Tag Archives: Linux

Fix HP Compaq 6910p Fan Noise under Linux

Although I prefer Macs as my primary work horses, I keep a trusty old HP Compaq 6910p around as a fallback. While generally nice the 6910p has one major flaw when being run with Linux: The fans will keep running constantly, emitting a high frequency whine that makes working unbearable in a couple of minutes. By chance I found a fix for the problem here. Open a terminal window and issue the following commands:

sudo -i
for i in 0 1 2 3 4; do echo "0" > /sys/class/thermal/cooling_device${i}/cur_state; done

While this will not completely eliminate the fans spinning up, it will at least make them spin down again when no more cooling is needed.

IPv6 bei Strato mit Debian “Jessie”

Nach dem Upgrade eines meiner Server bei Strato auf Debian “Jessie” funktionierte auf einmal das Routing von IPv6 nicht mehr. Schuld ist wohl, dass Strato den Eintrag fe80::1 als Default-Route verwendet, was unter Jessie anscheinend nicht mehr so einfach möglich ist. Funktionieren tut es bei mir jetzt wieder mit diesem Eintrag in /etc/network/interfaces:

iface eth0 inet6 static
    pre-up modprobe ipv6
    address 2a01:238:429c:2900:dead:beef:2bad:4dad
    netmask 128
    gateway fe80::1
    post-up ip -6 route add default via fe80::1 dev eth0

Wichtig ist dabei die letzte Zeile. Sie weist das Betriebssystem an, das Default-Gateway über das Interface eth0 anzusprechen und nicht – wie es das normalerweise tun würde – über lo.

Finally: A Fix for Python 2.7 Aborts on Import of ctypes

This has been bugging me for quite some time now: Every time I tried to import the ctypes module into Python 2.7, all I would get was the famous “Aborted” message. With some time to spare I could trace the problem down to the file closures.c of the libffi submodule. Most likely due to a compiler/optimization bug in older versions of gcc a double-free is happening there in line 151.
Since the surrounding function only checks for the presence of SELinux on the host and since the box I need to run Python 2.7 on doesn’t have SELinux installed, I opted for simply removing the whole thing:

--- a/Modules/_ctypes/libffi/src/closures.c 2012-04-10 01:07:33.000000000 +0200
+++ b/Modules/_ctpyes/libffi/src/closures.c 2012-06-20 17:35:40.277850045 +0200
@@ -119,52 +119,7 @@
 #define LACKS_SYS_MMAN_H 1
 
 #if FFI_MMAP_EXEC_SELINUX
-#include <sys/statfs.h>
-#include <stdlib.h>
-
-static int selinux_enabled = -1;
-
-static int
-selinux_enabled_check (void)
-{
-  struct statfs sfs;
-  FILE *f;
-  char *buf = NULL;
-  size_t len = 0;
-
-  if (statfs ("/selinux", &sfs) >= 0
-      && (unsigned int) sfs.f_type == 0xf97cff8cU)
-    return 1;
-  f = fopen ("/proc/mounts", "r");
-  if (f == NULL)
-    return 0;
-  while (getline (&buf, &len, f) >= 0)
-    {
-      char *p = strchr (buf, ' ');
-      if (p == NULL)
-        break;
-      p = strchr (p + 1, ' ');
-      if (p == NULL)
-        break;
-      if (strncmp (p + 1, "selinuxfs ", 10) != 0)
-        {
-          free (buf);
-          fclose (f);
-          return 1;
-        }
-    }
-  free (buf);
-  fclose (f);
-  return 0;
-}
-
-#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
-                 : (selinux_enabled = selinux_enabled_check ()))
-
-#else
-
 #define is_selinux_enabled() 0
-
 #endif /* !FFI_MMAP_EXEC_SELINUX */
 
 #elif defined (__CYGWIN__)

Compile, install – works. Now on to some other stuff that needs Python 2.7 to run properly ;)

Astaro ASG as OpenVPN Access Server client

Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.

Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.

If you’re interested, check out the latest version of ovpn-to-apc.sh on Gitorious. If it works for you, let me know. If it doesn’t, let me know, too.

