synaesthesia

Here is a command you can simply paste into your terminal to install most of the best available Ubuntu games, emulators, and media players that do not require external repositories and that are available on the 64-bit ‘amd64’ architecture. You do want to make sure you have the universe and multiverse enabled.

(more…)

I don’t know how many times I have had to deal with the situation where a system requires some module that is built separately from the kernel tree (such as OpenAFS and NVIDIA drivers) and a kernel upgrade is installed either automatically or as part of an upgrade set, leaving a surprise for the next reboot when the module for the new kernel version does not exist. (Other Debian users have reported similar gripes.)

I came up with the following solution. It uses module-assistant to automatically build every kernel module package whose source is currently unpacked in /usr/src/modules.

(more…)

Here’s a way to obliterate everything in a sensitive directory if you do not have the luxury of wiping the entire disk device it resides on. It overwrites every file with random data and renames every file to a random name.

 for temp in `find /home/ -type f`; do SIZE=`du -k $temp | cut -f1`; \
    echo -n Obliterating $temp; FAILED=; dd if=/dev/urandom \
    of=$temp bs=1K count=$(($SIZE+1)) >/dev/null 2>/dev/null \
    || FAILED=1; if [ ! -z $FAILED ]; then echo ... failed; else \
    echo ... done; FNAME=`base64 /dev/urandom | tr -d '+/\r\n0-9' \
    | head -c 50`; mv $temp $FNAME;  fi  ; done

account gmail
host smtp.gmail.com
from username@gmail.com
auth on
user username@gmail.com
password mypass
tls on
tls_starttls off
tls_certcheck off
logfile /tmp/gmail.log

The synopsis: GMail doesn’t accept STARTTLS connections on port 25. The key is “tls_starttls off”, which causes the client to connect using SSL on port 465 instead…

You might get some confusing errors when attempting to login to your network from an outside network. The application reports “GSSAPI error: Miscellaneous failure” or “GSSAPI mech specific error: Server not found in Kerberos database”. Your Kerberos KDC log shows:

Aug 21 13:01:49 xanadu krb5kdc[30485]: TGS_REQ (3 etypes {16 1 3}) 66.9.16.190: UNKNOWN_SERVER: authtime 1187288
525,  nemesis@REALM.COM for krbtgt/ISP.COM@REALM.COM, Server not found in Kerberos database

What is important to note here is that the request is for a ticket for krbtgt/ISP.COM and not krbtgt/REALM.COM.

This happens because the client computer looks up the reverse DNS of the server computer, and attempts to get a ticket for the realm it appears to be a member of.

In this case, the server can be resolved to IP address by server.realm.com, but the Reverse DNS is controlled by the ISP, and so a reverse lookup on the server’s IP address gives a hostname that is on the ISP’s domain somewhere.

There are only a few ways to fix this:

• Correct the public Reverse DNS for the remote server’s IP address (difficult to impossible depending on your ISP)
• Add appropriate Reverse DNS entries for the remote server’s IP address to the client’s DNS server, and make the client’s DNS server authoritative for the remote server’s subnet
• Add appropriate entries for the remote server to the client’s HOSTS file

The last option is probably the least painful if you are just trying to get seamless access from your work computer to home, for example.

You may have noticed from time to time as Linux evolves and device drivers change, the device nodes used to access your hard disks may sometimes change. Besides updating the root device on the kernel command line in your bootloader configuration, you also have to go through your /etc/fstab and make all the appropriate changes. That is assuming you still have a working kernel around…

Easier thing to do is refer to the volumes not by device node, but by LABEL or UUID. Every filesystem is assigned a UUID when it is created, and you can manually assign a human-readable LABEL by using the filesystem tuning tools. Once you have assigned a LABEL and/or UUID, then anywhere you would refer to a /dev/hdXX or /dev/sdXX device, use UUID=… or LABEL=… instead, where … is the actual UUID or LABEL that is assigned.

To set labels for a few filesystems:

ReiserFS: reiserfstune -l <label> /dev/XXXX
EXT2/3: tune2fs -L <label> /dev/XXXX
Swap: mkswap -L <label> /dev/XXXX

To retrieve labels and UUIDs for a few filesystems:

ReiserFS: reiserfstune /dev/XXXX (must be unmounted)
EXT2/3: tune2fs -l /dev/XXXX ("Filesystem volume name", "Filesystem UUID")
Swap: No way to retrieve, just relabel it with mkswap -L

After rebooting you will be able to see the volume labels in /proc/partitions.

Note: Only v1 (“new style”) swap devices can be labeled.

Error behavior

In ext2/ext3, you can also set the error behavior in the superblock so that when a filesystem error is encountered (due to corruption, CPU/memory failure or disk failure), the filesystem will be automatically remounted read-only or the kernel panicked. The default is to continue on errors. This is usually set in the fstab (errors=remount-ro or errors=panic), but it may be more convenient to have the default behavior set in the superblock. Simply issue tune2fs -e remount-ro /dev/hda1 for all your ext2/ext3 filesystems, and you will no longer have to have the verbosity in your /etc/fstab too…