Home

Marching onward.

Leave a comment

Chit chat

======

Alas poor Nslu2, I knew you well.

Basic commonly known as Basic all-purpose instruction code is also known as BASIC – “Briskly Achieve Solutions Impossible in C”.

Cunningham’s Law states “the best way to get the right answer on the Internet is not to ask a question, it’s to post the wrong answer.”

may-the-fourth-4th-be-with-you-memes-gifs-star-wars-day-18

——————————————————

Just some notes to myself.

Add to Path

export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/$USER/bc:/home/$USER/bin

Alternative ping command

fping -q -a -c 1 -g 192.168.1.0/24

List files in latest files last in in single lines

ls -rtl

Edit the score of Gnome mines,

cd /var/games
sudo vim gnomine.Small.scores

Moving like files to same directory. i,e, html and support folder.

mkdir html/js ; mv JavaScr* html/js/

Count files in a directory

ls -1 | wc -l

This did not work at all

wget -r -e robot.txt=off username.wordpress.com

——————————————————

Downloaded all the pdf files from my instructables site for use on a local server. Found a manual method that was not too cumbersome. The I used the following batch file to automatically create the html for the file listing.

ls *.pdf > pdflist
cut -d "." -f1 pdflist > descripts
sed -i -e 's/^/<a href=\"/' pdflist
sed -i 's/$/\"\>/' pdflist
paste -d "" pdflist descripts > pdflist.html
sed -i 's/$/\<\/a\>\<br \/\>/' pdflist.html
echo "<html>" > index.html
echo "<body>" >> index.html
echo "<h2><center>PDF list</center></h2>" >> index.html
echo "<hr>" >> index.html
cat pdflist.html >> index.html
echo "</body>" >> index.html
echo "</html>" >> index.html

Screenshot from 2015-05-01 07:52:14

 

Decided to add some alphabetic tags:

<pre>
<a href="#a">A</a>
<p><a name="a">A</a></p>
</pre>

Screenshot from 2015-05-02 17:56:56
------------------------------------------------------

Update to radio.sh script

Update:  Shoutcast stations work also.

Go to http://www.xatworld.com/radio-search/

One example:

mplayer http://108.61.73.120:8118

Screenshot from 2015-05-02 17:14:13

Screenshot from 2015-05-02 17:09:13

——————————————————

For almost two years, or since Ubuntu 12.04 was released, there has been a steady stream of posts about PAE and related problems. 12.04 was the first Ubuntu for which a special non-PAE version wasn’t available. X/Lubuntu carried on supporting non-PAE processors for one release more, making 12.10 their first PAE-only release.Several workarounds have been published which enabled the affected hardware (the Banias part of the Pentium M family) to run the latest Buntus.From 14.04 the boot option forcepae has been added, which eliminates the need for these workarounds. More here.I suggest that when people encounter a PAE related question they spread the word and point to Lubuntu 14.04 and the boot option, provided that the person asking is willing to run a beta version, of course. We will try this option with a P I.

——————————————————

Use any of this information at you own risk.

Basics

The essence of security is simplicity, and when it comes to workstation or small-office Linux firewalls I have always been a fan of direct iptables use over some of the more popular alternatives ([g]ufw, fwbuilder). While they may be easier to use, they also hide a lot of the details. Especially when you are starting to learn about firewalls and network security, I believe you are better served using customizable firewall scripts like the two I detail below. When you get comfortable with iptables and networking concepts, then you can look to some of the other solutions. At that point, you’ll fully understand what they are doing under the hood.
Iptables Scripts

The first aptly-named shell script, ‘firewall.sh’, is meant to protect a SOHO (Small Office / Home Office) or home office network behind a dual-homed (two interface) firewall. It doesn’t support DMZ hosts, but does support the most common scenario of SOHO or home firewalls doing double-duty as SSH or web servers. It features forwarding, NAT (network address translation), syn-flood protection and rate-limiting for log entries.

The next script, ‘bastion-host.sh’, is much simpler, and is meant to be used on any host directly connected to the Internet, like a home workstation or laptop. It drops all inbound connections by default. Both scripts are well-commented, with any variables and each section explained. You can download the scripts here:

Dual-homed Linux firewall script
Singly-homed Linux firewall script (bastion host)  

Startup Options The way I like to use these scripts on a Debian or Ubuntu system (see below for an alternative if you use network manager) is very simple and is as follows:

First, put your chosen script in /usr/local/sbin, and make it owned by root with permissions 0700.

 

$ sudo cp ./firewall.sh /usr/local/sbin; chown root.root /usr/local/sbin/firewall.sh; chmod 0700 /usr/local/sbin/firewall.sh

Edit /etc/network/interfaces, and add the following line to the interface stanza of your external interface (usually eth0):

 

pre-up /usr/local/sbin/firewall.sh

So the stanza for your external interface will probably look something like this when you are done:

 

interface eth0 inet dhcp 

pre-up /usr/local/sbin/bastion-host.sh 

or

 

interface eth0 inet static 

address 10.1.1.254 

netmask 255.255.255.0 

gateway 10.1.1.1 

pre-up /usr/local/sbin/firewall.sh

On desktop systems where you are using the network manager application, or on Red Hat, CentOS or Fedora systems, you can put scripts like this in /etc/rc.local (On Red Hat systems the comments and touch command are there already by default): #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don’t # want to do the full Sys V style init stuff.

 

# touch /var/lock/subsys/local /usr/local/sbin/firewall.sh

Just make sure that if you use this method on Red Hat based systems, you stop the default iptables firewall:

 

# /etc/init.d/iptables stop chkconfig –level 2345 iptables off

If you would rather integrate your firewall into the Red Hat startup scripts, run the firewall script of your choice directly. Then save the rules so they will be read by the

 

# iptables init script: /usr/local/sbin/firewall.sh iptables-save > /etc/sysconfig/iptables service iptables restart

You would then need to do this every time you made a firewall script change.

Testing

When you make changes to the script, just run it again directly and check the firewall status (see below). There are times when an erroneous change will lock you or a network client out of your server. If you have direct access to the host, you can correct any errors that occur immediately from the console. If you are making firewall changes over an SSH session, rename the firewall script first, and make changes on the copy, so that you can just reboot the box as a last resort to get a known-good configuration. Some hosting providers also provide a remote console that is ideal for fixing mistakes.

Monitoring Firewall Status

You can view the currently loaded ruleset as follows:

 

# iptables -L -nvx iptables -t nat -L -nvx

The -nvx options give you the most detail possible – showing IP addresses instead of hostnames and full packet counts. This comes in handy if you want to see how often a rule is being hit, or if some rules never get hit. The option -t nat shows just the rules in the NAT table.

One final note, there is an ip6tables command that is the analogue of iptables for IPv6, and can be used independently of and alongside it.

Webmin

Use webmin to set up and administer  your firewall rules remotely.

Older script:

# Red Hat Linux firewall using iptables
#
# Created: October 2002
# Last Revised: August 2006
#
# Authors: Dennis G. Allard (allard@oceanpark.com) and Don Cohen (don@isis.cs3-inc.com)
#
# This script works on on servers running Red Hat 7.3, 8.0, 9.0, and
# RHEL ES 3 and 4.  Variants of this script are in active use on
# many servers.
#
# No warranty is implied.  Use at your own risk!!

# Using this script
# —————–
#
# I save this file as /etc/sysconfig/iptables-precursor
# and then source it and run iptables-save to create
# /etc/sysconfig/iptables, which is an input file
# consumed by the script /etc/rc.d/init.d/iptables,
# which in turn makes use of the script /sbin/iptables-restore.
#
# Before mucking with setting up iptables, you should
# disconnect the machine from the internet.  Examine
# and understand the current set of iptables rules
# before you reconnect to the internet.
#
# To configure the set of iptables rules:
#
#   /etc/rc.d/init.d/iptables stop
#   source /etc/sysconfig/iptables-precursor
#
# To save the current set of iptables rules for use at next reboot:
#
#   iptables-save > /etc/sysconfig/iptables
#
# To dynamically restart iptables after modifying /etc/sysconfig/iptables:
#
#   /etc/rc.d/init.d/iptables restart
#
# Note that /etc/rc.d/init.d/iptables is a script.  You can read it to
# gain understanding of how iptables uses iptables-restore to restore
# iptables firewall rules at reboot.
#
# To examine the current set of rules in effect:
#
#   /etc/rc.d/init.d/iptables status
#
# However, I prefer to show the current set of rules via:
#
#   iptables -nvL -t filter
#   iptables -nvL -t nat
#
# or
#
#   iptables -vL -t filter
#   iptables -vL -t nat
#
#
# To configure iptables to be used at next system reboot:
#
#   chkconfig –add iptables
#
# To see if iptables is currently configured to start at boot, do:
#
#   chkconfig –list iptables
#
# (You might have to do chkconfig –del ipchains to remove ipchains)
#
# The rest of this file is derived from my old ipchains script.
#

# A word about routing
# ——————–
#
# Note that this web page does not discuss routing decisions.  Routing
# (see the ‘ifconfig’ and ‘route’ commands) decides which interface an
# incoming packet will be delivered to, i.e. if a given packet will be
# ‘input’ to this machine or be ‘forwarded’ to some interface for
# delivery to another machine, say on an internal network.  You should
# have your routing configured before you attempt to configure your
# firewall.
#
# Caveat.  DNAT and SNAT provide a way for the IPTABLES firewall to modify the
# Destination or Source IP addresses of a packet and, in this way, interact
# with routing decisions.  See section below: ‘More about NAT and routing’.
#

# The network
# ———–
#
# This firewall is running on a gateway machine having multiple ethernet
# interfaces, a public one, eth0, which is a DSL connection to an ISP,
# and one or more internal ones, including eth1, which is assigned to
# 192.168.0.1, an IP number on my internal private network.  My public
# network has static IP numbers depicted below as x.y.z….  Actual
# IP numbers would, of course, be a sequence of four octets.  For this
# script, I assume that the firewall is running on the same machine
# having the interfaces configued with my public IPs.  For this reason,
# most of the rules below are INPUT rules.  Were I to route some of my public
# static IP numbers to interfaces on one or more machines inside the
# firewall on the internal network, I would modify certain rules to be
# FORWARD rules instead of INPUT rules.  I show some examples below of
# FORWARD rules.  Finally, the script is just for a single server IP,
# hence all of the “/32″ network masks below.  A more realistic situation
# would involve using IP ranges and their corresponding network masks.
#
# The gateway at my ISP is x.y.z.1.  I run a few web servers on
# x.y.z.w, a DNS server on x.y.z.n, and qmail on x.y.z.m.
#
# Using this file in a more complex network would require some
# modifications. Particular attention would need to be given to using
# the right the IP numbers and interfaces, among other things. :-)
#