Kleine Erfolgserlebnisse

Vorher

Check name    Uptime    Downtime    Outages   Response time
#######       58.54%    9h 57m 02s    189      9649ms

Nachher

Check name    Uptime    Downtime    Outages   Response time
#######       100.00%   0h 00m 00s     0        647ms

.ovpn to .apc Converter Revisited

The Astaro Security Gateway (ASG) is a great firewall and remote access solution. The only flaw of it being that Astaro, too, tries to build a walled garden around their suite of products. One major drawback here is that while the ASG has outstanding capabilities as a remote access server, there’s no easy way to use it as a client to connect to an OpenVPN SSL server. The main show stopper is that the ASG expects to get all it’s connection information from a .apc file while OpenVPN at best provides a .ovpn file which has a completely different structure.
Back in 2009 Patrick Schneider provided a simple bash script that would convert .ovpn files together with the needed certificates and key files into a .apc file the ASG could read. Unfortunately the script stopped working with newer ASG releases. Since I needed the functionality for a current project, I resurrected the code, polished and updated it a bit. The result can now be found on Gitorious: the new OVPN-to-APC converter script. Feel free to clone and enhance.

Update: Just pushed a new version to Gitorious that now handles the new .ovpn format provided by the OpenVPN Access Server as well.

Fixing PHP-FPM’s SCRIPT_NAME Bug The Brute Force Way

It’s not really news that PHP in it’s CGI or FPM flavor has slight to modest problems getting it’s environment right when using Apache as the front end web server, especially the $_SERVER[‘SCRIPT_NAME’] variable many scripts rely on to determine their true location on the hard drive. This erratic behavior is heavily documented in bug reports 51983 and 55208. As is common practice for the PHP-FPM team, their approach is to sit still and wait until this bug goes away on it’s own. This approach, proven to work for many politicians, may however not work for those folks, that need a solution to the problem at hand. A quite simple solution that unfortunately requires to recompile PHP is the following brute force patch for PHP 5.3.8:

--- php-5.3.8/sapi/fpm/fpm/fpm_main.c.org   2011-07-18 23:03:44.000000000 +0200
+++ php-5.3.8/sapi/fpm/fpm/fpm_main.c.  2011-11-24 18:29:37.000000000 +0100
@@ -1084,6 +1084,7 @@
 {
    char *env_script_filename = sapi_cgibin_getenv("SCRIPT_FILENAME", sizeof("SCRIPT_FILENAME") - 1 TSRMLS_CC);
    char *env_path_translated = sapi_cgibin_getenv("PATH_TRANSLATED", sizeof("PATH_TRANSLATED") - 1 TSRMLS_CC);
+   char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
    char *script_path_translated = env_script_filename;
    char *ini;
    int apache_was_here = 0;
@@ -1118,6 +1119,16 @@
 
        /* Hack for buggy IIS that sets incorrect PATH_INFO */
        char *env_server_software = sapi_cgibin_getenv("SERVER_SOFTWARE", sizeof("SERVER_SOFTWARE") - 1 TSRMLS_CC);
+                if (env_redirect_url &&
+                        strncmp(env_server_software, "Apache", sizeof("Apache")-1) == 0) {
+                        /*
+                         * If we have an env_redirect_url and the web server is Apache
+                         * it's very likely that env_redirect_url is the one we really
+                         * want
+                         */
+                        env_script_name = _sapi_cgibin_putenv("SCRIPT_NAME", env_redirect_url TSRMLS_CC);
+                }
+
        if (env_server_software &&
            env_script_name &&
            env_path_info &&
@@ -1159,7 +1170,7 @@
        if (CGIG(fix_pathinfo)) {
            struct stat st;
            char *real_path = NULL;
-           char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
+           // char *env_redirect_url = sapi_cgibin_getenv("REDIRECT_URL", sizeof("REDIRECT_URL") - 1 TSRMLS_CC);
            char *env_document_root = sapi_cgibin_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT") - 1 TSRMLS_CC);
            char *orig_path_translated = env_path_translated;
            char *orig_path_info = env_path_info;

