Stop internet censorship. Say no to PIPA and SOPA

Today’s the day of the world stood against the proposals that would create laws to censor the internet based on denounces without due process!

Although you may have heard about SOPA, please take note that there’s a similar proposal called PIPA that is also being discussed but is not getting attention.

If you live in the USA,  please write or call your representatives, or use this form:  sopastrike.com/strike to stop PIPA and SOPA.

These proposals are also very dangerous for everyone outside the US. Although these are US based laws, don’t forget that many domains that have a .com, .org, or .net are considered as domestic to the USA, so they fall under these laws jurisdiction. We know that corporations have been influencing the European governments like the recent cases of France, Portugal and Spain, to push similar laws into our own civil codes.  A censored internet is the end of public sharing of knowledge and we all have been thankful for this. So thank you for taking action!

say no to PIPA and SOPA

Lpsolve Syntax Highlight for Geany IDE

Add Lp Solve extension

An example of Lp solve files Syntax highlight in Geany

First, we need to add the extension file, so geany knows what file it can associate to lp solve files.

Either go to:  Tools -> Configuration Files -> filetype_extensions.conf

or:  edit directly the file in

Linux: ~/.config/geany/filetype_extensions.conf

Windows 7 :  c:\Users\username\AppData\Roaming\geany\filetype_extensions.conf

and add a new line with

Lpsolve=*.lp;

Download Lp Solve syntax highlight file

Next, download this syntax highlight file:  filetypes.Lpsolve.conf

and place it in ~/.config/geany/filedefs/ (Linux)

or c:\Users\username\AppData\Roaming\geany\filedefs\ (Windows 7)

More information on syntax highlight

Note:  if not bothered to download this file, you can add the extension to any existing filetypes, for example:

C=*.c;*.h;*.lp;

Many thanks to geanycolourscheme.xtreemhost.com editor.

how to open Visual paradigm projects directly from KDE

oddly enough my installation of Visual Paradigm set its type to application/zip.

When i try to open it, it uses the same applications that other .zip files use.

Sure i could right-click + open with + Visual paradigm , but ….

So instead we’re going to create a new file type for that .vpp extension.

Create a new filetype in KDE

1 – Add a “x-vpp” type.

2 – select it (it down the list, inside the application category)

3 – Add a filename Pattern:
*.vpp

4 – Add an Application
* browse to your “Visual Paradigm for UML” binary file ( /path/vp/bin/Visual_Paradigm_for_UML_8.3 )

5 – Select an icon
* check the “resources” directory in your VP installation ( path/vp/resources/vpuml.png )

6 – press OK

Ok, now we need to edit the culprit of this mess:

Change the mimetype for Visual Paradigm for UML

edit the ~/.local/share/applications/Visual_Paradigm_for_UML_8.3.desktop

and change the mimetype to:

MimeType=application/x-vpp;

Restart your file manager

and we’re done! re-open your konqi/dolphin and .vpp files will always open with VP and your .zip will never again
be open with VP!

Patch portage to be more quiet

Gentoo linux is alive and well and just released a new Gentoo Linux Live.  It features Linux Kernel 2.6.37 (with Gentoo patches). It comes will all desktop environments. Especially if you are looking for KDE 4.6 SC here’s the best way to start.
It also includes OpenOffice.org (3.2.1), GIMP (2.6.11), Inkscape (0.48.1), Blender (2.49b), and many more. They are all packed in either the x86/x86_64 or the x86_64. If you like it, you’ll need to install Gentoo with the Instalation CD.

So a few days after the celebrated news of 11th release here’s a patch for portage to make it quiet and nice.

Those extra verbose warnings really annoys me,  because emerging something keeps showing me all the licensed packages that are masked, broken packages or masked.  So i fixed the “!!! existing preserved libs:
” ,  “!!! The following installed packages are masked:” and “!!! There are updates currently masked by LICENSE changes.” messages.

You can revert to the verbose warnings with the new flag “–extra-verbose”.

All it does is remove the list of packages shown after doing a emerge, and improves the speed because it doesn’t calculate any of it (particular when figuring out the preserved libs) and only shows a single line warning about them.