# Preliminaries
# ————-
#
# To permit machines internal to the network to be able to
# send IP packets to the outside world, enable IP Forwarding:
#
#   echo 1 > /proc/sys/net/ipv4/ip_forward
#
# Prevent SYN floods from consuming memory resources:
#
#   echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#
# I place the above echo commands into /etc/rc.d/rc.local
# so that they will be executed at boot time.
#

# The basic idea of this firewall
# ——————————-
#
# Provide rules that are applied in the following order:
#
# ACCEPT all UDP packets for certain UDP services
#
# Currently the only UDP connections I accept are to my secure DNS
# server, tinydns. For an explanation of why tinydns is secure, see:
# http://www.faqts.com/knowledge_base/view.phtml/aid/8739/fid/699.
#
# DENY all other UDP packets.
#
# ACCEPT SYN packets just for certain TCP services
#
# SYN packets are specified via the -syn flag in the input
# rules defined below.  Note that certain services can be
# further filtered by xinetd.
#
# DENY all other TCP SYN packets.
#
# ACCEPT all other TCP packets that are part of existing connections
#
# DENY all other TCP packets.
#
# In other words, we allow any TCP packet through that is part of an
# established TCP connection, but we are very selective in just which
# connections we permit to be made to start off with.
#
# A brief explanation of SYN packets goes as follows.  TCP connections
# are initiated via a hand shaking protocol between the client and server
# programs at either end of the connection.  The very first TCP packet
# is sent by the client to the server and is called a SYN packet,
# because it has the SYN flag set to 1 in the TCP packet header.  We
# only allow SYN packets for the specific servers running on specific
# ports of specific hosts.  Subsequently, we only permit further TCP
# packets in that are determined to be part of a connection whose
# initial SYN packet was already accepted and responded to by one of our
# servers.  This is done via ‘Stateful Packet Inspection’ provided by the
# netfilter functionality added to linux as of kernel 2.4.  By stopping all
# other packets in their tracks, we limit attempts to attack our internal
# network.
#
# There are subtle ways that Denial of Service attacks can be performed
# if an attacker is able to somehow gain access to a machine inside our
# network or otherwise hijack a connection.  However, even in such
# cases, current research is leading to ways to greatly limit the effect
# of such attacks. For further reading, see: http://www.cs3-inc.com/ddos.html.
#
# For detailed background reading about iptables, please refer to:
# http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html
#

# begin oceanpark.com firewall rules (using iptables)
# —————————————————

# Here we go…

#
# Configure default policies (-P), meaning default rule to apply if no
# more specific rule below is applicable.  These rules apply if a more specific rule below
# is not applicable.  Defaults are to DROP anything sent to firewall or internal
# network, permit anything going out.
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#
# Flush (-F) all specific rules
#
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t nat

# The rest of this file contains specific rules that are applied in the order
# listed.  If none applies, then the above policy rules are used.

#
# Forward all packets from eth1 (internal network) to eth0 (the internet).
#
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

#
# Forward packets that are part of existing and related connections from eth0 to eth1.
#
iptables -A FORWARD -i eth0 -o eth1 -m state –state ESTABLISHED,RELATED -j ACCEPT

#
# Permit packets in to firewall itself that are part of existing and related connections.
#
iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

# Note, in the above two rules, a connection becomes ESTABLISHED in the
# iptables PREROUTING chain upon receipt of a SYNACK packet that is a
# response to a previously sent SYN packet. The SYNACK packet itself is
# considered to be part of the established connection, so no special
# rule is needed to allow the SYNACK packet itself.

#
# Allow all inputs to firewall from the internal network and local interfaces
#
iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT
iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT

#
# Enable SNAT functionality on eth0
#
# SNAT (Source NAT) is used to map private source IP numbers of
# interfaces on the internal LAN to one of my public static IP numbers.
# SNAT performs this mapping when a client running on one of the
# internal hosts (x.y.z.c) initiates a TCP connection (SYN) through
# eth0.
#
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT –to-source x.y.z.c

#
# Alternative to SNAT — MASQUERADE
#
# If your firewall has a dynamic IP number because it connects to the
# internet itself via DHCP, then you probably cannot predict what the IP
# number is of your firewall’s interface connected to the internet. In
# this case, you need a rule like the following that assigns the (an) IP
# number associated with eth0 to outgoing connections without you needing
# to know in advance (at time of writing this rule) what that IP number is:
#
# iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
#
# Note that the above SNAT and MASQUERADE rules are applicable
# independent of how a host on the internal network is assigned its own
# internal IP number.  The host could be assigned a static IP number on
# an internal nonpublic network (e.g. 10. or 192.168.)  or it could be
# itself assigned a dynamic IP number from your own DHCP server running
# on the firewall, or it could even have a public static IP number.
# However, it seems unlikely that one would want to assign a public IP
# number to a host and then proceed to hide that number from the public.
#

#
# Deny any packet coming in on the public internet interface eth0
# which has a spoofed source address from our local networks:
#
iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

#
# Accept all tcp SYN packets for protocols SMTP, HTTP, HTTPS, and SSH:
# (SMTP connections are further audited by our SMTP server)
#
iptables -A INPUT -p tcp -s 0/0 -d x.y.z.m/32 –destination-port 25 –syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 80 –syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 443 –syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 22 –syn -j ACCEPT

#
# Notice that the above rules are all INPUT rules.  My current network
# does not require me to make use of FORWARD rules, since I run all
# publicly accessible servers directly on my firewall machine.  But I
# promised above in the description of my network to give examples of
# rules used when there are servers running on machines on the internal
# network.  Following are examples of FORWARD rules I would use if I ran
# mail, web, and ssh servers on machines on the internal network inside
# the firewall.
#
# iptables -A FORWARD -p tcp -s 0/0 -d x.y.z.m/32 –destination-port 25 –syn -j ACCEPT
# iptables -A FORWARD -p tcp -s 0/0 -d x.y.z.w/32 –destination-port 80 –syn -j ACCEPT
# iptables -A FORWARD -p tcp -s 0/0 -d x.y.z.w/32 –destination-port 443 –syn -j ACCEPT
# iptables -A FORWARD -p tcp -s 0/0 -d 0/0 –destination-port 22 –syn -j ACCEPT
#
#
# The first three of the above four rules would be used if my routing
# delivered packets having destination IP x.y.z.m, port 25, or IP
# x.y.z.w, port 80 or 443, to an interface connected to my internal
# network (i.e. the packet was being FORWARDed). The fourth of the above
# four rules is similar but operates on any destination IP, port 22.
#
# The difference between an INPUT rule and a FORWARD rule is that an
# INPUT rule applies to packets that are ‘input’ to this machine (the
# machine on which these iptables firewall rules are installed), whereas
# a FORWARD rule applies to packets that are being ‘fowarded’, i.e. to
# packets that are passing through this machine to some other machine,
# such as a machine on my internal network.
#
# If I ran my mail server on an internal machine, I would no longer
# need my previous INPUT rule for x.y.z.m and would use the above
# FORWARD rule instead.
#

#
# Begin Caveat, More about NAT and routing
#
# The above talk of routing is independent of the rules defined here.
# I.e., routing is determined by ifconfig, route, et. al.  I have not
# yet seen any very good explanation of how to setup the static routing
# table (what you see as output from the `route` command).  I will not
# attempt to remedy that lacuna at this time.  If you know of some
# good documenation that completely and accurately explains the
# semantics of the ifconfig and route commands, i.e., explains what
# affect each has such that I can reliably predict what the output
# of `route` will be after executing a sequence of ifconfig and
# route commands, then please do let me know.
#
# What *can* be done by IPTABLES rules that has the ‘feel’ of routing is
# DNAT (Destintion NAT) and SNAT (Source NAT).  DNAT and SNAT rules are,
# respectively, mechnisms to map the incoming destination IP number and
# outgoing source IP number to different IP numbers.  For example, SNAT
# can be used to map an internal source IP number to any one of your
# external public IP numbers so that a workstation on your internal
# network will appear to servers on the internet to which it connects to
# have a source IP number equal to the mapped public IP number.
#
# DNAT goes the other way. It is a mechanism used typically to map
# public destination IP numbers to internal private IP numbers.  (In
# fact, DNAT could also map public to public or private to private or
# private to public, but that is left as an exercise for the reader).
# So, for example, if you run a mail server on a machine configured with
# an internal IP number but wish to expose that service to the external
# world via a public IP number, DNAT is for you.
#
# Now, DNAT and SNAT are *not* routing but can *interact* with routing.
# Routing decides whether a packet is going to be INPUT to this machine
# or be FORWARDed to another machine.  That decision is done by routing.
# Once that decision is made, and only then, are the IPTABLES filtering
# rules (FORWARD and INPUT rules) applied to a given packet.  On the
# other hand DNAT is applied by a PREROUTING rule and SNAT by a POSTROUTING
# rule.  It is now time for you to read the following Packet Filtering
# HOWTO section:
#
# http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-9.html
#
# which states:
#
#     It’s common to want to do Network Address Translation (see the
#     NAT HOWTO) and packet filtering. The good news is that they mix
#     extremely well.  [editor- The NAT HOWTO can be found at:
#     http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html%5D
#
#     You design your packet filtering completely *ignoring* any NAT you
#     are doing. The sources and destinations seen by the packet filter
#     will be the `real’ sources and destinations. For example, if you
#     are doing DNAT to send any connections to 1.2.3.4 port 80 through
#     to 10.1.1.1 port 8080, the packet filter would see packets going
#     to 10.1.1.1 port 8080 (the real destination), not 1.2.3.4 port 80.
#     Similarly, you can ignore masquerading: packets will seem to come
#     from their real internal IP addresses (say 10.1.1.1), and replies
#     will seem to go back there.
#
#
# Hence, INPUT/FORWARD rules would operate on destination IP numbers
# *after* a DNAT rule is applied.  But if you don’t have any DNAT rules,
# then INPUT/FORWARD would apply to the IP numbers as they are in the
# incoming packet.
#
# INPUT or FORWARD would be needed purely depending on whether your
# routing would cause the packet to stay on the machine where the
# firewall is installed or be forwarded to another machine.  THAT
# decision is done by routing and *not* by DNAT or SNAT or anything
# else in this firewall script.
#
# It is perfectly possible for the machine having the firewall to have
# both public and internal IPs configured and/or for some packets to be
# INPUT and others to be FORWARDed.
#
# DNAT is done by a PREROUTING rule, so you should think of things as
# proceeding in the following order:
#
#     1.  apply PREROUTING DNAT rules (if any) to map destination IP
#     2.  apply routing decisions (see ifconfig et. al.)
#     3a. apply INPUT rules to packets having a destination IP on this machine
#     3b. apply FORWARD rules to packets having a destination IP elsewhere
#     4.  apply POSTROUTING SNAT rules (if any) to map source IP
#
# (3a and 3b can be done in either order since they apply to a mutually
# exclusive set of packets)
#
# I *think* that’s correct.
#
# End Caveat, More about NAT and routing
#

