tcpdump -l -n -i eth0 -w dump.pcap -s 65535 host www.example.com and port 80
Page 20 of 52
Everytime I work with Eagle, I need to dig deep to remember which libraries and packages I used. Here’s a memory aid:
- Pinheaders for flatcable: library con-lstb
- Pinheaders for PC-fan like connectors: con-molex
- Big single pin connectors: testpad or wirepad.
- Fuse holder: lib: fuse, package: SH22,5A
- Connector ‘printkroonsteen’: lib con-ptr500, part ak500/3 ak500/2 etc
- Smaller footprint for high current diode: package diode, part DIODE-DO41-7.6
More to come…
Simple command to test an SSL connection:
openssl s_client -connect meel.halfgaar.net:993 -ssl3
You can verify certificates, ssl version, etc.
The current kernel in Ubuntu Maverick has a problem with shutting down when running as a Xen DomU (guest). When the VM has more than 1 VCPU, it won’t reboot or shutdown.
Just a quick link to my bugreport about this and a report filed against an earlier kernel.
I wanted to know if I could extend the size of a RAID5 array on the 3Ware 9650SE, so I tried something.
I first had this:
# tw_cli /c0 show Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy ------------------------------------------------------------------------------ u0 RAID-5 OK - - 256K 5587.9 RiW ON VPort Status Unit Size Type Phy Encl-Slot Model ------------------------------------------------------------------------------ p0 OK u0 1.82 TB SATA 0 - ST32000542AS p1 OK u0 1.82 TB SATA 1 - ST32000542AS p2 OK u0 1.82 TB SATA 2 - ST32000542AS p3 OK u0 1.82 TB SATA 3 - ST32000542AS p4 OK - 1.82 TB SATA 4 - ST32000542AS Name OnlineState BBUReady Status Volt Temp Hours LastCapTest --------------------------------------------------------------------------- bbu On Yes OK OK OK 0 xx-xxx-xxxx
A 4 disk raid 5 and one extra disk.
Then I did this:
# tw_cli /c0/u0 migrate type=raid5 disk=4
Sending migration message to /c0/u0 ... Done.
Then I have this:
# tw_cli /c0/u0 show Unit UnitType Status %RCmpl %V/I/M Port Stripe Size(GB) ------------------------------------------------------------------------ u0 Migrator MIGRATING - 0% - - - su0 RAID-5 OK - - - 256K 5587.9 su0-0 DISK OK - - p0 - 1862.63 su0-1 DISK OK - - p1 - 1862.63 su0-2 DISK OK - - p2 - 1862.63 su0-3 DISK OK - - p3 - 1862.63 su0/v0 Volume - - - - - 50 su0/v1 Volume - - - - - 5537.9 du0 RAID-5 OK - - - 256K 7450.54 du0-0 DISK OK - - p0 - 1862.63 du0-1 DISK OK - - p1 - 1862.63 du0-2 DISK OK - - p2 - 1862.63 du0-3 DISK OK - - p3 - 1862.63 du0-4 DISK OK - - p4 - 1862.63 du0/v0 Volume - - - - - N/A du0/v1 Volume - - - - - N/A
su0 and du0 are probably source and destination, giving me a new and bigger u0 at the end. But this is going to take a week to migrate, so I won’t know for a while… (edit: I contacted 3Ware support and they said the change in size is only seen after driver reload, which means a reboot in most cases).
Create a shared remote bzr repository:
bzr init-repo --no-trees sftp://development@server.example.com/srv/bzr/project/ bzr init sftp://development@server.example.com/srv/bzr/project/trunk bzr co sftp://development@server.example.com/srv/bzr/project/trunk project
The docs all create a repos in /srv/bzr in which branches are created, but to me, it seems illogical to put all your projects in one repository. So, I create one per project.
My youngest sister has retired her big-ass (17″) Acer TravelMate (model 7513WSMi 7510) with a more modern offering from Sony. That was last year. Now, she thought it’d be a good idea to donate it to our oldest sister. But since the thing has always “run” like a pig with Windows Vista, her girl-geek instincts thought it better if I’d equip the old monster with Ubuntu Linux instead.
AMD 64bit
I’m also considering upgrading my own laptop to 64 bit. (They’ve told me that, really, the 32 bit age is over.) So, the first thing I’m trying to find out (now that I’m getting on the 64 bit train) is if this thing supports 64 bit. I can’t really think of a quick way to find out, so I’m just going to create a 64bit installation CD and see how that works.
…
Or, I could have just popped open the hood to see the “AMD Turion64x2 Mobile Technology” sticker. 😯
Installation
After changing the boot order, the installation CD (burned from my T61 using “wodim -data ubuntu-10.10-desktop-amd64.iso”) seems to be booting despite the worrying sounds that seem to indicate that the laptop is trying to rip apart and eat the disc.
