Hardy smbfs is borked.  Actually, I understand that smbmount has been adandoned.  CIFS, the samba replacement in Hardy, is busted.  All hail Ubuntuforums.org!  Beta OS != perfect, right?

It seems there was a change in the Samba package between Ubuntu 7.10 and 8.04.  I was getting an error while trying to connect to some Solaris shares.
$ smbclient -L //web -I 192.1.168.0 -U user%password
Server requested plaintext password but 'client use plaintext auth' is disabled

It seems that adding the following to your /etc/samba/smb.conf file solves the problem:

client plaintext auth = yes
client lanman auth = yes


It took awhile to realize that just setting plaintext auth to true wasn’t enough. lanman auth overrides it. Should have read the man page more closely, I guess.

I’ve had a spare data cruncher (Dell Precision 479 Xeon 2.8) sitting under my desk for awhile. Not being terribly interested in OpenBSD that it came to me with (sorry Eric), I blew it away and installed Ubuntu 8.04 Hardy Heron x86_64. It seems quite stable and is perhaps quicker than 7.10. That isn’t my point, though.

This weekend I installed the 32 bit version on a Dell Inspiron and it seemed to due the laptop good. Resume from sleep is definitely faster. Today I thought I’d take a real leap and upgrade in-place my 64 bit Thinkpad T60. I didn’t want to have to fool around with configuring LVM and associated encryption so I thought I’d just sudo update-manager -c -d to upgrade to the Hardy Heron Beta.  I’m happy to report that everything seems to work fine.  I was a little nervous on first reboot while waiting for a sign that dm-crypt was working.  After entering my dm-crypt password I noticed that there was a ext3 drive check in progress.  It was subtle compared to the same process in Gutsy since it didn’t drop out of the gui to do it.

Everything seems to work fine.  Audio, DVD, VPN, all work fine.  Sleep and resume seem considerably faster though on first resume my wireless card wasn’t found.  Hope that gets fixed.  Also, I’m happy that wake-on-lan works on all of the machines I’ve tested so far, which wasn’t the case in Gutsy.  Several machines would wake in Windows, but not in Linux, which was a bummer.  I don’t consider myself lazy, but wake-on-lan is awesome.  I hope that it works with dd-wrt so I can wake my home desktop remotely.

So, be it here known that it is possible to in-place upgrade an LVM/dm-crypt encrypted machine from 7.10 Gutsy Gibbon to 8.04 Hardy Heron.

I’ve been having some trouble lately with RoadRunner from Time Warner Cable.  Their DNS servers are ridiculously slow and I decided to take some action and switch to OpenDNS.  Details follow.

First, I configured my Buffalo router running DD-WRT to use OpenDNS and to update DynDNS of my dynamic IP address.  Then I  configured  dnsomatic to update OpenDNS  so that my custom network settings will follow my home network as the address changes.  Actually, my dynamic address at home hasn’t changed more than a couple of times in more than a year, but it’s nice to have a static domain name to use when connecting to my network from elsewhere.

I think my tubes are considerably faster and I’m not getting the flaky name resolution failures that I’ve been getting recently.  Plus, when I don’t have to support TWC in their ignorant and greedy bid to redirect DNS requests from nonexistent domains to their advertisements.

We’ve been playing around with budgeting and tracking spending.  I actually have a box of receipts on my desk from the last month or so that I had planned to go through and categorize in Google Docs or an Open Office spreadsheet.  It’s daunting looking at this big box of random slips of paper.  I have no idea how people track spending.  I carried a check register in my wallet for awhile and tried to record each transaction as it occurred.   Not very successful.

Now I’m trying GnuCash.  Brandi had some experience with Microsoft Money and it seemed ridiculously overcomplicated for our needs.  I also don’t use Windows so it wasn’t really an option and GnuCash is free.  I downloaded transaction from American Express and imported them easily, but my credit union, North Carolina State Employees’ Credit Union, only offers CSV downloads.  GnuCash doesn’t recognize CSV.  So, I wrote a python parser to convert the CSV file to QIF, which GnuCash does understand.  Here’s a link to secu2qif.

We’ll see if we get anywhere.  While I was parsing I did notice that both the state and federal revenue services have issued  us refunds, which was a nice surprise.  They were both quite quick, I think.   Boy, that mortgage interest deduction was a nice benefit.

A couple of weeks ago I decided I needed to retool some of the NCGDAP data processing tools I wrote when I started at NC State in 2005. For awhile I’d been using subversion, but fell out of the habit. I was pretty confused to find that I had at least 4 versions of everything I’d written and no idea which was latest, which features I’d already incorporated, or (embarrassingly) what everything did. I’d clearly been shirking some system administration duties.

After some time spent with diff and a text editor, I was down to one version of each application. I also spent some time trying to make sure I didn’t have to do it all again. I sometimes work on my Thinkpad at home, at conferences, and on the bus, which eliminates keeping things solely on a network somewhere. Knowing that I sometimes forget which files have been modified, I wrote a bi-directional rsync over ssh process to sync my Thinkpad with my desktop and can run it from an icon on my Gnome panel.

I also wrote a nightly cron job to backup my work desktop to a network drive. The NCGDAP applications reside on the data processing server so I Samba mount that directory at boot. I installed and configured network-manager-vnc finally. It was ridiculously easy compared to vpnc, which never worked correctly. At home, I configured sshfs mounting of my work desktop from my home desktop so I never have to make a local copy of anything to work on it.

