z·eeki·sh

tech log on gentoo, linux, and random stuff

dumping audio from a video clip using mplayer

leave a comment »

mplayer your-video.mkv -ao pcm:waveheader:file=output.wav

mplayer will suggest you to use -vo null -vc null -ao pcm:fast to achieve faster result, but somehow this doesn’t work for my file at hand

Written by zsh

January 20, 2010 at 1:17 am

Posted in /usr/bin

Tagged with , ,

mounting sansa fuze microsd

leave a comment »

need CONFIG_SCSI_MULTI_LUN, can be found at:
device drivers -> scsi device support -> probe all LUNs on each SCSI device

Written by zsh

September 8, 2009 at 3:43 pm

Posted in no cat is good cat

Tagged with , , , ,

misc notes on pidgin vv support

leave a comment »

pidgin 2.6.2 is out today. Supposedly it fixed the problem when a video call is initiated but only a blank window appears. But you still need the following packages for video calling to actually work:

  • to test gstreamer a/v devices, need gstreamer-properties in package gnome-extra/gnome-media
  • for v4l(2) devices (that’s your camera) to work, also need media-plugins/gst-plugins-v4l(2)

Written by zsh

September 6, 2009 at 11:07 pm

Posted in gentoo

Tagged with , , ,

gentoo prefix/windows

leave a comment »

I’m recently entertaining the idea of switching to windows 7 with some sort of linux on top of the SUA infrastructure on my tablet. Currently I can see only 3 options, suacommunity.com, debian-interix.net, or gentoo prefix/windows.

suacommunity.com: packages are not up to date, and it seems like a one-man job (rodney on the forum). don’t quite like its package management

debian-interix.net: seems promising but doesn’t have a coreutils build yet (packages are on par with suacommunity).

gentoo prefix: the 20090619 iso doesn’t work on win 7. good news is a new unified release is coming with explicit win 7 support:

http://archives.gentoo.org/gentoo-alt/msg_0c118e18183f92789e215b20850ca602.xml

check out the pdf draft in the link above. don’t know how many of the packages in portage have the x86-interix keyword though. we’ll see…

Just skimmed through the gentoo/alt mail archive of last several months and it seems the gentoo port is taking an approach of making the tool-chain working under interix. AFAICT the debian approach is to get things compile without fixing the toolchain itself. Now that’s something. I’ll keep my fingers crossed. (but getting distcc to work on interix could be a problem…)

2009-08-28 Fri:
seems the dvd iso got silently uploaded to the official site. get it from here

Written by zsh

August 25, 2009 at 1:39 am

Posted in gentoo

Tagged with , , ,

gcc 4.4 crashes mplayer on dts audio

leave a comment »

with error message:

MPlayer interrupted by signal 11 in module: init_audio_codec

have to switch gcc profile back to 4.3.3

Written by zsh

August 21, 2009 at 2:33 pm

Posted in gentoo

Tagged with , , ,

sys-auth/pam_ssh and net-misc/keychain

with one comment

I’ve been using gentoo’s net-misc/keychain for a while now for password-less ssh. I followed gentoo doc’s recommendation and added to my ~/.zlogin the following lines:



    keychain id_rsa id_rsa_nopass --quiet
    source ~/.keychain/$HOST-sh

The only beef I’m having with this setup is that after each reboot, I have to type in both my password (for login) and the keyphrase of my ssh identity file (b/c keychain), which is kind of repetitive, if you know what I mean ;)

So there’s a little “aha!” moment when I found pam_ssh in today’s updates on gentoo-portage. In fact, it’s as simple as adding ssh into the USE flags of sys-auth/pambase and emerge -1 pambase. No more repetitive password entries!

Written by zsh

July 27, 2009 at 10:40 pm

Posted in /etc, gentoo

Tagged with , ,

lafilefixer, kexec

with one comment

have been troubled by the missing libogg.la for a while (sox never builds). google ‘libogg.la, gentoo’ points to a heated discussion in bugs.gentoo.org of whether or .la files should be included — apparently somebody intentionally removed it in the libogg build. No Comment! but I guess someone else stated my opinion quite clearly: a broken build a week is the best way to piss off end users. Anyway in that same thread there’s a fix: just `emerge lafilefixer` and do `lafilefixer –justfixit`

now onto a different topic. I’ve included kexec in the past several kernel builds, but never looked into it. It’s actually quite easy to use. just `emerge kexec-tools`, mod `/etc/conf.d/kexec`, and `rc-update add kexec boot`. Now the `reboot` command will just reload the kernel image specified in the conf file without rebooting the physical machine. (clearly, removing the kexec service shall return you to a normal `cold’ reboot)

Written by zsh

July 25, 2009 at 11:37 am

Posted in /etc, gentoo

using Creative WebCam Notebook (041e:401f) in Skype

leave a comment »



LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skype

needs media-libs/libv4l

cf. this link

Written by zsh

July 20, 2009 at 10:02 pm

Posted in gentoo

Tagged with , , ,

create socks5 proxy using window-less openssh from cygwin

leave a comment »

After half day’s work, my dad and I successfully revived a 7-year-old Toshiba Satellite 3000 S353 laptop, and he happily confiscated it as his travelling laptop. However, in considering that most online banks in China still require some IE activeX controls, he insisted that I replace the ArchLinux in it with WinXP, and since he has grown accustomed to the ssh tunnelling between his desktop and mine for him to browse all those news sites blocked by the GFW, he asked if I can do the same thing on the new windows.