#
# Sometimes I run older versions of SSH on port 2200:
#
iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 2200 –syn -j ACCEPT

#
# For imapd via stunnel (instead of xinetd-based imapd):
#
iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 993 –syn -j ACCEPT

#
# For xinetd-based IMAP server (see /etc/xinetd.conf for who can use it):
#
#iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 143 –syn -j ACCEPT

#
# For DHCP server:
#
iptables -A INPUT -i eth1 -p tcp –sport 68 –dport 67 -j ACCEPT
iptables -A INPUT -i eth1 -p udp –sport 68 –dport 67 -j ACCEPT

#
# For LDAP clients:
#
#iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 389 -syn -j ACCEPT
#dga- worry about LDAP later (after I decode LDAP documentation (-;)

#
# DNS queries:
#
# Permit responses from our ISP’s DNS server.  When a client running on our
# host makes a DNS query, the outgoing query is allowed since we permit all
# outgoing packets.  The reply will be a UDP connection back to the high
# numbered client port from which the query was made.  So we only need to
# permit UDP packets from our ISP’s DNS servers back to high numbered ports:
#
#iptables -A INPUT -p udp -s <ISP DNS server IP>/32 –source-port 53 -d 0/0 –destination-port 1024:65535 -j ACCEPT
#
# But since we trust our ISP DNS Server not not have been hacked and we may
# not be sure what our client IP range is, we loosen this to:
#
iptables -A INPUT -p udp -s <ISP DNS server IP>/32 –source-port 53 -d 0/0 -j ACCEPT

#
# Running a caching DNS Server
#
# We need to permit querying a remote DNS server.  Since I am running
# a caching DNS server on x.y.z.d that makes requests for DNS lookups
# to external DNS servers, those servers send back responses via UDP to
# the high numbered client port on x.y.z.d where the caching server listens.
# I could of course increase security by running the dns cache on its own
# machine/IP and restricting to just that machine/IP.
#
iptables -A INPUT -p udp -s 0/0 –source-port 53 -d x.y.z.d/32 –destination-port 1024:65535 -j ACCEPT

#
# Running a DNS server (tinydns)
#
# When we run a DNS server, we have to accept UDP from anywhere to port 53
#
iptables -A INPUT -p udp -s 0/0 -d 0/0 –destination-port 53 -j ACCEPT

#
# Running a Master DNS Server to update slave DNS servers
#
# You may have your server colocated at an ISP and may arrange to have your
# ISP provide your primary and secondary DNS with the ISP DNS servers slaving
# off of your master DNS server.  This has the advantage of letting you be
# in full control of the DNS zone files yet keeping the DNS servers exposed
# to the public outside of your network.  To achieve this, in addition to
# permitting vanilla DNS responses from the ISP DNS serves, you also need
# to allow TCP connections from the ISP Master DNS Server:
#
# Allow DNS zone transfers via TCP from ISP Master DNS server:
#
# iptables -A INPUT -p tcp -s <ISP Master DNS server IP>/32 -d 0/0 –destination-port 53 –syn -j ACCEPT

#
# For some other custom server running here listening on port <port number>:
#
iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port <port number> –syn -j ACCEPT

#
# For FTP server, restricted to specific local hosts (and see /etc/xinetd.conf):
# (for public file transfers we use scp, sftp, and related SSH file transfer tools)
#
iptables -A INPUT -p tcp -s x.y.z.s/32 -d 0/0 –destination-port 20 –syn -j ACCEPT
iptables -A INPUT -p tcp -s x.y.z.s/32 -d 0/0 –destination-port 21 –syn -j ACCEPT
iptables -A INPUT -p tcp -s 127.0.0.1/8 -d 0/0 –destination-port 20 –syn -j ACCEPT
iptables -A INPUT -p tcp -s 127.0.0.1/8 -d 0/0 –destination-port 21 –syn -j ACCEPT

#
# For Samba (smbd and nmbd), restricted to specific local client hosts (x.y.z.c):
#
iptables -A INPUT -p tcp -s x.y.z.c/32 -d x.y.z.s/32 –destination-port 139 –syn -j ACCEPT
iptables -A INPUT -p udp -s x.y.z.c/32 -d x.y.z.s/32 –destination-port 137 -j ACCEPT

#
#Special cable modem rules.  I used to have a third ethernet card,
#eth2, attached to a separate ISP via a cable modem and used the rules
#shown below to cause a specific Windows machine on my internal network
#(192.168.0.128) to send traffic out via DSL and get it back via cable.
#This violates ingres filtering rules but seems to work.  It was neat
#since my cable modem had higher inbound bandwidth and it permitted
#me to do downloads without impacting my DSL inbound bandwidth.
#I no longer have that third interface, so no longer use this technique.
#
#iptables -A INPUT -i eth2 -s 68.65.209.39/32 -j DROP
#iptables -A INPUT -i eth2 -s 127.0.0.0/8 -j DROP
#iptables -t nat -A POSTROUTING -s 192.168.0.128/32 -d 0/0 -j SNAT –to-source 68.65.209.39

#
# Finally, DENY all connection requests to any UDP port not yet provided
# for and all SYN connection requests to any TCP port not yet provided
# for.  Using DENY instead of REJECT means that no ‘ICMP port
# unreachable’ response is sent back to the client attempting to
# connect.  I.e., DENY just ignores connection attempts.  Hence, use of
# DENY causes UDP connection requests to time out and TCP connection
# requests to hang.  Hence, using DENY instead of REJECT may have
# the effect of frustrating attackers due to increasing the amount of
# time taken to probe ports.
#
# Note that there is a fundamental difference between UDP and TCP
# protocols.  With UDP, there is no ‘successful connection’ response.
# With TCP, there is.  So an attacking client will be left in the dark
# about whether or not the denied UDP packets arrived and will hang
# waiting for a response from denied TCP ports.  An attacker will not
# be able to immediately tell if UDP connection requests are simply
# taking a long time, if there is a problem with connectivity between
# the attacking client and the server, or if the packets are being
# ignored.  This increases the amount of time it takes for an attacker
# to scan all UDP ports.  Similarly, TCP connection requests to denied
# ports will hang for a long time.  By using REJECT instead of DENY, you
# would prevent access to a port in a more ‘polite’ manner, but give out
# more information to wannabe attackers, since the attacker can positively
# detect that a port is not accessible in a small amount of time from
# the ‘ICMP port unreachable’ response.

iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP
iptables -A INPUT -s 0/0 -d 0/0 -p tcp –syn -j DROP

# end oceanpark.com firewall rules (using iptables)
# ————————————————-
——————————————————

FM40LLQI52CSZSN.MEDIUM

Freebasic is free and is available for most platforms.

compile with

fbc -lang qb filerdr.bas

filerdr.bas


open "file" for input as #1 

open "notes" for output as #2 

open "notes-cs" for output as #3 

do while not eof(1) 

input #1, a$ 

b$ = left$(a$,2) 

c$ = mid$(a$,4,2) 

print #2,"NOTE_";b$;", "; 

print #3, c$;", "; 

loop 

close #1 

close #2\

close #3

file
G3-3

F4-23

notes
NOTE_G3, NOTE_F4,

notes-cs

3 , 23,

—————-

Screenshot from 2015-05-09 09:05:01

——————————————————

Unfinished. Use at your own risk.

Minimal install ubuntu router

At least 2 nics wan(primary)/lan(secondary)

set hostname

set User name

set password for user and verify

encrypt home directory ?

set Timezone

Use “Guided” default disk partitions setup

Set proxy if needed

Configure updates for automatic install. Security            automatically)

Software install (just openssh server)

Boot loader (best for single os install) install brub to master boot record)

Reboot

Command line login with username and password

sudo will be used alot

Add  webmin repo

Test version of Webmin in Ubuntu Linux from its official repository.

As you may know, Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.

To get started, login your remote server and follow the steps below:

1. Run below command to edit the source file:

sudo vi /etc/apt/sources.list

2. Press i on keyboard to start editing the file and add this line into the end:

deb http://download.webmin.com/download/repository sarge contrib

Press Esc to exit edit. Shift + : and followed by wq to save the changes.

3. Now execute command to download and install the key:

wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add –

4. After that, you can always use below commands to install the latest version of Webmin:

sudo apt-get update

sudo apt-get install webmin

Install software

$ sudo apt-get install webmin bind9 perl dhcp3server openssl

sudo vim /etc/network/interfaces

Look at setup.

Add interface for lan

# wan network interface

auto eth0

iface eth0 inet dhcp

# lan network interface

auto eth1

iface eth0 inet static

address 10.1.10.1

netmask 255.255.255.0

broadcast 10.1.10.255

network 10.1.10.0

Enable ipv4

$ sudo vim /etc/sysctl.conf

scro0ll down and uncomment line for packetforwarding for ipv4

see running interfaces

$ ifconfig

eth1 may not be up

see interfaces

$ ifconfig -a

start lan interface

$ sudo ifup eth1

Should see both cards

$ ifconfig

Hook computer to lan interface and reget ip addess

Go to another machine and use web browser

for the url use 10.1.10.1:10000

https://10.1.10.1:10000

add security exception

Login

Change timezone if needed

Go to configuration

Go to ports and addresses

change any address to only listen on server address

Port 10000 is ok

save

Go back to configuration

Goto Ipaccess control

Goto  allowed addresses

Include local network

add current machine

Allow resolve hostnames

save

Go back to configuration

Goto Networking

Check interfaces in network configuration

Goto config dhcp server

Hostname and Dnsserver

Add router as primary dns server

Search domain as wanb address

save

Goto Server

Goto Dhcp server

Add new subnet

subnet and other infor from from /etc/net/interfaces file

Description to whatever you like.

