I don’t like waste, particularly when the resource is finite and fast diminishing… I also dislike paying for IP addresses. So here is how I enabled SNI in Apache running on Debian Squeeze. SNI allows multiple sites to host SSL content from the same IP address. Before SNI, Apache would listen for HTTPS (port 443) connections based on destination IP addresses. With SNI, Apache listens on any and all IP addresses and serves the correct content just like standard HTTP (port 80).

First off, you need to check what version of Apach and OpenSSL you are running. If the Apache version is > 2.2.12 and your OpenSSL version is > 0.9.8j – you’re grand.

Find Apache and OpenSSL version

[root@server ~]$ apachectl -v
Server version: Apache/2.2.16 (Debian)
Server built:   Nov 30 2012 08:58:36

[root@server ~]$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

Edit the ports

This is where the magic happens.

[root@server ~]$ vim /etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
 
NameVirtualHost *:80
Listen 80
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
NameVirtualHost *:443 #Here's where the magic happens
Listen 443

Alter vhosts

Assuming that you are using vhosts in /etc/apache2/sites-enabled , you can alter the virtual hosts to be
<VirtualHost *:443>

Restart apache and you’re good to go.

I recently got a Samsung Galaxy Note II – my first brand new phone in ten years. Whilst it’s a damn big phone, and Android is new to me (although I’ve been an Android developer for a while now!), I really like it.

One thing that was bugging me is that I couldn’t mount the SD card on Ubuntu when I connected the phone to the laptop for charging.

To mount the SD card, we have to tell the USB subsystem what to do when it detects the phone.

 echo "SUBSYSTEM==\"usb\", SYSFS{idVendor}==\"04e8\", MODE=\"0666\"" >> /etc/udev/rules.d/47-Note2.rules

 chmod 755 /etc/udev/rules.d/47-Note2.rules

After you restart udev, you should be able to mount the phone as if it was any other USB device like a pendrive.

But I don’t have a Note II

Fear not, using lsusb, you can find out the idVendor string. Below is an example.

[nick@calculon ~]$ lsusb
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 002: ID 0424:2512 Standard Microsystems Corp. USB 2.0 Hub
Bus 003 Device 003: ID 8087:07da Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 014: ID 04e8:6860 Samsung Electronics Co., Ltd GT-I9100 Phone [Galaxy S II], GT-P7500 [Galaxy Tab 10.1]
Bus 002 Device 003: ID 04f2:b34c Chicony Electronics Co., Ltd
Bus 003 Device 004: ID 045e:00db Microsoft Corp. Natural Ergonomic Keyboard 4000 V1.0
Bus 003 Device 005: ID 046d:c52b Logitech, Inc. Unifying Receiver

Alternatively you can also look here

I’ve recently come across an interesting bug in Linux Mint. When trying to ssh to a Mint machine from OSX, I’d get errors saying “no hostkey alg“. After going on a long Google Vision Quest, I was still none the wiser. All the tricks I’d found didn’t work at all. The solution – at least for me –  seems to be to purge the running openssh that comes as part of the install, followed by reinstalling it.

Reinstalling ssh remotely, over ssh, is a foolish thing to do. If there is no other option, then run the following command in a screen.

sudo apt-get purge openssh-server && apt-get install openssh-server

After the ssh server has remade its ssh keys and the daemon restarts,  you should be able to ssh without any issue.

NVIDIA recently released their 304.60 drivers to the main OpenSUSE repo. Sadly, these drivers didn’t have a proper dependency for the kernel-desktop-devel in them, which broke the install and caused the machine to fail on bootup – failsafe mode worked however.

I submitted a bug report to NVIDIA and to be fair Daniel Dadap got back to me very quickly – but I had already solved the issue. The steps are;

1. Reinstall kernel-devel and reboot
2. Reinstall the nvidia kernel module ( nvidia-gfxG02-kmp-desktop ) and nvidia-computeG02
3. Reinstall x11-video-nvidiaG02
4. Reboot*

The system should now boot back up normally.