What I Really Hate About Windows

I don’t run Windows regularly. I use Mac OS X. I use Ubuntu. I use Solaris. But when I need to run Windows it will never, ever fail to remind me why I don’t run Windows. It’s as simple as that. If updates are available, Mac OS X will inform me. Ubuntu will inform me. And if I told it to do so, Solaris will inform me. But all of these systems will never fucking ever *reboot* my machine just because they *thought* it’d be necessary. And even if they did have a function like that, they’d sure as hell be intelligent enough to find out that there are tasks running and stop or at least postpone the reboot. Oh well, after all it’s Windows I’m ranting about here ;)
Continue reading

Scan Magic With Scan Tailor

If you do a lot of newspaper scanning you know the problem: grey backgrounds, blurry pictures. No longer. Using Scan Tailor, a high quality scan is just six mouse clicks away. Scan Tailor is available for Windows and Linux – and it’s free as in free beer. Would someone please port this to the Mac?

Before Scan Tailor

Before

After Scan Tailor

6 clicks Later

Scan Tailor not only optimizes the pictures and cleans the background. It also deskews the image and can handle multiple images in one go.
Continue reading

Bash: Dynamic Variables

Every once in a while I need to use dynamic variables in shell scripts for doing things like

echo ${{$foo}_bar}

but unfortunately it won’t work like shown in the example above.
What will work however is this:
Continue reading

Hard Typing Ahead

This camera module is known to be mounted upside-down in some notebooks. Applications that use the libv4l library should display the video correctly, as libv4l detects upside-down cameras and rotates the image automatically. See Hans de Goede’s post on the linux-uvc-devel mailing list for more information. For applications that don’t use libv4l, try holding your computer upside-down.

From the Linux-UVC wiki.
Continue reading

Varnish 2.0.5 released

As mentioned here, Varnish 2.0.5 has been released. Changes include performance improvements on Linux and reduced memory consumption when processing ESI. Going to test it on this site in a few …

Continue reading

Give more threads to Varnish

When running my preferred proxy cache Varnish on Linux I realized that I couldn’t start enough threads on heavily accessed systems. As I found out, reducing the stack size is the key to get to the number I need. Oh well, if everything would be easy, I wouldn’t get paid I guess ;)
Continue reading

Make your ReadyNAS the NTP time server of your network

Since it wasn’t that much work I decided to honor the request and build the server component of the NTP protocol suite for the ReadyNAS Duo/NV/NV+/1100/X6.
There are two archives available:

After installation the server will start immediately. However, it will take some time for the server to actually sync time and date with the official time sources. So it takes about 15 to 20 minutes until any client on your network can actually sync its time with the time source on the ReadyNAS.
Have fun with the tool and remember: Works for me, ymmv.

{openx:6}

MySQL Tuning: The PHP Auto-Reconnect Patch

Now this would be really funny if it weren’t so sad in so many aspects: I know of more than one company running MySQL. Ok, no news there. But the MySQL servers of said companies are dropping connections. Not twice a week or once a day but two or three times every bloody second. Investigation of the cause is underway but obviously that doesn’t help to fix the problem at hand.
Since the major platform in said companies is PHP, there’s another problem: Tests have shown that if a connection failed a subsequent connection request will go through just fine. While not ideal, the best solution for the moment would therefor be to enable the auto-reconnect feature built into every MySQL client. But for PHP, there is no option to do just that.

That’s because even while PHP is using the

mysql_option()

function – which is needed to enable auto-reconnect – internally, nobody cared to make it available as part of PHP’s language. Maybe it would be easy to do just that, but I found it easier to patch PHP directly to enable auto-reconnect by default. You want to know how? Read on.

Continue reading

CentOS5/RHEL5 fix for ImageMagick “cpio: MD5 sum error” and “cpio: read”

Back on CentOS 5 for a customer I stumbled across a little problem while installing RMagick for Ruby. Said interface between Ruby and the Image Magick tools requires Image Magick in a version greater then 6.3.5 to be installed on one’s system. However, CentOS 5 and RHEL 5 only provide version 6.2.8. Even more unfortunate is that while there are RPMs to be found on ImageMagick.org, they’re all for Fedora. So when trying to install the binary .rpm file, all you’ll get is something like this:

[root@testsys rpms]# rpm -Uvh ImageMagick-6.5.5-6.i386.rpm 
error: Failed dependencies:
	libHalf.so.4 is needed by ImageMagick-6.5.5-6.i386
	libIex.so.4 is needed by ImageMagick-6.5.5-6.i386
	libIlmImf.so.4 is needed by ImageMagick-6.5.5-6.i386
	libImath.so.4 is needed by ImageMagick-6.5.5-6.i386
	libcdt.so.4 is needed by ImageMagick-6.5.5-6.i386
	libfftw3.so.3 is needed by ImageMagick-6.5.5-6.i386
	libgraph.so.4 is needed by ImageMagick-6.5.5-6.i386
	libgvc.so.5 is needed by ImageMagick-6.5.5-6.i386

No problem you might say. Just grab the source rpm and rebuild from there. Alas, this will lead to another problem:

[root@testsys srcrpm]# rpm -Uvh ImageMagick-6.5.5-6.src.rpm 
   1:ImageMagick
warning: user cristy does not exist - using root
warning: group cristy does not exist - using root
########################################### [100%]
error: unpacking of archive failed on file 
/usr/src/redhat/SOURCES/ImageMagick-6.5.5-6.tar.bz2;
4aa10a8f: cpio: read

With older archives you’ll get a similar message:

[root@testsys srcrpm]# rpm -Uvh ImageMagick-6.5.5-5.src.rpm 
   1:ImageMagick
warning: user cristy does not exist - using root
warning: group cristy does not exist - using root
########################################### [100%]
error: unpacking of archive failed on file 
/usr/src/redhat/SOURCES/ImageMagick-6.5.5-5.tar.bz2;
4aa10b19: cpio: MD5 sum mismatch

The reason is that Fedora uses newer RPM utilities than the ones found on CentOS 5 / RHEL 5. This is the reason for the broken MD5 sums. Also, they recently switched from providing .tar.bz2 packed archives to .lzma packed archives which RPM on CentOS 5 / RHEL 5 doen’t know anything about.

Google wasn’t of any help to solve this particular problem without installing everything from source.

But fear not, there’s an easy solution. Just read on.

{openx:6}
Continue reading

Speed up WordPress with memcache

We all love WordPress. But, honestly, it’s everything but fast. An easy way to speed it up a good deal is to make it use memcached for storing some of it’s data. And doing this is actually easier than one might think. There are some pre-requisites:

  1. Download and install libevent
  2. Download and install memcached
  3. Download and install the memcache extension for PHP

The first two follow the standard

"./configure; make; make install

route. For the third I suggest using

/path/to/your/php-install/phpize
./configure --enable-memcache
make
make install

Take note where the extension is intalled and have PHP load it by adding

extension=memcache.so

to your php.ini. There’s a chance you’ll have to edit the line

extension_dir=...

, too, to reflect the actual path where the extensions can be found. After restarting PHP you should see the

memcache

extension in the output of phpinfo.

If everything is fine, we can add memcache support to our WordPress installation:

Continue reading

VLC media player 1.0.0 – Goldeneye

The best video player for Linux, Mac and Windows finally made it to version 1.0.0 ;) Go grab it here.

You’ll get:

Continue reading

Bypass fsck on Linux startup

While re-installing the server hosting this site yesterday I ran into an interesting problem: The inital run of

fsck

on booting up the Linux image provided by my hoster would would report a file system inconsistency and wait for either the “root” password or a press of CTRL-D.
Since I didn’t know the “root” password (this is only supplied after installation has finished) and CTRL-D resulted in a reboot with the same result as before, I was stuck in a catch 22. Or so it seemed.

{openx:6}

Luckily I had access to a serial console. So I could interrupt the boot process and edit the grub line with the kernel options. There adding the statement

fastboot

made the Linux kernel skip the inital fsck run and voila, installation completed successfully.

To give you the whole picture: All I had to was to change this

title CentOS 5
    root (hd0,0)
    kernel /vmlinuz ro root=LABEL=/ console=tty0 console=ttyS0,57600
    initrd /initrd

to that

title CentOS 5
    root (hd0,0)
    kernel /vmlinuz ro root=LABEL=/ console=tty0 console=ttyS0,57600 fastboot
    initrd /initrd