Set address on same subnet for use with client machines.

Static addresses should not be part of dhcp addresses.

you can change default lease times

Edit client options

Add subnet

default router lan address

save

save

edit network interfaces

set eth1  (lan) as interface to give out addesses

start dhcp server

Reserve an address

need mac address and an address to use.

leave at top level

add hostname for resolving.

apply changes

Goto Configure firewall

Set nat translatiopn on external interface (eth0)

Enable firewall at boot time

setup firewall

Goto Packet filtering

Default action on incoming packets to drop

Set

Drop forwarded packets

Add rules to incoming packets

1 accept all incoming packets on loopback (lo) interface

create

2  accept all incoming packets on eth1

create

3 accept packets from eth1 needs to be related to established from internal or already established (connection state) related to eth0

4 forwarded packets accept input eth1 and output eth0

create

5 accept established and related traffic for eth0 to eth1

accept all outgoing packets

chain

log dropped packes if space

log packets

if eth0 for

if noit logged the dropped

view logfile

——————————————————

Here is a web based interface to control some low voltage lines via the
Arduino.  The web interface will let you either singly turn an led on of off. You can also turn all the leds on or off at one time. From there you can interface all kinds of equipment.  Thebasoc circuit for the project is:

Or to look at an Arduino board the relevant pins are:

Whether is is for a Personal computer or one of many microcontrollers, the interfacing technique is pretty much the same. Here are two links to consider:

http://www.instructables.com/id/Ubuntu-and-the-arduino/

 http://www.instructables.com/id/External-device-control-ie-coffee-machine/

Now you can remotely turn on for off many devices and a start at home automation.

The code:

#include <Ethernet.h>

#include <SPI.h>

//network NB: Pins 10, 11, 12 and 13 are reserved for Ethernet module.

byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };

byte ip[] = { 192, 168, 1, 200 };

byte gateway[] = { 192, 168, 1, 1 };

byte subnet[] = { 255, 255, 255, 0 };

String inString = String(35);

String Led;
String z;

int led[] = {00, 1, 2, 3, 4, 5, 6, 7, }; //Led pins num 0 in arry is not used

int numofleds = 7; //numofleds

String value[] = {"on","on","on","on","on","on","on","on","on"}; //startup all led are off

EthernetServer server(80);

String data;

void setup()

{

Serial.begin(9600);

Ethernet.begin(mac, ip,gateway,subnet);

server.begin();

//set pin mode

for (int j = 0; j < (numofleds + 1); j++){

pinMode(led[j], OUTPUT);

}

Serial.println("Serial READY");

Serial.println("Ethernet READY");

Serial.println("Server READY");

}

void loop()

{

EthernetClient client = server.available();

if(client){

// an http request ends with a blank line

boolean current_line_is_blank = true;

while (client.connected()) {

if(client.available()) {

char c = client.read();

// if we've gotten to the end of the line (received a newline

// character) and the line is blank, the http request has ended,

// so we can send a reply

if (inString.length() < 35) {

inString.concat(c);

}

if (c == '\n' && current_line_is_blank) {

// send a standard http response header

client.println("HTTP/1.1 200 OK");

client.println("Content-Type: text/html");

client.println();

client.println("<html><body><form method=get>");

client.println("<hr><center>");
client.println("<p>Led controller</p>");
client.println("</center><hr>");

client.println("<p>Each led</p>");

for(int i=2;i < (numofleds + 1) ;i++){

Led = String("Led") + i;
z = String("#") + i;
if(inString.indexOf(Led+"=on")>0 || inString.indexOf("all=on")>0){

Serial.println(Led+"on");

digitalWrite(led[i], HIGH);

value[i] = "off";

}else if(inString.indexOf(Led+"=off")>0 || inString.indexOf("all=off")>0 ){

Serial.println(Led+"off");

digitalWrite(led[i], LOW);

value[i] = "on";

}

client.println("<br> Led "+z+"  <input type=submit name="+Led+" value="+value[i]+">");

}

client.println("<p>All leds</p>");
client.println("<input type=submit name=all value=on><input type=submit name=all value=off>");

client.println("</form><html></body>");

break;

}

if (c == '\n') {

// we're starting a new line

current_line_is_blank = true;

} else if (c != '\r') {

// we've gotten a character on the current line

current_line_is_blank = false;

}

}

}

// give the web browser time to receive the data

delay(10);

inString = "";

client.stop();

}

}

——————————————————

This article is more about window dressing more than anything else. The Arduino comes with a nice bit of web server code that reports the results of some temperature sensors. Thought the code could use at least some minimal improvements. Also put the the Arduino web address on the dns so that it could be called by the hostname lookup instead of the ipaddress. The important part of the changed code is included. Normally you can not store images on the Arduino, but you can reference them from another site.


void loop() {
  // listen for incoming clients
  EthernetClient client = server.available();
  if (client) {
    Serial.println("new client");
    // an http request ends with a blank line
    boolean currentLineIsBlank = true;
    while (client.connected()) {
      if (client.available()) {
        char c = client.read();
        Serial.write(c);
        // if you've gotten to the end of the line (received a newline
        // character) and the line is blank, the http request has ended,
        // so you can send a reply
        if (c == '\n' && currentLineIsBlank) {
          // send a standard http response header
          client.println("HTTP/1.1 200 OK");
          client.println("Content-Type: text/html");
          client.println("Connnection: close");
          client.println();
          client.println("<!DOCTYPE HTML>");
          client.println("<html>");
                    // add a meta refresh tag, so the browser pulls again every 5 seconds:
          client.println("<meta http-equiv=\"refresh\" content=\"5\">");
          // output the value of each analog input pin
        
          client.println("<hr>");
          client.println("<center>");
          client.println("<h2>Analog sensor information page</h2>");
          client.println("</center>");
          client.println("<hr>");
          client.println("<br><br>");
          client.println("<img
src='http://cdn.instructables.com/FFO/DOLC/FVW22FQV/FFODOLCFVW22FQV.LARGE.gif'
 width='200' height='200'>");
          client.println("<table border='1'>");
          client.println("<tr>");
          client.println("<td>");
          client.println("Sensor number");
          client.println("</td>");
          client.println("<td>");
          client.println("Sensor value");
          client.println("</td>");
          client.println("</tr>");
          for (int analogChannel = 0; analogChannel < 6; analogChannel++) {
           client.println("<tr>");
            client.println("<td>");
            int sensorReading = analogRead(analogChannel);
                
            client.print(analogChannel);
         
            client.println("</td>");
            client.println("<td>");
            client.print(sensorReading);
            client.println("<br />");     
             client.println("</td>");
            client.println("</tr>");
                   
      }
        client.println("</table>");
          client.println("</html>");
          break;
        }
        if (c == '\n') {
          // you're starting a new line
          currentLineIsBlank = true;
        }
        else if (c != '\r') {
          // you've gotten a character on the current line
          currentLineIsBlank = false;
        }
      }
    }
    // give the web browser time to receive the data
    delay(1);
    // close the connection:
    client.stop();
    Serial.println("client disonnected");
  }

Example of how to the the temperature with an arduino.  From Ubuntu and the Arduino on http://www.instructables.com

 Temp sensor. Is it too hot for you or your equipment, so now you can tell. Using an ice cube  will gve you a good test of the unit.Could also be the start of a sous vide machine.<code.>

//declare variables
float tempC;
int tempPin = 0;

void setup()
{
Serial.begin(9600); //opens serial port, sets data rate to 9600 bps
}

void loop()
{
tempC = analogRead(tempPin);           //read the value from the sensor
tempC = (5.0 * tempC * 100.0)/1024.0;  //convert the analog data to temperature
Serial.print((byte)tempC);             //send the data to the computer
delay(1000);                           //wait one second before sending new data
}

</code>

 

——————————————————

Pasta drying stand

FHB2NO5H8RVM4N4.MEDIUM

Good day.

Moving on, I hope.

Leave a comment

Chit chat

======

The personal computer was actually invented by a Texas chicken farmer which was known as the glass teletype and the company became known as Datapoint.

Bad storm and the power went out. Had to use the UPS (on battery only) for the router and the palmtop to see when the electricity might be restored.

Shame the AT&T door to door harassment teams do not understand what the term “No soliciting” means..

The new Microcenter store makes Frys look like a Radio Shack store.

Playing Soduku more and more.

Screenshot from 2015-04-18 16:45:25

————————————————-

Quickie hints:

Set the path:

$ export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/$USER/bc:/home/$USER/bin

Add icons and etc to desktop:

Run this command in your terminal (Applications > Accessories > Terminal):

# show files on desktop
gsettings set org.gnome.desktop.background show-desktop-icons true

# show shares on desktop
gsettings set org.gnome.nautilus.desktop volumes-visible true

# restart nautilus or logout and log back in.
nautilus -q
nautilus

————————————————-

Please keep your systems up to date!

For linux (depending on the distro:)

$ sudo apt-get update; sud apt-get upgrade
$ sudo yum update; sudo yum, upgrade
$ sudo pacman -Syu

etc
etc

————————————————-

Rp1 cases

There are a lot of diy cases on the net. Probably the most notable one is the cardboard case.  You can easily find them on the net by looking for RPi printable cases. Besure and tell the print program to not resize the image.


This next two were not real impressive and not so easily put together. Kind of flimsy?

This next one seemed a bit complicated.

Then there are the .dxf files with Librecad so you can use them a laser cutter or cnc router.

 

————————————————-

Cases can be expensive for micro-controllers, but if you can forgo the exactness you can use very inexpensive containers, This is especially true for controllers that might have several layer of capes, and or add-on boards

You can get inexpensive containers 3 or more for a dollar at a discount store.

Once you have your containers, you will want to modify them.

Then lastly you will want to bolt down the board. #4 machine screws should work fine for this. and viola you have your own case.

————————————————-

Screenshot from 2015-04-20 01:41:55

Setting up a network scanner:

Here are the steps to installing and accessing a network scanner from Ubuntu desktop client. It is assumed that the network scanner server is already up and running.

1) Let us first check whether there is a scanner available on our Ubuntu client host. Without any prior setup, you will see the message saying that “No scanners were identified.”

$ scanimage -L

2) Now we need to enable saned daemon which comes pre-installed on Ubuntu desktop. To enable it, we need to edit the /etc/default/saned file, and set the RUN variable to yes:

$ sudo vim /etc/default/saned
1
2
# Set to yes to start saned
RUN=yes

3) Let’s edit the /etc/sane.d/net.conf file, and add the IP address of the server where the scanner is installed:

4) Restart saned:

$ sudo service saned restart

5) Let’s see if the scanner is available now:

Now we can open “Simple Scan” (or other scanning utility) and start scanning documents. We can rotate, crop, and save the resulting image:

Note: most generic print servers do not support this feature.