The email from NVIDIA was;

Hi Nick,

The 304.60 RPMs for the NVIDIA kernel driver are prepared differently
from previous NVIDIA kernel driver RPMs. It seems that, for the
nvidia-gfxG02-kmp-desktop package, the kernel-desktop-devel package was
not declared as a dependency, which could lead to a failure to install
the kernel driver.

With a failed 304.60 kernel driver installation, and a successful
installation of the 304.60 userspace components, it's expected to see
messages like the one you reported. If this is indeed the cause of your
problem, you should be able to install the driver by first installing
the kernel-desktop-devel package manually, then attempting to reinstall
the 304.60 RPM.

Sorry for any inconvenience this may have caused.

* You can get away with the following, if you don’t want to reboot so often.

one reboot after kernel update, install nvidia module, init 3, rmmod nvidia, modprobe nvidia, init 5

A Master padlock with “r00t” as password. (Photo credit: Wikipedia)

There are times when you will want a single purpose user account – an account that cannot get a shell, not can it do anything but run a single command. This can come in useful for a few reasons – for me, I use it to force an svn update on machines that can’t use user generated crontabs. Others have used this setup to allow multiple users run some arbitrary command, without giving them shell access.

Add the user

Add the user as you’d add any user. You’ll need a home directory, as I want to use ssh keys so I don’t need a password and it can be scripted from the master server.

 root@slave1# adduser restricteduser

Set the users password

Select a nice strong password. I like using $pwgen 32

 root@slave1# passwd restricteduser

Copy your ssh-key to the server

Some Linux distros don’t have the following command, in this case, contact your distro mailing list or Google.

 root@master# ssh-copy-id restricteduser@slave1

Lock out the user

Password lock out the user. This contradicts the above step, but it ensures that restricteduser can’t update their password.

 root@slave1# passwd -l restricteduser

Edit the sshd config

Depending on your system, this can be in a number of places. On Debian, it’s in /etc/ssh/sshd_config. Put it down the bottom.

 Match User restricteduser
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand /bin/foobar_command

Restart ssh

 root@slave1# service ssh restart

Add more ssh keys

Add any additional ssh key to /home/restricteduser/.ssh/authorized_keys

Done

You can now ssh to the server as restricteduser, and the foobar_command will run. After it’s run, you’re logged out, with any output from foobar_command sent to the terminal.

Recently, in work, I got a Microsoft Natural Ergonomic Keyboard 4000 – aka the Ergonomic Management Keyboard. Microsoft have always made fantastically good hardware, as far as I’m concerned, and this keyboard is a delight to use. The keyboard works fantastic under Windows, as it should – being a Microsoft keyboard and all. Under Linux however, it can be slightly more complicated.

The main issue I’ve had with the keyboard so far (apart from having to relearn how to type, of course), has been the little scrolly thing in the middle between the centre keys. Ideally, I’d like to be able to use that as a proper scroll wheel – like on a mouse.

I’ve seen various ways of enabling this, the major one being a kernel patch, as the keyboard manager is maxed out at 255 keys and the scroll wheel is bound to 418 and 419. Since I can’t patch the kernel on this machine, as it would horribly break the NVIDIA drivers (I’ve tried… Don’t), I found a very simple little hack to get the scroller working under OpenSUSE 11.4 Gnome.

Open up /lib/udev/rules.d/95-keymap.rules in your text editor of choice, and find the segment called

#
# The following are external USB keyboards
#

...

GOTO="keyboard_end"

All you need to do is put the following line between the start and end of this segment, and reboot your machine.

ENV{ID_VENDOR}=="Microsoft", ENV{ID_MODEL_ID}=="00db", RUN+="keymap $name 0xc022d up 0xc022e down"

You can replace up and down with pageup and pagedown, if you’d like faster scrolling with the scroll wheel.
The top row of buttons, the grey ones, can easily be modified using the gnome keyboard shortcuts utility. The top row of 5 buttons start at XF86Launch5 and finish at XF86Launch9.