So here’s the thing. We’ll need a cygwin environment, in particular its openssh, psmisc, run and any POSIX compliant shell (e.g., ash). Suppose the cygwin environment is installed in d:\cygwin, create ssh-proxy.bat batch script as follows:

    REM ssh-proxy.bat
    REM this will create a socks5 proxy at localhost:9999
    REM @echo off

    d:
    cd cygwin\bin

    REM give remote server two sec to close an already-open connection
    killall ssh && sleep 2

    REM use explicit invocation:
    REM run /bin/ssh -Nf -D9999 user_name@your.ssh.server
    REM or a `tunnel' profile in ~/.ssh/config:
    run /bin/ssh -Nf tunnel

and if you opt to use the ssh profile `tunnel’, put the following in ~/.ssh/config (windows absolute path d:\cygwin\home\USER\.ssh\config):

    # ~/.ssh/config
    Host tunnel
    HostName your.ssh.server
    User user_name
    Compression yes
    DynamicForward 9999
    # use pub-key auth for password-less connection. cf. SSH_CONFIG(5)
    #IdentityFile ~/.ssh/some_private_id_file

Now for each internet session, just run ssh-proxy.bat once when you need the proxy. The run command used in the batch script prevents the ssh command from creating a console window. It’s almost transparent for web browsing if you combine it with foxyproxy and Firefox.

As an afterthought, I probably could have done it with putty and AHK, suppose AHK can hide the putty window, but that’d take me sometime to learn the AHK syntax.

Written by zsh

July 7, 2009 at 1:01 am

Posted in no cat is good cat

Tagged with , , , ,

openvpn over ad-hoc wireless connection

leave a comment »

I have a spare zd1211rw usb WLAN dongle that I’d like to use to turn my desktop into some kind of AP, so that I can freely move around with my laptop. Sadly, the zd1211rw driver doesn’t support master mode, nor wpa over ad-hoc. My first thought is to encrypt the ad-hoc connection somehow through an ssh tunnel, but after fiddling around with dante (for `transparent socks proxy’) + ssh -D (socks5 proxy via ssh) combination for a while, I didn’t find the setup to be as transparent as I though it could be–e.g., socksify firefox doesn’t work quite well. It seems finally it’s time to dip my foot into the VPN pond.

The setup is quite straightforward though a little bit tedius. Following is exported from my installation journal in org-mode

openvpn over ad-hoc wireless

1 setup openvpn on desktop running Arch linux (as vpn server)

1.1 pacman -Sy openvpn

note:

  1. example conf in /etc/openvpn/examples
  2. easy-rsa scripts in /usr/share/openvpn/easy-rsa

now follow openvpn howto

1.2 generate certificates & keys

  1. cp -r {/usr/share,/etc}/openvpn/easy-rsa/
  2. edit vars file
  3. (cd /etc/openvpn; . ./vars; ./clean-all; ./build-ca)
  4. ./build-key-server server
    i also used a challenging password
  5. ./build-key alfred
    where `alfred’ is the name of my laptop. i also used a
    different challenging password
  6. ./build-dh (Diffie-Hellman parameters)
  7. Summary of key files:

    Filename Needed By Purpose Secret
    ca.crt server + all clients Root CA certificate NO
    ca.key key signing machine only Root CA key YES
    dh{n}.pem server only Diffie Hellman parameters NO
    server.crt server only Server Certificate NO
    server.key server only Server Key YES
    alfred.crt “alfred” only “alfred” Certificate NO
    alfred.key “alfred” only “alfred” Key YES
  8. now cp key/{ca.crt,alfred*} /mnt/usbstick, to be transfered
    to alfred

1.3 configuring server

  1. cd /etc/openvpn
  2. cp examples/server.conf ./
  3. linking appropriate certificate files generated previously:
    for f in dh1024.pem ca.crt server.crt server.key; do ln -s easy-rsa/keys/$f ./$f; done
  4. edit server.conf file.

    server.conf with most comments stripped. Note that a verbatim
    DNS server address is used 

    # address to listen to
local 192.168.3.2
port 1194

;proto tcp
proto udp

# we are using routing instead of bridging. see the online howto
;dev tap
dev tun

# certificates and keys
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem

# flag this as a server
server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

# not using bridging
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

push "redirect-gateway local def1"

push "dhcp-option DNS 202.109.15.135"
;push "dhcp-option WINS 10.8.0.1"

;client-to-client

# allow duplicate certificates
;duplicate-cn

keepalive 10 120

# use tls for extra security
;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

max-clients 2

# run unprivileged
user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

# verbosity
verb 3

;mute 20

1.4 running server

manually, cd /etc/openvpn; openvpn --config server.conf.