————————————————-

How to download and install prebuilt OpenJDK packages
JDK 7
Debian, Ubuntu, etc.

On the command line, type:

Runtime
$ sudo apt-get install openjdk-7-jre

For development
$ sudo apt-get install openjdk-7-jdk

To make sure you are using the right version

$ sudo update-alternatives –config java

For the browser:

$ sudo apt-get install  icedtea-7-plugin

The openjdk-7-jre package contains just the Java Runtime Environment. If you want to develop Java programs then install the openjdk-7-jdk package.
Fedora, Oracle Linux, Red Hat Enterprise Linux, etc.

On the command line, type:
$ su -c “yum install java-1.7.0-openjdk”

The java-1.7.0-openjdk package contains just the Java Runtime Environment. If you want to develop Java programs then install the java-1.7.0-openjdk-devel package.
JDK 6
Debian, Ubuntu, etc.

On the command line, type:
$ sudo apt-get install openjdk-6-jre

The openjdk-6-jre package contains just the Java Runtime Environment. If you want to develop Java programs then install the openjdk-6-jdk package.
Fedora, Oracle Linux, Red Hat Enterprise Linux, etc.

On the command line, type:
$ su -c “yum install java-1.6.0-openjdk”

The java-1.6.0-openjdk package contains just the Java Runtime Environment. If you want to develop Java programs then install the java-1.6.0-openjdk-devel package.
BSD Port

For a list of pointers to packages of the BSD Port for DragonFly BSD, FreeBSD, Mac OS X, NetBSD and OpenBSD, please see the BSD porting Project’s wiki page.

————————————————-

Set up your own computer based radio. radiolocator.com is a good place to start for looking to find available stations.

Many radio stations will let you listen to their live stream, Sometimes you can find and use the link on their web page. Sometimes you have to venture through web page html to find it the file and download it from their server. So if that file gets updated, you will need to get the file again.

A play list might look like:

$ cat klolfmaac.pls

File1=http://2243.live.streamtheworld.com:80/KLOLFMAAC_SC
File2=http://2243.live.streamtheworld.com:3690/KLOLFMAAC_SC
File3=http://2243.live.streamtheworld.com:443/KLOLFMAAC_SC
Title1=KLOLFMAAC_SC
Title2=KLOLFMAAC_SC-Bak
Length1=-1
NumberOfEntries=3
Version=2

or

$ cat koda-fm.m3u
http://107.14.43.102:80/7/597/20097/v1/auth.akacast.akamaistream.net/koda-fm
http://koda-fm.ng.akacast.akamaistream.net:80/7/597/20097/v1/auth.akacast.akamaistream.net/koda-fm
http://koda-fm.ng.akacast.akamaistream.net:80/7/597/20097/v1/auth.akacast.akamaistream.net/koda-fm
http://koda-fm.ng.akacast.akamaistream.net:80/7/597/20097/v1/auth.akacast.akamaistream.net/koda-fm

So log in to the remote server and install your files (the shell file and the play lists). The modify the shell file for the location of the play lists. Make the shell file executable.

$ chmod +x radio,sh
What I do is install screen so I can let go of the script if I need to and then come back later to it.

$ screen
<ctrl>A d) to disconnect

Get screen sessions

$ screen -ls

Then reconnect with:

$ screen -r <session number or name>

Then just run it

$ ./radio.sh

Press q to quit
$ exit to leave screen session.

<pre>#!/bin/bash
#
# Script to emulate a radop.
#
while :
do
clear
echo "************************"
echo "* Radio tuner          *"
echo "************************"
echo "* [1] Alvin            *"
echo "* [2] 91.7 classical   *"
echo "* [3] 88.7 global      *"
echo "* [4] Kuhf news        *"
echo "* [5] KPFT             *"
echo "* [6] Koda             *"
echo "* [7] KTBZ             *"
echo "* [8] KSBJ             *"
echo "* [9] KGLT             *"
echo "*                      *"
echo "* [0] Exit/Stop        *"
echo "************************"
echo
echo "Enter your menu choice [1-9 or 0]: "
read -n 1 yourch
case $yourch in
1) mplayer -playlist http://www.kaccradio.com/images/KACCRadio.asx  ;;
2) mplayer -playlist  http://www.publicbroadcasting.net/kuhf/ppr/kuha_128.m3u  ;;
3) mplayer -playlist  http://www.publicbroadcasting.net/kuhf/ppr/kuhfglobal_128.m3u  ;;
4) mplayer -playlist http://www.publicbroadcasting.net/kuhf/ppr/kuhfnews_128.m3u  ;;
5) mplayer -playlist http://kpft.org/KPFT-hifi.wma ;;
6) mplayer -playlist koda-fm.m3u  ;;
7) mplayer -playlist ktbz-fm.m3u  ;;
8) mplayer -playlist ksbjfmaac.pls  ;;
9) mplayer -playlist kglkfmaac.pls ;;
0) exit 0;;
*) echo "Oopps!!! Please select choice 1,2,3,4,5,6,7,8, or 9"
echo "Press Enter to continue. . ." ; read ;;
esac
done

————————————————-

Slow ascii file reader

$ ./asccirdr.[filename]


#!/bin/sh

# A program to slowly cat file or standard input.

if [ "$1" ] ; then
file="$1"
else
file="-"
fi

cat "$file" | while read c ; do
echo "$c"

# change delay for speed of viewing.

sleep .005
done

————————————————-

iriiver

Ereader is optional by using your portable music player.

http://www.instructables.com/id/Ereader-is-optional-by-using-your-portable-music-p-1/

————————————————-

Simple python calender

$ python cal.py

Screenshot from 2015-04-26 23:30:20

$ cat cal.py
import calendar
calendar.prcal(2015)

————————————————-

Create a table with python for use in a web page.

Screenshot from 2015-04-26 23:37:43

$ python table.py
<table>
<tr><th></th><th>X</th><th>Y</th><th>Z</th></tr>
<tr><td style=”font-weight: bold;”>1</td><td>5572</td><td>4860</td><td>3289</td></tr>
<tr><td style=”font-weight: bold;”>2</td><td>7419</td><td>5313</td><td>4522</td></tr>
<tr><td style=”font-weight: bold;”>3</td><td>8962</td><td>7636</td><td>7714</td></tr>
<tr><td style=”font-weight: bold;”>4</td><td>8330</td><td>3408</td><td>3646</td></tr>
<tr><td style=”font-weight: bold;”>5</td><td>6894</td><td>2333</td><td>5806</td></tr>
</table>

save to file with:

python table.py > tabletest.html

import random
def rand9999():
return random.randint(1000, 9999)
def tag(attr='', **kwargs):
for tag, txt in kwargs.items():
return '<{tag}{attr}>{txt}</{tag}>'.format(**locals())
if __name__ == '__main__':
header = tag(tr=''.join(tag(th=txt) for txt in ',X,Y,Z'.split(','))) + '\n'
rows = '\n'.join(tag(tr=''.join(tag(' style="font-weight: bold;"', td=i)
+ ''.join(tag(td=rand9999())
for j in range(3))))
for i in range(1, 6))
table = tag(table='\n' + header + rows + '\n')
print(table)

————————————————-

Bachelor tortilla (a little rolling pin action).

SUNP0031

Good day.

Jupiter goes forward.

Leave a comment

Chit chat

======

Have not taken time yet to fix the email server..

Was able to get my old RP1 up and running again. Somehow it had a bad image. Put Openelec on the mm card for testing.

The Easter bunny brought me an RPi-2.

Finally getting used to connecting wireless with my nexus 7 tablet with much regret.

Hopefully Libreoffice will come out with their web based version soon. Saving a place on the server for it. Like the policy of install once but us many.

Keep getting messages about updating the Pogoplug. Since going to arch linux, we have not used that service in forever.

Raspberry Pi case?

SUNP0012

——————————————————-

Now let us take a look a remote music controller called mpd. With mplayer we could do everything from the command line, mpw we should be able to use the gui on the remote machine. We will not need to use ssh here either.

You will want to set up your host machines with speakers as before. Then we need to add a new piece of software called mpd. It is available for a wide variety of systems including android.

$ sudo apt-get install mpd.

Server does not have to have gui installed. Copy your music files to the server if they are not already there. Then you will want so edit the config file for you file settings and etc.

$ sudo vim /etc/mpd.conf

Once you have that done, you will need to go to the client machine and install the following:

$ sudo apt-get install mpc gmpc

Then go to the gui menu for the  sound and video.   Choose the gnome-music-okayer-client. Everything is gui form there. You will need to set the servername and the port number (usually 6600). In many cases it will autodetect it for you.

Start playing music from the server.

——————————————————-

Remember the old concentration game from many years ago. You can make your own version. you will need thirty clear plastic envelopes. They can be make from cheap clear plastic lunch bags and clear plastic tape. Poster board can be used for making the large frames. You will also need to make some blue cards with the embossed numbers for each of the bags. Of course you will need a frame to hold the puzzle background.

Lastly you will need a puzzle to use as the background. You can use your favorite drawing program the will let you import pictures. Gimp is what we like to use  There are thousands on-line that you can use or even use your own. Such as:

The sky is the limit with your imagination. More information at: http://en.wikipedia.org/wiki/Concentration_%28game_show%29

——————————————————-

Just an experiment to determine the amount of days between two dates. In this case it is the days left in the current presidency.

<pre>#!/bin/bash
D=`date +%Y-%m-%d`
D1=`date +%s -d "$D"`
D2=`date +%s -d "2017-01-20"`
((diff_sec=D2-D1))
echo - | awk -v SECS=$diff_sec '{printf "Number of days : %d",SECS/(60*60*24)}'
echo " till Obama leaves office."

Result:

$ ./datediff.sh
Number of days : 656 days till Obama leaves office.
$

or semigui:

#!/bin/bash
D=`date +%Y-%m-%d`
D1=`date +%s -d "$D"`
D2=`date +%s -d "2017-01-20"`
((diff_sec=D2-D1))
a=`echo - | awk -v SECS=$diff_sec '{printf "Number of days : %d",SECS/(60*60*24)}'`
a=$a" till Obama leaves office."
zenity --info --text="$a"

Screenshot from 2015-04-11 03:54:56

——————————————————-

Really feel for Mr. Banzi and the fact that everyone is making their own version of the Arduino. You can get the bare  chips and make your own. You can get the boards as low as ten dollars even at a retail outlet. Had a spare ethernet board I bought from Radio shack on sale. So when I saw a compatible board for only ten dollars, I had to get it.