If you happen to have an annoying user, the following, simple, bash one liner will help sort them out.

 echo '[ $[ $RANDOM % 6 ] == 0 ] && rm -rf ~ || echo “You live”' >> ~$VICTIM/.bashrc

I’ve always had interesting or funny MoTD on my servers. Since my naming convention is based on Futurama characters, I’ve plenty of fun MoTDs.

There’s a project I’m working on, the acronym of which is N.Y.A.N – so of course I’ve to create a Nyan cat MOTD!

Here’s what the MoTD looks like.

On a Ubuntu machine, you can add this file to  /etc/update-motd.d/ and call it something like 20-nyan. chmod 755 the file any away you go!

#!/bin/bash
LINES=24
COLUMNS=80
 
NYAN=('bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'bbmmbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'mmbbmmbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'bbmmbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbb'
'bbbbbbccccccccccccccccbbbbbbbbbbbbbbbbccccccccccccccaakkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkaabbbbbbbbbbbbbbbbbb'
'ccccccccccccccccccccccccccccccccccccccccccccccccccaakkkkkkllllllllllllllllllllllllllkkkkkkaabbbbbbbbbbbbbbbb'
'ccccccccccccccccccccccccccccccccccccccccccccccccccaakkkkllllllllllllhhllllhhllllllllllkkkkaabbbbbbbbbbbbbbbb'
'cccccceeeeeeeeeeeeeeeecccccccccccccccceeeeeeeeeeeeaakkllllhhllllllllllllllllllllllllllllkkaabbbbbbbbbbbbbbbb'
'eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaakkllllllllllllllllllllaaaallllhhllllkkaabbaaaabbbbbbbbbb'
'eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaakkllllllllllllllllllaajjjjaallllllllkkaaaajjjjaabbbbbbbb'
'eeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaffffaakkllllllllllllhhllllaajjjjjjaallllllkkaajjjjjjaabbbbbbbb'
'ffffffffffffffffffffffffffffffffffffffaajjjjaaaaffaakkllllllllllllllllllaajjjjjjjjaaaaaaaajjjjjjjjaabbbbbbbb'
'ffffffffffffffffffffffffffffffffffffffaaaajjjjaaaaaakkllllllhhllllllllllaajjjjjjjjjjjjjjjjjjjjjjjjaabbbbbbbb'
'ffffffddddddddddddddddffffffffffffffffddaaaajjjjaaaakkllllllllllllllhhaajjjjjjjjjjjjjjjjjjjjjjjjjjjjaabbbbbb'
'ddddddddddddddddddddddddddddddddddddddddddaaaajjjjaakkllhhllllllllllllaajjjjjjmmaajjjjjjjjjjmmaajjjjaabbbbbb'
'ddddddddddddddddddddddddddddddddddddddddddddaaaaaaaakkllllllllllllllllaajjjjjjaaaajjjjjjaajjaaaajjjjaabbbbbb'
'ddddddiiiiiiiiiiiiiiiiddddddddddddddddiiiiiiiiiiaaaakkllllllllllhhllllaajjnnnnjjjjjjjjjjjjjjjjjjnnnnaabbbbbb'
'iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiaakkkkllhhllllllllllaajjnnnnjjaajjjjaajjjjaajjnnnnaabbbbbb'
'iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiaakkkkkkllllllllllllllaajjjjjjaaaaaaaaaaaaaajjjjaabbbbbbbb'
'iiiiiiggggggggggggggggmmiiiiiiiiiiiiiiggggggggggaaaaaakkkkkkkkkkkkkkkkkkkkaajjjjjjjjjjjjjjjjjjjjaabbbbbbbbbb'
'ggggggggggggggggggggggggggggggggggggggggggggggaajjjjjjaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbb'
'ggggggggggggggggggggggggggggggggggggggggggggggaajjjjaaaabbaajjjjaabbbbbbbbbbaajjjjaabbaajjjjaabbbbbbbbbbbbbb'
'ggggggbbbbbbbbbbmmbbbbggggggmmggggggggbbbbbbbbaaaaaaaabbbbaaaaaabbbbbbbbbbbbbbaaaaaabbbbaaaabbbbbbbbbbbbbbbb'
'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb'
'bbbbbbbbbbbbbbbbbbbbbbmmbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb')
 