A script to run the server and set up appropriate NAT routing:
~/bin/runvpn 

#!/bin/sh
OVDIR=/etc/openvpn
OPENVPN=/usr/sbin/openvpn
IPTABLES=/usr/sbin/iptables
$OPENVPN --daemon --config $OVDIR/server.conf --cd $OVDIR
$IPTABLES -t nat -A POSTROUTING -s 10.8.0.0/24 -o ppp0 -j MASQUERADE

2 setup openvpn on laptop running Gentoo (as vpn client)

2.1 emerge openvpn

Note: enable the `examples’ USE flag to get vendor-provided
skeleton conf files (in /usr/share/doc/openvpn-*/examples/)

2.2 configuring client

cp the skeleton client.conf to /etc/openvpn/home.conf (home
being the profile name), mod it.

home.conf: 

# flag this as client
client

;dev tap
dev tun

;proto tcp
proto udp

# vpn server's ip address
remote 192.168.3.2 1194
;remote my-server-2 1194

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
mute-replay-warnings

# certificates/keys
ca homekeys/ca.crt
cert homekeys/alfred.crt
key homekeys/alfred.key 

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# no compression
;comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

2.3 running client

gentoo’s openvpn package has an init script. Just ln -s /etc/init.d/openvpn{,.home}, (home being your profile name) and
rc-service start openvpn.home

3 networking

In the server-side runvpn script, NAT routing has already been set
up. Note that ip-forwarding must be enabled (manually by echo "1" > /proc/sys/net/ip_forward or through sysctl: sysctl -w net/ipv4/ip_forward=1)

At the client side, after bringing up the vpn client, I still have
to route add default gw 10.8.0.5 where 10.8.0.5 is the p2p end
of tun0. It’s possible that this can be pushed by the server but I’m
tired of reading the openvpn manual, so this is done in a script
runvpn on my laptop (not to be confused with the script on the
server side bearing the same name). The script is setup to also ssh
to the server on its WLAN address and start up the vpn server. 

#!/bin/sh
ssh home sudo bin/runvpn
sudo rc-service openvpn.home restart
sleep 10
TUN=`sudo /sbin/ifconfig tun0 | sed -n 's/.*P-t-P:\([^ ]\+\).*/\1/p'`
sudo route add default gw $TUN

4 real-world operation

  1. plug in the USB WLAN card on the desktop. With the following
    /etc/udev/rules.d/10-zd1211.rules and ~/bin/adhoc, the card
    is automatically set in ad-hoc mode and assigned 192.168.3.2

  2. on the laptop, run adhoc && sleep 5 && runvpn. the sleep 5 is
    to allow some time for the WLAN to be fully associated to an
    ad-hoc cell

    10-zd1211.rules (on server) 

    ACTION=="add", ATTR{manufacturer}=="ZyDAS", ATTR{product}=="USB2.0 WLAN", SYSFS{idVendor}=="0ace", SYSFS{idProduct}=="1215", SYMLINK+="net/wireless-usb-zd1211", RUN+="/hoard/home/bin/zd-inserted"

    ~/bin/adhoc (on server) 

    #!/bin/sh

# ref: http://forums.gentoo.org/viewtopic-t-274790-highlight-adhoc+wireless.html

/sbin/rmmod zd1211rw && /sbin/modprobe zd1211rw

# need to set abs. path for script to work when called by e.g. udev
IFCONFIG=/sbin/ifconfig && \
IWCONFIG=/usr/sbin/iwconfig && \
$IFCONFIG wlan0 down && \
$IWCONFIG wlan0 mode ad-hoc && \
$IWCONFIG wlan0 essid soc channel 1 && \
$IFCONFIG wlan0 192.168.3.2 && \
$IWCONFIG wlan0 txpower 14dbm

    ~/bin/adhoc (on client) 

    #!/bin/sh
IFCONFIG="sudo /sbin/ifconfig"
IWCONFIG="sudo /sbin/iwconfig"
$IFCONFIG wlan0 down && \
$IWCONFIG wlan0 mode ad-hoc && \
$IFCONFIG wlan0 192.168.3.3 && \
$IWCONFIG wlan0 essid soc channel 1 txpower 10dbm

HTML generated by org-mode 6.27a in emacs 23

Written by zsh

June 28, 2009 at 3:40 am

Posted in /etc, /usr/local/bin

Tagged with , , ,

« Older Entries