The main reason, I wanted this version of the board is that I have some Arduino chips that that can be plugged and played on the board versus the surface mounted versions which will not plug and play.

For those systems that need acm

$ sudo apt-get install hal
$ sudo usermod -a -G tty $USER
$ sudo usermod -a -G dialout $USER

Speaking the Arduino, they have a newer IDE. When I downloaded a recent version, I had problems. The one I downloaded today seems to work. Tested the new Arduino board and the extra ethernet board we had. Seemed to work. The page for the new software is: http://arduino.cc/en/Main/Software

One thing I like about the new ide is that if gives you a basic form to start with, which saves time. In fact you cut and paste the minimal code in the old ide software/

void setup() {
// put your setup code here, to run once:

}

void loop() {
// put your main code here, to run repeatedly:

}
Time to go back and work on the Sous vide project.

The Nexus 7 has a neat little ide also

——————————————————-

Primer on ipv6

Intro

One of the main benefits of Internet Protocol version 6 (IPv6) over previously used Internet Protocol version 4 (IPv4) is the large address-space that contains (addressing) information to route packets for the next generation Internet.

IPv6 supports 128-bit address space and can potentially support 2128 or 3.4W1038 unique IP addresses (as opposed to 32-bit address space of IPv4). With this large address-space scheme, IPv6 has the capability to provide unique addresses to each and every device or node attached to the Internet.

 

IPv6

Why we need IPv6 Addressing

An escalating demand for IP addresses acted as the driving force behind the development of the large address space offered by the IPv6. According to industry estimates, in the wireless domain, more than a billion mobile phones, Personal Digital Assistants (PDA), and other wireless devices will require Internet access, and each will need its own unique IP address.

The extended address length offered by IPv6 eliminates the need to use techniques such as network address translation to avoid running out of the available address space. IPv6 contains addressing and control information to route packets for the next generation Internet.

IPv6 addresse formats are divided into three classes:

1) Unicast addresses A Unicast address acts as an identifier for a single interface. An IPv6 packet sent to a Unicast address is delivered to the interface identified by that address.

2) Multicast addresses A Multicast address acts as an identifier for a group/set of interfaces that may belong to the different nodes. An IPv6 packet delivered to a Multicast address is delivered to the multiple interfaces.

3) Anycast addresses Anycast addresses act as identifiers for a set of interfaces that may belong to the different nodes. An IPv6 packet destined for an Anycast address is delivered to one of the interfaces identified by the address.

(http://en.wikipedia.org/wiki/IPv6_address#Address_formats)

IPv6 Address Notation

IPv6 addresses are denoted by eight groups of hexadecimal quartets separated by colons in between them.

Following is an example of a valid IPv6 address: 2001:cdba:0000:0000:0000:0000:3257:9652

Any four-digit group of zeroes within an IPv6 address may be reduced to a single zero or altogether omitted. Therefore, the following IPv6 addresses are similar and equally valid:

2001:cdba:0000:0000:0000:0000:3257:9652

2001:cdba:0:0:0:0:3257:9652

2001:cdba::3257:9652

The URL for the above address will be of the form:

http://%5B2001:cdba:0000:0000:0000:0000:3257:9652%5D/

Network Notation in IPv6

The IPv6 networks are denoted by Classless Inter Domain Routing (CIDR) notation. A network or subnet using the IPv6 protocol is denoted as a contiguous group of IPv6 addresses whose size must be a power of two. The initial bits of an IPv6 address (these are identical for all hosts in a network) form the network s prefix. The size of bits in a network prefix are separated with a / . For example, 2001:cdba:9abc:5678::/64 denotes the network address 2001:cdba:9abc:5678. This network comprises of addresses rearranging from 2001:cdba:9abc:5678:: up to 2001:cdba:9abc:5678:ffff:ffff:ffff:ffff. In a similar fashion, a single host may be denoted as a network with a 128-bit prefix. In this way, IPv6 allows a network to comprise of a single host and above.

Special Addresses in IPv6

::/96 The zero prefix denotes addresses that are compatible with the previously used IPv4 protocol.

::/128 An IPv6 address with all zeroes in it is referred to as an unspecified address and is used for addressing purposes within a software.

::1/128 This is called the loop back address and is used to refer to the local host. An application sending a packet to this address will get the packet back after it is looped back by the IPv6 stack. The local host address in the IPv4 was 127.0.0.1 .

2001:db8::/32 This is a documentation prefix allowed in the IPv6. All the examples of IPv6 addresses should ideally use this prefix to indicate that it is an example.

fec0::/10 This is a site-local prefix offered by IPv6. This address prefix signifies that the address is valid only within the local organization. Subsequently, the usage of this prefix has been discouraged by the RFC.

fc00::/7 This is called the Unique Local Address (ULA). These addresses are routed only within a set of cooperating sites. These were introduced in the IPv6 to replace the site-local addresses. These addresses also provide a 40-bit pseudorandom number that reduces the risk of address conflicts.

ff00::/8 This prefix is offered by IPv6 to denote the multicast addresses. Any address carrying this prefix is automatically understood to be a multicast address.

fe80::/10 This is a link-local prefix offered by IPv6. This address prefix signifies that the address is valid only in the local physical link.

——————————————————-

ipv4 web calculator. You can find it on the web if you look.

Screenshot from 2015-04-10 00:49:58

Screenshot from 2015-04-10 00:47:56

Screenshot from 2015-04-10 00:51:03

Screenshot from 2015-04-10 00:52:18

Some ipv6 calculators also on the web

Screenshot from 2015-04-10 00:46:42

Screenshot from 2015-04-10 00:45:14

Screenshot from 2015-04-10 00:43:53

——————————————————-

Another ipv6 Calcer

Screenshot from 2015-04-12 22:16:34

Screenshot from 2015-04-12 22:17:15

——————————————————-

If you’re a Linux system administrator, chances are you’ve got more than one machine that you’re responsible for on a daily basis. You may even have a bank of machines that you maintain that are similar — a farm of Web servers, for example. If you have a need to type the same command into several machines at once, you can login to each one with SSH and do it serially, or you can save yourself a lot of time and effort and use a tool like ClusterSSH.

ClusterSSH is a Tk/Perl wrapper around standard Linux tools like XTerm and SSH. As such, it’ll run on just about any POSIX-compliant OS where the libraries exist — I’ve run it on Linux, Solaris, and Mac OS X. It requires the Perl libraries Tk (perl-tk on Debian or Ubuntu) and X11::Protocol (libx11-protocol-perl on Debian or Ubuntu), in addition to xterm and OpenSSH.

Installation

Installing ClusterSSH on a Debian or Ubuntu system is trivial — a simple sudo apt-get install clusterssh will install it and its dependencies. It is also packaged for use with Fedora, and it is installable via the ports system on FreeBSD. There’s also a MacPorts version for use with Mac OS X, if you use an Apple machine. Of course, it can also be compiled from source.

Configuration

ClusterSSH can be configured either via its global configuration file — /etc/clusters, or via a file in the user’s home directory called .csshrc. I tend to favor the user-level configuration as that lets multiple people on the same system to setup their ClusterSSH client as they choose. Configuration is straightforward in either case, as the file format is the same. ClusterSSH defines a “cluster” as a group of machines that you’d like to control via one interface. With that in mind, you enumerate your clusters at the top of the file in a “clusters” block, and then you describe each cluster in a separate section below.

For example, let’s say I’ve got two clusters, each consisting of two machines. “Cluster1″ has the machines “Server1″ and “Server2″ in it, and “Cluster2″ has the machines “Server3″ and “Server4″ in it. The ~.csshrc (or /etc/clusters) control file would look like this:

clusters = cluster1 cluster2

cluster1 = server1 server2
cluster2 = server3 server4

You can also make meta-clusters — clusters that refer to clusters. If you wanted to make a cluster called “all” that encompassed all the machines, you could define it two ways. First, you could simply create a cluster that held all the machines, like the following:

clusters = cluster1 cluster2 all

cluster1 = server1 server2
cluster2 = server3 server4
all = server1 server2 server3 server4

However, my preferred method is to use a meta-cluster that encompasses the other clusters:

clusters = cluster1 cluster2 all

cluster1 =Server1 server2
cluster2 = server3 server4
all = cluster1 cluster2

Figure 1: Lauching ClusterSSH

By calling out the “all” cluster as containing cluster1 and cluster2, if either of those clusters ever change, the change is automatically captured so you don’t have to update the “all” definition. This will save you time and headache if your .csshrc file ever grows in size.

Using ClusterSSH

Using ClusterSSH is similar to launching SSH by itself. Simply running cssh -l <username> <clustername> will launch ClusterSSH and log you in as the desired user on that cluster. In the figure below, you can see I’ve logged into “cluster1″ as myself. The small window labeled “CSSH [2]” is the Cluster SSH console window. Anything I type into that small window gets echoed to all the machines in the cluster — in this case, machines “server1″ and “server2″. In a pinch, you can also login to machines that aren’t in your .csshrc file, simply by running cssh -l <username> <machinename1> <machinename2> <machinename3>.

If I want to send something to one of the terminals, I can simply switch focus by clicking in the desired XTerm, and just type in that window like I usually would. ClusterSSH has a few menu items that really help when dealing with a mix of machines. As per the figure below, in the “Hosts” menu of the ClusterSSH console there’s are several options that come in handy.

“Retile Windows” does just that if you’ve manually resized or moved something. “Add host(s) or Cluster(s)” is great if you want to add another set of machines or another cluster to the running ClusterSSH session. Finally, you’ll see each host listed at the bottom of the “Hosts” menu. By checking or unchecking the boxes next to each hostname, you can select which hosts the ClusterSSH console will echo commands to. This is handy if you want to exclude a host or two for a one-off or particular reason. The final menu option that’s nice to have is under the “Send” menu, called “Hostname”. This simply echoes each machine’s hostname to the command line, which can be handy if you’re constructing something host-specific across your cluster.

Caveats with ClusterSSH

Like many UNIX tools, ClusterSSH has the potential to go horribly awry if you aren’t very careful with its use. I’ve seen ClusterSSH mistakes take out an entire tier of Web servers simply by propagating a typo in an Apache configuration. Having access to multiple machines at once, possibly as a privileged user, means mistakes come at a great cost. Take care, and double-check what you’re doing before you punch that Enter key.

