contains the essential components of the
toolchain and are merged just like any other package. The result of
the installation is that the toolchain for the foreign architecture
is installed with the prefix <archspec> (<archspec>-<command></command>);
emerge is also installed in the same way.</archspec></archspec></archspec></archspec></div>
<div class="western" style="margin-bottom: 0.06in;">
As said before these
executables (including emerge) operate assuming RF as the root dir.
All configuration in RF will be respected by these commands which
includes make.conf, package.use, package.keyword etc... this includes
the overlays, but it appears that the gentoo portage tree of the host
is always searched. <span style="color: #ff3333;">Don't understand why, or
the mechanism</span>.</div>
<div class="western" style="margin-bottom: 0.06in;">
<style type="text/css">p { margin-bottom: 0.12in; }p.western { font-family: "Calibri",sans-serif; font-size: 14pt; }</style>
</div>
<div class="western">
Executing this crossdev with the switches will
start building the toolchain using the emerge command itself (unless
you've passed some switches which present it from doing so).</div>
<div class="western">
These packages will populate a few things in
/usr/<archspec>.</archspec></div>
<div class="western">
After these have been build, you can either build
@system thus create the installation from scratch without a stage3;
however I dont think this'll work, so I would say you extract a stage
3 in /usr/<archspec> without overwriting the make.conf in it
since it's a special make.conf which works with the toolchain command
as installed on the host; however this make.conf is underoptimized,
so I would say you merge both the make.conf with the crossdev
specific parts commented out when actually running the system and
when using crossdev, you toggle the crossdev parts.</archspec></div>
<div class="western">
crossdev will also make a make.profile but
unfortunately it's symlinked to the wrong profile, overwrite it with
the one in the stage3 tarballs and change it to your preferred
profile.</div>
<div class="western">
Whatever change you do, remember that running
crossdev again will overwrite those, so 1) back them up and 2) never
run crossdev again. Upgrade these packages using your host's PM.</div>
<div class="western">
As of using eix in RF, use EIX_PREFIX= for that.</div>
<div class="western" style="margin-bottom: 0.06in;">
<br /></div>
dE_logicshttp://www.blogger.com/profile/06538862406325093570noreply@blogger.com0