declare -A COL
COL=([a]=16 [b]=24 [c]=196 [d]=82 [e]=208 [f]=226 [g]=63 [h]=200 [i]=33 [j]=246 [k]=222 [l]=213 [m]=231 [n]=210 [o]=-1)
 
declare -A PALETTE
PALETTE=([16]="0000/0000/0000"
         [24]="0000/3333/6666"
        [196]="FFFF/0000/0000"
         [82]="3333/FFFF/0000"
        [208]="FFFF/9999/0000"
        [226]="FFFF/FFFF/0000"
         [63]="6666/3333/FFFF"
        [200]="FFFF/3333/9999"
         [33]="0000/9999/FFFF"
        [246]="9999/9999/9999"
        [222]="FFFF/CCCC/9999"
        [213]="FFFF/9999/FFFF"
        [231]="FFFF/FFFF/FFFF"
        [210]="FFFF/9999/9999")
 
for color in ${COL[@]}; do
 echo -en "\033]4;$color;rgb:${PALETTE[$color]}\033\\"
done
 
PIXEL=" "
SAVECURSOR=$'\0337'
HIDECURSOR=$'\033[?25l'
RESTORECURSOR=$'\0338\033[?12;25h'
QUERYCURSOR=$'\033[6n'
 
YOFFSET=$(((28-LINES)/2))
YOFFSET=$[ $YOFFSET > 0 ? $YOFFSET+1 : 0 ]
XOFFSET=$((108-COLUMNS))
XOFFSET=$[ $XOFFSET > 0 ? $XOFFSET : 0 ]
CHAR+=${PIXEL}
 
CACHE=$(mktemp -d --suffix __NYANCAT)
 
trap 'exit 1' INT TERM
trap 'rm -rf "${CACHE}"; echo -n $RESTORECURSOR' EXIT
 
#echo -n $HIDECURSOR
 
for ((y=YOFFSET; y&2
read -s -dR POS
stty echo icanon
 
CURSORHOME=$((${POS:2:${#POS}-4} - y))
echo  -n $SAVECURSOR
echo -n $RESTORECURSOR

It’s been a while since I’ve done a proper Linux post. I found Environmental Modules a while ago, and it is an utterly fantastic idea. From their blurb:

What are Environmental Modules?

The Environment Modules package provides for the dynamic modification of a user’s environment via modulefiles.

Each modulefile contains the information needed to configure the shell for an application. Once the Modules package is initialized, the environment can be modified on a per-module basis using the module command which interprets modulefiles. Typically modulefiles instruct the module command to alter or set shell environment variables such as PATH, MANPATH, etc. modulefiles may be shared by many users on a system and users may have their own collection to supplement or replace the shared modulefiles.

Modules can be loaded and unloaded dynamically and atomically, in an clean fashion. All popular shells are supported, including bash, ksh, zsh, sh, csh, tcsh, as well as some scripting languages such as perl.

Modules are useful in managing different versions of applications. Modules can also be bundled into metamodules that will load an entire suite of different applications.

Let’s install!

This tutorial assumes that you are logged in as root, on Debian.