The patch is for portage-2.2.0_alpha26 (which is totally a must so you can play around with @sets)

Where to get the patch

patch-2.2.0_alpha26

How to apply the patch:

on the /usr/lib/portage/pym/ directory

patch -p1 -i patch-2.2.0_alpha26

The handbook is always a good idea to keep around ;)

(the image was taken from the Gentoo Live 10.0)

How to format a usb pen or mp3 player the right way

In a short line:

# mkfs.vfat -vc -F 32 -n “zen stone” -S 2048 /dev/yourdevice

The explanation:

free the gnu - lego mp3 player

-v Verbose execution.

-c Check the device for bad blocks before creating the file system.

-F FAT-size
Specifies the type of file allocation tables used (12, 16 or 32 bit).
If nothing is specified, mkdosfs will automatically select between 12 and 16 bit, whatever fits better for the filesystem size.  32 bit FAT (FAT32 format) must (still) be selected explicitly if you want it.

-n volume-name
Sets  the volume name (label) of the filesystem.  The volume name can be up to 11 characters long.  The default is no label.

-S logical-sector-size
Specify the number of bytes per logical sector.  Must be a power of 2 and  greater  than or equal to 512, i.e. 512, 1024, 2048, 4096, 8192, 16384, or 32768.

change “youdevice” for your own. Find out which is by checking your dmesg after plug-in the usb device for  something like:

• sde: sde1
• sdb
• etc…

You might want to try this flag too:

-I Normally you are not allowed to use any ‘full’  fixed  disk  devices.
mkdosfs  will complain and tell you that it refuses to work.  This is different when usind MO disks.  One doesn’t always need partitions on
MO  disks.   The  filesytem can go directly to the whole disk.  Under other OSes this is known as the ‘superfloppy’ format.

This switch will force mkdosfs to work properly.

Yet another ssh brute force attack and how to protect against it with iptables and sshguard

By chance, i looked into syslog ( /var/log/syslog ) and saw a ssh attempt to login from a ip outside local network. It was a brute force attack that started 7 days ago.. See down the post how to protect ssh from further attacks.

Looking at the logs ( tail -n 200000 /var/log/syslog ) noticed that the attack started on:

Sep 15 21:01:37 cerval sshd[13101]: Failed password for root from 114.80.94.183 port 42023 ssh2

then the attack went on by

66.219.59.10
193.106.65.15
85.62.8.13

Sep 17 21:43:44 cerval sshd[18343]: reverse mapping checking getaddrinfo for 85.62.8.13.static.abi.uni2.es [85.62.8.13] failed – POSSIBLE BREAK-IN ATTEMPT

Then more brute force from

87.106.243.162
85.10.136.18

Sep 18 09:33:10 cerval sshd[28178]: Address 222.253.174.238 maps to localhost, but this does not map back to the address – POSSIBLE BREAK-IN ATTEMPT!

and more

222.253.174.238
75.127.81.15
93.182.137.2
68.71.97.58 …

and still more from

201.240.99.126
59.151.119.180
124.232.131.82
119.188.7.164
200.121.131.166

on the 20th, things got intensified with 3 simultanious attacks:

Sep 20 14:11:38 cerval sshd[7749]: Failed password for root from 118.68.202.49 port 4921 ssh2
Sep 20 14:11:38 cerval sshd[7747]: Failed password for root from 58.186.10.126 port 3667 ssh2
Sep 20 14:11:38 cerval sshd[7753]: Failed password for root from 123.20.1.43 port 3703 ssh2

and yet some more:

200.37.45.101
bj141-147-66.bjtelecom.net [219.141.147.66]
195.58.83.74
61.150.72.170

UDP packets ??

Sep 22 09:03:20 cerval [3971817.790301] UDP: short packet: From 0.136.255.255:35010 25649/99 to 80.173.165.1:6881

and finally

220.226.22.72
213.172.36.130
194.190.129.49

I checked the logs and saw the attack. stopped ssh. no more fun for you :(

I decided finally, after 6 years of laziness to build up some security.

Getting started with iptables

The guys at netfilter created, omnipresent on most of Linux machines, a packet filtering system called iptables.

