Treg's blog

Last years, I’m mainly using a Fedora & Gnome setup for workstation purposes. Recently, I stumbled upon the fact that gnome-keyring-daemon doesn’t support all the ssh-agent features I would like. For example it lacks support for ECDSA and ED25519 keys. Also it seems impossible to remove keys.

After some digging on the internet, I found a lot of bugreports and articles about these issues. Replacing the SSH features of gnome-keyring-daemon with those of ssh-agent seem to be a perfect solution.
In this blogpost, you can find out how: https://eklitzke.org/using-ssh-agent-and-ed25519-keys-on-gnome

Lately, I was looking for an efficient tool to sync (pull/push) a Google Drive account to my local hard drive. After some searching, one of my colleagues popped up with the command line tool “drive”. Nice, this tool does exactly what I want!

GitHub page: https://github.com/odeke-em/drive

Attention, platform packages are availble at https://github.com/odeke-em/drive/blob/master/platform_packages.md

Since Zabbix version 2.2, I’m running into faulty/wrong zabbix-agent SElinux policies. There is not too much information available on the web to fix this issue. The steps underneed should do:

Install Zabbix Agent:
# yum install zabbix22-agent

# Edit the Zabbix Agent config file:
# vi /etc/zabbix/zabbix_agentd.conf

Run the service:
# service zabbix-agentd start

Interprete the audit log and create custom SElinux exceptions:
# cat /var/log/audit/audit.log | grep zab | audit2allow -M zabbix-agent

To install audit2allow:
# yum install policycoreutils-python

Verify the generated SElinux rules:
# vi zabbix-agent.te

Apply the generated SElinux rules:
# semodule -i zabbix-agent.pp

Additional: allow the Zabbix Agent to run on a different port, e.g. on port 8484:
# semanage port -a -t port_t -p tcp 8484

Restart the Zabbix Agent service:
# service zabbix-agentd restart

Verify the Zabbix Agent logs:
# tail /var/log/zabbix/zabbix-agentd.log

Please feel free to optimize the procedure and leave a comment.

Finally I took the time to find a descent snipping tool for linux… and I found Shutter. A very nice, quick and clean tool to take screenshots and parts of screenshots. The program offers some extra features, yours to find out.

Off course, this is open source software which on integrates nicely in the Gnome notification area. The software is available in the Ubuntu repositories. 🙂

Parallels implemented an overuse policy since version 9 of its Plesk control panel for Linux. When you upgrade a Linux Plesk server (8.x) to version 9.x, all resellers, clients an domains get the “can’t overuse” policy. So, all objects which exceed a certain value get suspended. This isn’t quite what we/you want. (after the night, your overusing resellers/clients/domains will be suspended!)

So, the solution is quite simple: just set all the objects on “allow overuse”… except that this can’t be done serverwide. If you have 300 domains + 100 clients + 5 resellers, you will have to edit 405 objects manually. 🙁

The solution: you can solve this problem by executing the following scripts on the Linux box from the command line (with root privileges). The script will grant clients or domains the “allow overuse” policy.

• Clients:
  

  # for i in `cat /etc/passwd |grep "/var/www/vhosts" | awk -F":" '{print $1}'`; do echo -n "$i  --  "; /usr/local/psa/bin/client_pref --update $i -overuse notify ; echo ""; done

• Domains:
  

  # mysql -u'admin' -p"$(cat /etc/psa/.psa.shadow)" -D'psa' -NBe 'select name from domains order by name' | while read dom; do $(grep '^PRODUCT_ROOT_D' /etc/psa/psa.conf | awk '{print $2}')/bin/domain_pref -u "${dom}" -overuse notify; done

Last week, Microsoft changed its omega.contacts.msn.com certificate. This gives you a login error with an already configured Pidgin IM client. Execute the following steps to fix this error:

1. Download the following file: http://files.andreineculau.com/projects/pidgin/omega.contacts.msn.com.2.txt
2. Move it to “.purple/certificates/x509/tls_peers/”.
3. Rename the file to “omega.contact.msn.com”.
4. Restart Pidgin.

Source: blog@AndreiNeculau

While testing KDE4.5, it seemed I couldn’t use Tweetdeck anymore. The problem has something to do with storing passwords securely. Since Adobe AIR is a 32-bit application, it needs the 32-bit version of the KDE wallet client libraries in order to get the AIR ELS working properly. (Similarly on GNOME, the 32bit libraries for GNOME keyring are used.)