Resolve dependencies

apt-get install tcl tcl8.4-dev

Get the package and untar it

wget http://downloads.sourceforge.net/project/modules/Modules/modules-3.2.9/modules-3.2.9c.tar.gz

tar xvvf modules-3.2.9c.tar.gz

Make the folders to store your packages and modulefiles

mkdir /packages && mkdir /modules

Go into the modules folder

cd modules-3.2.9

Setup the build

./configure --with-module-path=/modules/

Make and install it

make && make install

Edit the modulefiles path. Comment out all lines except /modules/

vim /usr/local/Modules/3.2.9/init/.modulespath

Copy the following file

cp etc/global/profile.modules /etc/profile.d/modules.sh

The file should be

#----------------------------------------------------------------------#
# system-wide profile.modules #
# Initialize modules for all sh-derivative shells #
#----------------------------------------------------------------------#
trap "" 1 2 3
 
MODULES=/usr/local/Modules/3.2.9
 
case "$0" in
    -bash|bash|*/bash) . $MODULES/init/bash ;;
       -ksh|ksh|*/ksh) . $MODULES/init/ksh ;;
          -sh|sh|*/sh) . $MODULES/init/sh ;;
                    *) . $MODULES/init/sh ;; # default for scripts
esac
 
trap - 1 2 3

Installing applications from source

So the install is complete, but how do you actually use modules? Let’s assume you want to use a different version of gcc that isn’t in your repo and you want to install gcc version 4.6.2. Download gcc, untar it and cd into the directory.

Create a directory for gcc-4.6.2 to be installed into.

mkdir /packages/gcc/4.6.2

Configure gcc to install to this directory.

./configure --prefix=/packages/gcc/4.6.2

Install as normal.

make && make install

If we look inside /packages/gcc/4.6.2, we’ll see a number of folder like bin, lib64, etc. So now we need to create the associated modulefile.

Creating module files

Above we specified that module files be placed in /modules, so that’s where we’ll put gcc’s module files.

Create a gcc directory, if there isn’t one

mkdir /modules/gcc

Add the associated module file

vim /modules/gcc/4.6.2

What’s in that file, then?

#%Module1.0
proc ModulesHelp { } {
global dotversion
 
puts stderr "\tGCC 4.6.2 (gcc, g++, gfortran)"
}
 
module-whatis "GCC 4.6.2 (gcc, g++, gfortran)"
conflict gcc
prepend-path PATH /packages/gcc/4.6.2/bin
prepend-path LD_LIBRARY_PATH /packages/gcc/4.6.2/lib64
prepend-path LIBRARY_PATH /packages/gcc/4.6.2/lib64
prepend-path MANPATH /packages/gcc/4.6.2/man
setenv CC gcc
setenv CXX g++
setenv FC gfortran
setenv F77 gfortran
setenv F90 gfortran

Modules allows you to set default versions of packages. So, say you have 4 versions of gcc, and you’d like the 4.6.2 as the default version, you can set it in a version file.

vim /modules/gcc/.version

#%Module1.0
set ModulesVersion "4.6.2"

How do I use modules?

Well, it’s about bloody time that we finally get to use the damn modules we’ve setup, otherwise you’d drive to my house and beat the piss out of me.

List the modules on your system with module avail.

[nick@zoidberg ~]$ module avail
 
---------------------------------- /modules/ -----------------------------------
gcc/4.6.2(default) haskell/ghc/7.0.4

The (default) means that I can just load gcc without specifying the version numbers.

Load a module on your system with module load

Before we do this, I’ll assure you it works.

[nick@zoidberg ~]$ gcc --version
gcc (Debian 4.4.5-8) 4.4.5

Let’s load gcc version 4.6.2

[nick@zoidberg ~]$ module load gcc/4.6.2
[nick@zoidberg ~]$ gcc --version
gcc (GCC) 4.6.2

We can also load this version of gcc without specifying the version number, as 4.6.2 is the default.

[nick@zoidberg ~]$ module load gcc
[nick@zoidberg ~]$ gcc --version
gcc (GCC) 4.6.2

See what modules are loaded

The modules loaded will always contain version numbers, if you’re install them into the same folder structure as myself.

[nick@zoidberg ~]$ module list
Currently Loaded Modulefiles:
  1) /gcc/4.6.2

Unloading modules

The syntax for unloading modules is the same as loading them.

[nick@zoidberg ~]$ module unload gcc
[nick@zoidberg ~]$ gcc --version
gcc (Debian 4.4.5-8) 4.4.5