The iptables Rules

For creating a bash script to create all the rules need, i used this online iptables wizard. (don’t forget to remove “LINWIZ-” from the script created)

Running iptables

Next run the script sh iptables.sh, save it /etc/init.d/iptables save, and then start, stop and start iptables again ( /etc/init.d/iptables start; /etc/init.d/iptables stop; /etc/init.d/iptables start )

and check if the rules are active with iptables -L -v

To get a better understanding check Stateful Firewall and Masquerading on Linux

Protecting ssh

Luckly gentoo portage has sshguard, which has lots of nice features!
Unmasked it to use a decent version (portage has 1.0 as stable, 1.4 as latest, but sshguard is v1.5rc4, which is the last RC planned before 1.5 stable. )

and then, emerge -av sshguard.
Its FAQ has the script to use for booting but the “-l” option wasn’t working on this version, so i used this instead

#! /bin/sh
case $1 in
start)
    tail -n0 -F /var/log/auth.log | /usr/local/sbin/sshguard &
    ;;
stop)
    killall sshguard
;;
*)
    echo "Use start or stop"
    exit 1
;;
esac

Add to the rc levels to ensure it starts at every boot:

rc-update add sshguard default

If you are using syslog-ng with sshguard

On Gentoo, just add  this to /etc/syslog-ng/syslog-ng.conf:

#create a new destination for sshguard
destination sshguardproc {
    program("/usr/sbin/sshguard"
        template("$DATE $FULLHOST $MESSAGE\n"));
};
#creates a filter called f_sshlogs for auth and authpriv system logs
filter f_sshlogs { facility(auth, authpriv) and match("sshd"); }; # for sshguard

log { source(src); filter(f_sshlogs); destination(sshguardproc); };

Restart sshd

Start ssh again! /etc/init.d/sshd start

Make Emacs pretty with beautiful fonts

Over the years i’ve been trying to make emacs more readable, harmonizing it with the desktop themes. i dislike long lines and scrolling up and down so a small readable font is very important.

So here’s the evolution emacs had today:
left-top: default emacs 23
right-top : old
left-bottom : default with –font “Bitstream Vera Sans Mono-10″ -q
right-bottom : default –font “Inconsolata-11″ -q

here’s the complete images, side by side:

So the lines fit on the 80columns, there’s plenty of lines shown and the font is beautiful.

I’ve used alot of fonts over the time, but the best font right now is Inconsolata font, created by Raph Levien, with the suport from the TeX Users Group Development Fund. It has so many gorgeous details like the curved t, and the g. oh, i’m in love :) Find out more about Inconsolata font!

i’m happy! oh, just in case, here’s my .emacs after a heavy purge!

.emacs

How to change sound from two sound cards

I have two sound cards. One is the inboard and the other is a USB card.

I’m toggling often between them so i created this simple script: (see the end for link to files)


#!/bin/bash
dir=/home/username/
if [[ "$1" = "-l" ]] || [[ ! -n "$1" ]]; then
cat /proc/asound/cards
exit
fi
card=`grep "^ $1" /proc/asound/cards`
echo "Changing to sound card $card"
ln -fs $dir.asoundrc_"$1"0 $dir.asoundrc


The dir variable has to be changed to the user’s name.
This script moves around the .asoundrc files. there’s one for each card available or for each card used:

Example:

i have 4 entries in /proc/asound/cards:


0 [VirMIDI ]: VirMIDI - VirMIDI
Virtual MIDI Card 1
1 [NVidia ]: HDA-Intel - HDA NVidia
HDA NVidia at 0xfbf78000 irq 21
2 [hercdjrmx0 ]: hdj_mod - Hercules DJ Console RMX
Hercules Hercules DJ Console RMX at usb-0000:00:04.0-1, full speed
3 [RMX ]: USB-Audio - Hercules DJ Console RMX
Hercules Hercules DJ Console RMX at usb-0000:00:04.0-1, full speed


so i have .asoundrc_00 , .asoundrc_10 , .asoundrc_20 and .asoundrc_30

this is the basic model: (for sound card 1)


# File: ~/.asoundrc (nvidia nforce setup)
pcm.!default {
type plug
slave.pcm "dmixer"
}
pcm.dsp0 {
type plug
slave.pcm "dmixer"
}
pcm.dmixer {
type dmix
ipc_key 1024
slave {
pcm "hw:1,0"
period_time 0
period_size 1024
buffer_size 8192
rate 48000 #many new cards are 48000 only
}
bindings {
0 0
1 1
}
}
ctl.dmixer {
type hw
card NVidia
# card RMX
}
#end.
# for 5.1 speakers
pcm.ch51dup {
slave.pcm surround51
slave.channels 6
type route
ttable.0.0 1
ttable.1.1 1
ttable.0.2 1
ttable.1.3 1
ttable.0.4 0.5
ttable.1.4 0.5
ttable.0.5 0.5
ttable.1.5 0.5
}

Then i just have to create the other 3 files changing the line in red to pcm “hw:0,0“ (for sound card 0),  pcm “hw:2,0″ (for sound card 2) and pcm “hw:3,0″ (for sound card 3)

The lines in blue can be changed too, but i’ve found that they are ignored. After a reboot, the ordering of the cards might change so its useful to have a file for each slot.