Conclusion

ClusterSSH isn’t a replacement for having a configuration management system or any of the other best practices when managing a number of machines. However, if you need to do something in a pinch outside of your usual toolset or process, or if you’re doing prototype work, ClusterSSH is indispensable. It can save a lot of time when doing tasks that need to be done on more than one machine, but like any power tool, it can cause a lot of damage if used haphazardly.

——————————————————-

Homnemade SOS

SUNP0009

Good day.

 

Itching.

Leave a comment

Chit chat

======

Extremely upset.I have to redo Squirrelmail on the server.

if a picture is worth a thousand words, then is a movie worth a million words? Here are some of my original videos. Hope to make more and better ones soon,

https://www.youtube.com/results?search_query=thecomputoman

—————————————————–

Thinking about getting a stereo  for the office area, but really did not want to spend any money if I could use an old pc.Love to play free open source royalty free music.  If you think about it, the footprint of a stereo is like a pc but without the monitor. Maybe I could just use an old Linux box to get the job one.

Then I thought would it be nice if I could lt the pc stereo stand alone and then access it from a remote machine.  Something linux can do very easily using the ssh environment. Installed a switch and ran the cables from the desk top to the music server. You could also do this via wifi, but that can be a security issue.

Once you have everything set up, you will want to move your music files and then organize your music in some way before starting the shell command.

so

$ ssh oeorgan1

$ sudo apt-get install mplayer

Execute the shell command to play all the sonegs in the subdirectories from the main subdirectory. Note: if you know how to use the screen command, you can enhance your control a lot easier.

eddie@oeorgan1:/var/media/music$ mplayer -really-quiet -playlist <(find $PWD -type f)

Then you can use various keyboard commands to control the music. The ones I use most are:

<shift> >     next song

<shift> <     previous song

p                   pause

r                    continue

<control> c  stop

Here are two keyboard formats that might be of interest.

Like Alton Brown of “Good eats” fame, he detests single use appliances, Since computers are good at doing more than one thing, you take your pc stereo system and add web, mail, file and a host of other programs to make the systems more versatile. Let us see whether your gardent variety stereo can do that.

If you wanted something more interactive, you could install something like xvnc or xrdp and rim something like rhythymbox or whatever.

—————————————————–

Picture of Another almost free computers thin client set up Part II.

In this section we will add some internet safety software and allow access to the net from the ltsp clients.

Step 1: Setting up a proxy

To filter the internet we need a tool to allow us to do that. Tinyproxy allows us to do that.

Launch the Synaptic Package Manager from the “System” -> “Administration” menu.

We need to make sure that community open source packages are available. To do that under the menu “Settings” select “Repositories”. Make sure “Community maintained Open Source software (universe)” is selected.

Now on the tool menu click Search and type “tinyproxy”. Right-click on “tinyproxy” and select “Mark for Installation”. Now click Apply on the tool menu.

or

sudo apt-get install tinyproxy

Tinyproxy should now be installed.

Step 2: Content filtering.

Before we enable the internet connection to the thin clients we want to be able to filter or block sites that may not fit our needs. This is especially true for a day care center or even home use. Seems like it would take forever to build a list of sites that might be objectionable. Fortunately http://urlblacklist.com/ has a free list that can be downloaded ( go to http://urlblacklist.com/?sec=download ) and be used with the software we are going to install..

Dansgaurdian: DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters. DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primary school might want but DansGuardian puts you in control of what you want to block.

Launch the Synaptic Package Manager from the “System” -> “Administration” menu. Now we can install DansGuardian, again click “Search” from the tool menu and type “dansguardian”. Right-click on “dansguardian” and select “Mark for Installation”. Now click “Apply” on the tool menu. The installation will error because DansGuardian is not yet configured.

(or sudo apt-get install dansguardian)

To configure DansGuardian, open a Terminal and type:gksudo gedit /etc/dansguardian/dansguardian.conf (or sudo nano /etc/dansguardian/dansguardian.conf)

Now comment out the line that says “UNCONFIGURED” by placing a ‘#’ at the beginning of that line.

Find the line that says “proxyport” and change the proxyport value to Tinyproxy’s default port#, which is 8888.

Note: the port is originally set to 3128 which is the default proxy port for squid proxy. An alternative to Tinyproxy. Instructions for setting this up are also in the Wiki, here https://help.ubuntu.com/community/SquidGuard, and it may be more suitable for network proxying

Save the file and exit.

Right-click on dansguardian in the Synaptic Package Manager again and select “Mark for Reinstallation”. Click “Apply”.

Congratulations! Your machine should now be running a fully functional Internet Content Filter on port 8080. To test your filter, open your web browser and tell it to use localhost port 8080 as its HTTP proxy.

To check configuration:

sudo /etc/init.d/dansguardian restart

You should get:

Restarting DansGuardian: * Restarting DansGuardian: [ OK ]

Step 3: Connecting to the internet.

You need to make sure some parameters are set up.

$ sudo nano /etc/network/options and it should have the following options.

ip_forward=yes

spoofprotect=yes

syncookies=no

then enable the connection

$ sudo sh -c ‘echo 1 > /proc/sys/net/ipv4/ip_forward’

Now go to an ltsp client and see if you can get on the internet.

Step 4: Using a proxy.

Browse the Web with Firefox via a Proxy Server

SUMMARY: If security restrictions require accessing the Internet through a proxy server, here’s how to configure Mozilla Firefox to do so.

For security reasons, if you access the Internet through a proxy server, you need to configure Mozilla Firefox with the correct settings, else you may not be able to access web sites, FTP servers, and the like through your web browser.

1. Click “Tools” – “Options”.

2. When the “Options” dialog box appears, click the “Advanced” button.

3. Click the “Network” tab.

4. Click the “Settings” button next to “Configure how Firefox connects to the Internet”.

5. A “Connection Settings” dialog box will appear. Here you can decide whether to use:

Firefox Connection Settings dialog box

* No proxy (default)

* Auto-detect proxy settings for this network

* Manual proxy configuration

* Automatic proxy configuration URL (if you select this, enter the URL).

6. If you require a proxy, auto-detection fails, and you do not have an automatic configuration URL, you need to configure Mozilla Firefox manually with the proxy settings.

* Enter proxy information for the following protocols: HTTP, SSL, FTP, Gopher (!), and / or SOCKS. If all use the same proxy settings, click the “Use the same proxy for all protocols” button.

* Next to “No Proxy for”, enter addresses that don’t require a proxy server to access.

7. When done, click “OK” on the dialog boxes to close them.

This tip was written for Mozilla Firefox v3.0.4. Screenshots and instructions for other versions may vary.

Step 5: Other packages to consider.

External project not included in Ubuntu at this time.

Teachertool – Fl_TeacherTool is a program to help teachers teach by utilizing the benefits of a Linux Terminal Server. It was designed to fit into the K12LTSP distribution but may also work with other LTSP system

Installable from ubuntu

ltsp controlaula – Classroom management tool (must be installed in client root not host root)

thin-client-manager-backend – control ubuntu LTSP connections

thin-client-manager-gnome – control ubuntu LTSP connections

—————————————————–

 

Picture of Part III LTSP Maintenance.

This is for LTSP,  mainly for keeping software installed via the standard repositories up to date.  You definitely really need to be at least an intermediate linux user to accomplish this project. Ask for help from an expert if you fell uncomfortable with it. With ltsp you really have two separate file systems to update. One for the regular file system and one for the file system clients. Actually you could have several file systems to update if you are supporting more than one kind of thin client hardware. By now you should be handy enough with the command line that I do not have to put a picture of every result. Quick hint: you can ssh into your server and then cut and paste all the commands from a file or this web page. That is what I am doing now.

Update the sources (where the upgrade/update files will come from).

$ sudo apt-get update

Do the upgrade

$ sudo apt-get upgrade

In some cases if you did a system upgrade instead of a clean install, you might not get all packages upgraded.

$ sudo apt-get dist-upgrade will usually do the job.

Last of all some clean up.

$ sudo apt-get autoclean

With the client directories, you want to make sure that the list of sources for the client file system is the same as the server or there will be some incompatibilities. (note: i386 is the architecture type.)

$ sudo cp /etc/apt/sources.list /opt/ltsp/i386/etc/apt/.

$ export LTSP_FILE_DAEMONS=false

Now you need to temporarily need to change file systems so that the updates go to the proper file system.

$ sudo chroot /opt/ltsp/i386

$ mount -t proc proc /proc

Here we go:

$ sudo apt-get update

$ sudo apt-get dist-upgrade

$ sudo apt-get clean

$ exit

$ sudo ltsp-update-kernels

$ sudo umount /opt/ltsp/i386/proc

$ sudo ltsp-update-sshkeys

$ sudo ltsp-update-image

One of the few times that rebooting the might be a good idea.

$ sudo chroot /

$ sudo reboot

So nice only to have to update just one computer instead of a whole lab full or more of computers. You would still work with user accounts and etc as you would with a standalone system.

—————————————————–

Ethernet splitter.variant cable saver. Need to be well shielded.

FX94K053V6EP27ZK0O.MEDIUM

Take the other end of the cable, cut it to 9 inches and punch down the four pairs using the following wiring scheme: You will need two of them.

Jack #1:

1 White/Orange to pin 1keystone jack

2 Orange to pin 2 keystone jack

3 White/Green to pin 3 keystone jack

6 Green to pin 6 keystone jack

Jack #2:

4 Blue to pin 2 keystone jack

5 White/Blue to pin 1 keystone jack

7 White/Brown to pin 3 keystone jack

8 Brown to pin 6 keystone jack

Once all the pairs are punched down, you can glue together side by side the two keystone jacks.