You can check if 32bit kdewallet client libraries are installed by testing the dynamic link dependencies of e.g. Adobe AIR’s libaddkey.so:

ldd "/opt/Adobe AIR/Versions/1.0/Resources/libaddkey.so" | grep kwallet

If you get something like “libkwalletclient.so.1 => not found” you will need to install the 32bit library. In Ubuntu 9.10 this library is in the kdelibs4c2a package, but this can be detected automatically by the getlibs package (see http://ubuntuforums.org/showthread.php?t=474790):

wget http://frozenfox.freehostia.com/cappy/getlibs-all.deb
sudo dpkg -i getlibs-all.deb
sudo getlibs libkwalletclient.so.1
sudo ldconfig

Re-run the ldd command above to check that the client library can now be resolved.

After this, erase Adobe AIR ELS and enter your account data anew:

rm -rf ~/.appdata/Adobe/AIR/ELS
TweetDeck

After this, AdobeAIR shows up in KDE wallet manager with an ELSKey stored password.

I found this solution on the Ubuntuforum.org. (provided by mkalen in this topic)

… and finally I found a VPN client that suits my needs: the Shrew Soft VPNClient. This piece of software is available for both Windows and Linux. (and works on both platforms without a problem!) It connects with many manufacturers’ VPN gateways. On their support page, they tell you how to do it.

Attention, there is one little “problem” if you want to use it on recent Ubuntu installations. You have to edit the file “/etc/sysctl.d/10-network-security.conf”. Please zero the values of the configuration:

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0

That should work.

Laatst was ik op zoek naar goede online backup software zodat ik wat cruciale data kan backuppen. Buiten de commerciële producten, kwam ik toevallig het Ubuntu One project tegen, dat blijkbaar  al een tijdje loopt. Deze software zit standaard in de laatste Karmic release van Ubuntu ingebakken, super! Het project lijkt een beetje op het oude Ifolder project van Novell (dat blijkbaar ook terug leeft).

Ubuntu One bestaat enerzijds uit client software die files synchronizeert vanop je computer met “the storage cloud”. Anderzijds is er ook een webinterface die je vanop elke browser-waardige computer kan raadplegen. Ubuntu One bied je gratis online storage aan tot 2GB. Hoger volumes kunnen aangekocht worden tot 100GB. Achterliggend gebruikt Ubuntu One de Amazon S3 cloud voor het opslaan van al zijn data.

Toch zijn er 3 minpuntjes. Momenteel zijn er enkel Linux clients beschikbaar, dus crossplatform werken gaat niet. Blijkbaar bevindt de data zich niet geëncrypteerd op de servers (hoorde ik, correct me if I’m wrong). Ook zet je de Ubuntu One client upload en download speed best niet op 0KB/s, want dan komt er effectief geen data door. Daar waar de meeste applicaties dan unlimited bandbreedte toelaten…

Ik kijk uit naar de nieuwe client versie en nieuwe features in de volgende Ubuntu release! 🙂

Recently, I asked myself, what about a new graphics card for my pc? Since it was terribly slow… So I started looking around and bought myself an Asus Nvidia GTS250 card. This was a logic choice because Nvidia has good Linux drivers and this cards aren’t too expensive. But, it turned out that the card makes more noise than a vacuum-cleaner. 🙁

I returned the card and went looking for another one. The Sapphire ATI HD5750 Vapor-X 1G GDDR5 seemed to be the perfect quiet replacement. ATI supports Linux with binary drivers, so that was no problem (I tought). After installing the card with the latest proper drivers, all worked well. When suddenly… after 10 minutes my computer (videocard) crashed and my screen showed vertical lines. Most of the time I could SSH to the computer, so it didn’t totaly crash, but I was unable to relaunch Xorg. The graphics card was totally losing control.

After some surfing, emailing and chatting around, it turned out that many people are facing problems (ATI forum thread) with this cards. Finally, a good solution came from Sapphire. I had to upgrade the video bios from the graphics card. The new VBIOS adjust the powerplay function in 2D mode. Underneath you find my solution:

!! IMPORTANT, please check that your card has the following P/N:288-1E138-100SA and SKU#11164-04 !!
!! Don’t turn off the computer and do this at own risk !!

• Download the atiflash tool that only can use under pure dos mode here – http://www1.sapphiretech.com/global/lib_files/40.zip
• Then check the SOP step1 to step7 to make a bootable USB stick that can help to boot into pure dos mode – http://www1.sapphiretech.com/global/lib_files/103.zip
• Download the latest VBIOS – http://www1.sapphiretech.com/global/lib_files/117.zip
• After booting into pure dos mode , please type below command after prompt
  C:\atiflash -p 0 S3C01201.V22 -f
• Reboot your computer

I’m hoping that this solves your problem too!