Last by not least, I finally got around to installing Cygwin on Brandi’s Windows XP laptop. Now, she can click an icon in her start menu that starts an rsync over ssh backup job to my desktop. She had been copying her My Documents directory and pasting it into her home directory on my machine using Samba, which took eons. I also added it to Windows Task Scheduler, which is utter crap compared to cron. After the first 8 hour run (~80 GB of music), it takes seconds and I don’t have to wonder about compliance.

Here are links to some of the things I wrote:

Cygwin rsync script, backup batch file to run Cygwin script, laptop sync bash script, sshfs mount script, sshfs umount script

For the record, I’m neither a programmer nor a system administrator. I’m just a librarian.

I’m not big into music.  I generally find it pretty annoying.  I realize that this isn’t a popular position, but it’s the truth.  I’d rather listen to just about anything on talk radio than music.  Anyway, we’ve been talking about how to deal with our massive CD collection and equally large, if less organized, digital music collection.  I’ve decided to start listening to Rhythmbox in shuffle mode and to discard anything I don’t like.  This is, of course, subject to mood, right?  No matter.

We’re digitizing the CDs or specific tracks that we like and are archiving the CDs in the attic for now.  I’ve got about 2GB of mp3s in my trash presently and have just started.   It’s amazing what I have.  Aphex Twins, Rammstein, Barbara Streisand, Kenny G., and other assorted crap.  I’ll tell you one thing I’ve learned from this.  Although you can use streamtuner and streamripper to rip hours of Internet radio, you shouldn’t.  You end up with Kenny G.

What I keep, I’m hoping to generate metadata for with Picard and musicbrainz.  It seems all those kids on Napster didn’t use controlled vocabulary and authority files to describe their music.

I recently had occasion to wonder what goes on in my yard while I’m not home. I’ve got a couple of Logitech QuickCam Messenger cameras that I’ve been pointing out the windows and use Motion to monitor the cameras, detect motion, capture images, notify me of motion events, and transfer the images to a remote server. Motion provides some handy facilities for the last two objectives. I use the Motion on_event_start to trigger a bash script that connects to various other computers, including my work desktop, and notifies me that Motion has detected movement in the camera’s field of vision. Both computers are configured to use SSH public key authentication. The bash script triggers a Zenity alert box shown below.

Clicking OK on the alert box opens a Firefox browser window to a Qdig Quick Digital Image Gallery. The gallery is populated via the on_picture_save option. When a picture is saved a bash script is triggered that copies the picture to the Qdig gallery directory. When the browser opens the gallery, thumbnails are dynamically generated for the contents of the directory. I can’t yet testify to the effectiveness of the system as I haven’t caught any motion yet, but I’m hopeful.  Motion also provides a mini-HTTP server that can be configured to listen to a remote port so that one could watch streaming video in real time.  In fact, motion is extremely flexible and, due the inclusion of the ability to trigger external scripts, is highly extensible.

I had a tough time finding Opera for Ubuntu 7.10 64 bit. The 9.50 release, opera_9.50-20071109.2-shared-qt_amd64.deb, works fine. Newegg doesn’t work with Firefox. I usually use Epihany when not using Firefox, but sometimes I just feel like a change. Thanks to the Opera Desktop Team. Shame on Newegg for not supporting Firefox.

I’ve gotten around to migrating my backup partition to a Truecrypt encrypted partition. This partition, /dev/sda2, was an ext3 partition I’ve been using for backups. I have an external backup drive (also encrypted) that I keep off-site and so didn’t worry about destroying the backup data on the partition.

Knowing a little something about computer forensics, I wanted to ensure that data I had written prior to encrypting the partition would be unrecoverable. If I had wanted to erase the entire drive I would have used Darik’s Boot and Nuke or some other linux-based drive eraser conforming at least to the DoD specification for file wiping. It’s important to remember, though, that wiping only files likely leaves data remnants in the empty drive space, file slack space, and sectors marked as bad. So, clearly it’s important to erase the entire partition or drive, not only files.

I wanted to only erase a partition so I used a more configurable utility to overwrite the space within the partition. First I rm -rf’d the files and directories on the partition. Then I overwrote the available space in the partition with random data using dd and /dev/urandom. sudo dd if=/dev/urandom of=/mnt/back/bigfile I probably should have just overwritten the partition at the device level, but I didn’t think of it until later. Next I used wipe to remove the bigfile. Only then did it occur to me that I could call wipe against the block device itself. sudo wipe -Q 1 -R /dev/urandom /dev/sda2

Hoping that the drive was sufficiently overwritten with random data I created a Truecrypt container on the partition. I chose to use the ext3 file system so chose the ‘no filesystem’ option in Truecrypt. After creating the container, I mounted the container. sudo truecrypt /dev/sda2 Then, I created the filesystem. sudo mkfs.ext3 -cjv /dev/mapper/truecrypt0

Now I have an encrypted backup partition on a separate internal hard drive completely independent of the LVM/dm-crypt encrypted system. I have a script that calls rsync against my /home, /etc, and /usr/local directories, which is everything I need to rebuild a system.

To those who would suggest that only people with something to hide should be concerned with privacy, I urge you to read ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.