Installing

The .asoundrc* files are placed in the user’s home directory
The script goes to /usr/local/bin.

files needed

• .asoundrc_00
• .asoundrc_10
• .asoundrc_20
• .asoundrc_30
• chsnd

making gentoo portage more quiet without showing preverved libs and installed masked packages

Well, it was one of those days drifting from trying to do one thing, and ending fixing the core system.

emerge been having alot of output lately, and its extra verbosity was driving me mad.

First, showing the preserved-libs takes alot of time.
Second, now i have always have to scroll up to check if the emerge succeed , for emerge warnings bout the packages and whatnot.

The other annoying thing is it warning me that are installed packages that are currently masked for one reason or the other by the maintainers.

… and then proceed to list them all, completely unrelated to the package being emerged.

so that was my itch. i’ve scratched not sure if i tore up anything vital :D

it was built against portage-2.2_r61
(note: the following code might be broken due to wordpress weirdness)

--- portage-2.2_rc61_new/pym/_emerge/main.py 2010-02-02 07:18:02.000000000 +0000
+++ portage-2.2_rc61_mod/pym/_emerge/main.py 2010-02-02 05:15:09.000000000 +0000
@@ -73,6 +73,7 @@ options=[
"--unordered-display",
"--update",
"--verbose",
+"--show-preserved",
]


shortmapping={
@@ -214,13 +215,12 @@ def display_preserved_libs(vardbapi, myo
vardbapi.plib_registry.pruneNonExisting()


if vardbapi.plib_registry.hasEntries():
- if "--quiet" in myopts:
+ if "--show-preserved" in myopts:
print()
- print(colorize("WARN", "!!!") + " existing preserved libs found")
- return
+ print(colorize("WARN", "!!!") + " existing preserved libs:")
else:
print()
- print(colorize("WARN", "!!!") + " existing preserved libs:")
+ print(colorize("WARN", "!!!") + " existing preserved libs found")
return


plibdata = vardbapi.plib_registry.getPreservedLibs()
--- portage-2.2_rc61_new/pym/_emerge/depgraph.py 2010-02-02 07:18:02.000000000 +0000
+++ portage-2.2_rc61_mod/pym/_emerge/depgraph.py 2010-02-02 05:15:14.000000000 +0000
@@ -4908,12 +4908,12 @@ class depgraph(object):
pkg.cpv, pkg.metadata, mreasons))
if masked_packages:
writemsg("\n" + colorize("BAD", "!!!") + \
- " The following installed packages are masked:\n",
+ " There are some installed packages currently masked!\n",
noiselevel=-1)

- show_masked_packages(masked_packages)
- show_mask_docs()
- writemsg("\n", noiselevel=-1)
+# show_masked_packages(masked_packages)
+# show_mask_docs()
+# writemsg("\n", noiselevel=-1)


def saveNomergeFavorites(self):

i hope it helps.

note that there’s a new flag “–show-preserved” that.. well.. makes it show the preserved libs.
After that, lafilefixer will try to fix any semi-broken .la files, deleted or hanging around.

how to fix firefox hanging every few seconds

Every x seconds, my firefox (built from sources) hangs for a few seconds (but the other applications keep running smothly).

Seems that my firefox (i didn’t tried using the binary) isn’t very keen on multithreading.
By default it has:

$ taskset -c -p firefoxpid
pid 29964's current affinity list: 0,1

To find firefox’s pid do:

$ ps -eo pid,comm | grep firefox
29964 firefox

So, firefoxpid is 29964, only in this case (pid varies). I needed to do this:

taskset -c -p 0 29964

with -c 0 (<– that’s a zero) the affinity mask is set to 1, so firefox only is allowed to use one cpu.
Take note of the parameters ordering: first the flags ( -c -p ) them the values ( <affinity list> <pid> )

the cpu id:
$ taskset -c -p firefoxpid
pid 29964's current affinity list: 0

the number of cpu’s allowed:
$ taskset -p firefoxpid
pid 29964's current affinity mask: 1

If firefox is to start from the beginning restricted,  it can be launched like:

taskset -c 0 firefox

That should lessen the hangings. In my case, javascript still hanged a bit.