I’m surprised how good the current installation program looks and that it asks me if I want to “download updates while installing” and “install third-party software”. Nice.
Great idea to ask all the annoying questions (timezone, etc.) during installation instead of after! I’m amused with how much I’m behind the time if I see all the promotional screens for new and improved software which is meant to keep me inspired during the installation process. “OpenOffice.org is fully compatible with Microsoft Office[…]” Am I really that much behind with the times? Nah, I can’t imagine. I must still have some very, very nasty Excel sheet lying around somewhere, gathering dust. If I feed that monster of a thing to OpenOffice, then I’m pretty sure… Yeah, that’s going to be fun. 😈
Post-installation configuration
I had expected to spend at least an hour or two hunting around forums to find solutions for obscure driver-related issues and other nuisances. But no issues popped up. It just worked. Ubuntu is very compatible with the Acer TravelMate 7513WSMi! 😀
So, I spent some of the time saved on setting a user pic and a few other niceties, but I refrained from doing anything fancy, because I’ve figured out a new sister support strategy that I might blog about later. (It involves a four-hour work-week…)
[For my own reference, I started on the first draft of this post on Januari 14.]
If you want to run a process with root privileges that you can invoke as a less unprivileged user, you can make the program setuid root. This can be very useful, for example, when you want a PHP or CGI script to call a backup process, or to create a new site or irrevocably delete you whole system. The latter example points to a serious security problem: if anyone can figure out a way to make your program do something you don’t want, you’re screwed, because you just gave them root privileges to wreak maximum havoc. That’s why, normally, scripts (anything executed by an interpreter by the kernel because of a shebang) won’t get elevated privileges when you set their setuid bit.
To understand the setuid bit, let’s first see what happens when I try to cat a file that belongs to root:
su - # I am now root; fear me touch no-one-can-touch-me chmod 600 no-one-can-touch-me cat no-one-can-touch-me # cat: Permission denied
Next, I’ll create a shell script that cats the file:
#!/bin/bash
cat no-one-can-touch-me
And make the script setuid root:
su - chown root:root script.sh chmod +xs script.sh
If I now execute the script, I still get the permission denied. What I need to make this work is a wrapper program. For that, I refer to Wiebe’s post about the same subject. (Yeah, I know: why bother publishing this if Wiebe already did an excellent job explaining? Well, I just hate to throw away an otherwise fine draft.)
If you want to execute system commands from something like PHP, you need a SUID executable which you can call from your PHP scripts. This is such a script. It could be extended to support parameters for the commands you want to execute, but that would be an enormous security risk, because then anybody can execute any command. If you need something as flexible as that, you need to think about adding some kind of security restrictions, like a list of allowed commands.
When writing this, it occurred to me how unnecessary this all is. I will explain below. First, I will describe the old way.
Here is the c source code, as written for our backup script, bsbackup.sh:
// Wrapper for the bsbackup.sh shell script, to be able to run it as root when // started from a webserver, for example. Set the resulting executable to SUID // root. #include <stdlib.h> #include <stdio.h> #include <unistd.h> #include <errno.h> #include <error.h> int main(int argc, char *argv[], char *envp[]) { int set_uid_result; int effective_user_id; int execute_script_error; char* script; effective_user_id = geteuid(); // Set real and effective user ID set_uid_result = setreuid(effective_user_id, effective_user_id); if (set_uid_result != 0) { printf("Failed to set user id\n"); return 1; } script = "/usr/local/sbin/bsbackup.sh"; // This does not return on success. execve(script, argv, envp); execute_script_error = errno; // Show a fancy error message. error(execute_script_error, execute_script_error, script); // Shouldn't be necceary, but you never know. return 1; }
To compile:
gcc -o bsbackup bsbackup.c
You can then run this inside PHP:
// The 2>&1 makes all error messages appear on stdout, for easy capturing. passthru('/usr/local/sbin/bsbackup usb_backup 2>&1');
As I said, when writing this, it all became very clear to me that it is quite useless. One can also install sudo, run visudo and put this in (assuming your webserver runs as www-data, like on (Debian and Ubuntu):
www-data ALL = NOPASSWD: /usr/local/sbin/bsbackup.sh
Then in PHP, just run this:
passthru('sudo /usr/local/sbin/bsbackup.sh usb_backup 2>&1');
I haven’t tested whether specifying the parameters after the script in the passthru actually works, but I think so. If not, you can just write a wrapper script around the command you’re going to execute.
See what you like best 🙂
Recent Comments