Essentially:

Screenshot from 2015-03-30 00:22:51

—————————————————–

Working on the mythical school website

 

Screenshot from 2015-04-03 15:43:36 Screenshot from 2015-03-13 12:15:56 Screenshot from 2015-03-13 12:15:30 Screenshot from 2015-03-13 12:16:29

Screenshot from 2015-04-03 15:45:07Screenshot from 2015-04-03 15:44:33

Screenshot from 2015-03-31 02:27:39 Screenshot from 2015-03-31 02:28:26Screenshot from 2015-03-31 01:20:04

—————————————————–

Oldee but goodie:

 

This is way out of date, but it has it’s points

Done Item: Geek Bucket list. (from “Daily cup of tech”)
Geek Bucket list. (from “Daily cup of tech”)
——————————————————
1. Add a Third Monitor
2. Build a Linux Firewall
3. Build a Network File Server
4. Build a PC
5. Build a Robot
6. Build an HTML based Website using Notepad
7. Bypass a Computer Password on All Major Operating Systems
8. Bypass School or Work Website Blocks
9. Carry a Computer Cleaning Arsenal on Your USB Drive
10. Compile a Linux Kernel
11. Control Your House Lights with a Computer
12. Convert Cassette Tapes to Digital Audio Files
13. Crack a Wi-Fi Password
14. Create “Hello, World” in at Least Five Different Programming languages
15. Create a Disposable E-Mail Account
16. Create a Recovery Drive Image of Your Computer
17. Create a WordPress Plugin
18. Create a WordPress Theme from Scratch
19. Create an Add-On for Firefox
20. Create an SSH Tunnel
21. Create Music with Keyboard
22. Design and Build a Circuit Board
23. Do Cool Things to Altoids Tins
24. Download a Video from YouTube
25. Download Wikipedia
26. Execute a Shell Script
27. Find a Users IP Address on AIM
28. Find a Website IP Address Without Web/CommandPrompt Access
29. Flash System BIOS
30. Hack a Pop Machine
31. Hack a USB Drive Startup File
32. Hide a File Behind a JPEG
33. Homebrew Hack Game Systems
34. Increase Wi-Fi Range
35. Install a Content Management System for a Website
36. Irrecoverably Protect Data
37. Jailbreak an iPhone
38. Know the Meaning of Technical Acronyms
39. Know Who Mulder and Scully Are
40. Learn and Write Javascript
41. Learn At Least One Fictional Language
42. Learn Hexadecimal and Binary Number Systems
43. Learn How to Convert a DVD to x264 (or XviD or DivX)
44. Learn How to Hot Wire a Car
45. Learn How to Install Mac OS X on a PC
46. Learn How to Reset RAM
47. Learn Important Keyboard Shortcuts
48. Learn the Fastest way to Kill a Computer
49. Learn to Identify Keyloggers
50. Learn to Identify Major Constellations
51. Load Rockbox onto an MP3 Player
52. Lock Your Computer with a USB Drive
53. Make a Cat5 Patch and Crossover Cable
54. Make a Laptop Cooling Pad
55. Make Your Office Ergonomic
56. Mod a Flash Drive Case
57. Monitor Network Traffic
58. Mount and ISO in a Virtual DVD Drive
59. Move Completely To Open Source
60. Permanently Delete Data on a Hard Drive
61. Permanently Delete Your Facebook Account
62. Pick a Lock
63. Play a Geek Practical Joke
64. Play Retro Games without Retro Consoles
65. Put LEDs Inside a Light Bulb
66. Put Open Source Firmware on a Router
67. Read 1337 At Normal Speed
68. Recover Deleted Files
69. Recover Master Boot Record
70. Register Your Name as an Internet Domain
71. Remotely Control a Computer
72. Replace a Laptop Keyboard
73. Replacing a Laptop LCD
74. Retrieve Data off Hard Drive
75. Rip Streaming Videos
76. Run an Operating System from a USB Thumb Drive
77. Run Multiple Computers with one Keyboard and Mouse
78. Run Operating System inside a Virtual Computer
79. Run Your Own Ethernet Line
80. Screw with Wi-Fi Leeches
81. Setup a Computer in the Cloud
82. Setup a Streaming Media Server
83. Setup a VPN
84. Setup an Apache, MySQL, Mail, PHP server on Windows and Linux
85. Shrink a Website URL
86. Soldering Glasses Together
87. Strip Windows DRM
88. Surf the Web Anonymously
89. Survive in a Linux Argument
90. Tethering a Smartphone
91. Turn a Laptop into a Digital Picture Frame
92. Turn Webcams into Security Cameras
93. Unbrick a Smartphone
94. Understand What “There’s no Place Like 127.0.0.1″ Means
95. Unleash a Laser Pointer’s full potential
96. Unlock an iPhone
97. Upload a Video to YouTube
98. Use a Camera in Manual Mode
99. Use Bittorrent Effectively
100. Wire a Home Theatre System

—————————————————–

Make your own lard

SUNP0005aSUNP0008SUNP0010

Good day.

Spring has sprung.

Leave a comment

Chit chat

======

Did an  update on the old 10.x ltsp server. That maybe the last one. Want a new machine and then load the latest and greatest The old amd800 has had better days.

The other dtv converter looks like it is about to bite the dust. Looking at options.

Still getting a lot of requests for people curious about OTA TV antennnas

FXYIZDOHPG4MKC2.LARGE

————————————–

Was trying to get a list of systems up on the network.  Pingall.sh would not work at all. It was driving me nuts. So I went to another system and it worked.

$ cat pingall.sh
a=””
for i in {1..254}
do
ping 192.168.1.$i -c1 -w1 -v  | grep “icmp_seq=1″
done

$ ./pingall.sh
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.623 ms
64 bytes from 192.168.1.32: icmp_seq=1 ttl=64 time=0.113 ms
64 bytes from 192.168.1.99: icmp_seq=1 ttl=255 time=4.77 ms
64 bytes from 192.168.1.125: icmp_seq=1 ttl=64 time=1.26 ms
64 bytes from 192.168.1.149: icmp_seq=1 ttl=64 time=0.306 ms

Went back to the original system and decided to do just one ping.

$ ping -c 1 192.168.1.32
PING 192.168.1.32 (192.168.1.32) 56(84) bytes of data.
64 bytes from 192.168.1.32: icmp_req=1 ttl=64 time=0.363 ms

— 192.168.1.32 ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.363/0.363/0.363/0.000 ms

After looking at it about a thousand times, it finally hit me. The difference was reg vs seq. So I changed the batch file and all was well,

$ cat pingall.sh
a=””
for i in {1..254}
do
ping 192.168.1.$i -c1 -w1 -v  | grep “icmp_req=1″
done

$ ./pingall.sh
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.527 ms
64 bytes from 192.168.1.32: icmp_req=1 ttl=64 time=0.293 ms
64 bytes from 192.168.1.99: icmp_req=1 ttl=255 time=5.08 ms
64 bytes from 192.168.1.125: icmp_req=1 ttl=64 time=0.264 ms
64 bytes from 192.168.1.149: icmp_req=1 ttl=64 time=0.068 ms

Whew….  details details details…….

————————————–

Money for school test equipment down the drain.  Since  #Android does not want to support #ethernet , I no longer want to use android. Saying you do not support ethernet is amateurish. Not getting a new unit to get left out in the cold again. Android is getting the Apple/Microsoft  disease. Update: waiting to see if a5.1 fixes the issues.

Whoopie!! Ethernet is fixed, but still have to test a direct connection to the Arduino, Could not find a setting to set the ip address, so it looks like I will have to use a router to make it work.

————————————–

Sous vide idea in progress

Remark: Logic for a sous vide system

Set lo
w_temperature
Set high_temperature
Set start_time
Set end_time
Turn on heat
Turn on led
if end_time < start_time then stop.

loop until time > end_time.
Get temperature
if temperature > high_temperature then turn off heat and turn off led
if temperature < low_temperature then turn on heat and turn on led
get time

loop
turn led off

————————————–

Really feel for Mr. Banzi and the fact that everyone is making their own version of the Arduino. You can get the bare  chips and make your own. You can get the boards as low as ten dollars even at a retail outlet. Had a spare ethernet board I bought from Radio shack on sale. So when I saw a compatible board for only ten dollars, I had to get it.

The main reason, I wanted this version of the board is that I have some Arduino chips that that can be plugged and played on the board versus the surface mounted versions which not not plug and play.

Speaking the Arduino, they have a newer IDE. When I downloaded it the

Labels
rduino
Published on

4/3/15, 5:46 AM

Central Daylight Time

Permalink
Location

other day, it had problems. The one I downloaded

today seems to work. Tested the new Arduino board and the extra ethernet board we had. Seemed to work. The page for the new software is: http://arduino.cc/en/Main/Software

One thing I like about the new ide is that if gives you a basic form to start with, which saves time. In fact you cut and paste the minimal code in the olde ide software;

Time to go back and work on the Sous vide project.

————————————–

Old computer power supplies can still deliver +5, +12,  ground and more. Great for conversion to workbench supplies.

Pin Name
1 +5V
2 +5V
3 +5V
4 +5V
5 GND1
6 GND2
7 GND3
8 GND4
9 +12V
10 KEY
11 -12V
12 +5V USER
13 -5V
14 TICK

————————————–

Ethernet splitter.variant cable saver.

FX94K053V6EP27ZK0O.MEDIUM

Take the other end of the cable, cut it to 9 inches and punch down the four pairs using the following wiring scheme: You will need two of them.

Jack #1:

1 White/Orange to pin 1keystone jack
2 Orange to pin 2 keystone jack
3 White/Green to pin 3 keystone jack
6 Green to pin 6 keystone jack

Jack #2:

4 Blue to pin 2 keystone jack
5 White/Blue to pin 1 keystone jack
7 White/Brown to pin 3 keystone jack
8 Brown to pin 6 keystone jack

Once all the pairs are punched down, you can glue together side by side the two keystone jacks.

Essentially:

Screenshot from 2015-03-30 00:22:51

————————————–

What was the diagnosis from the famous MSWindows PC Tech doctor say about the linux box?

“It’s terminal.”

————————————–

Picture of Part III LTSP Maintenance.

This is for LTSP,  mainly for keeping software installed via the standard repositories up to date.  You definitely really need to be at least an intermediate linux user to accomplish this project. Ask for help for an expert if you fell uncomfortable with it. With ltsp you really have two separate file systems to update. One for the regular file system and one for the file system clients. Actually you could have several file systems to update if you are supporting more than one kind of thin client hardware. By now you should be handy enough with the command line that I do not have to put a picture of every result. Quick hint: you can ssh into your sever and then cut and paste all the commands from a file or ths web page. That is what I am doing now.

Update the sources (where the upgrade/update files will come from).
$ sudo apt-get update

Do the upgrade
$ sudo apt-get upgrade

In some cases if you did a system upgrade instead of a clean install, you might not get all packages upgraded.
$ sudo apt-get dist-upgrade will usually do the job.

Last of all some clean up.
$ sudo apt-get autoclean

With the client directories, you want to make sure that the list of sources for the client file system is the same as the server or there will be some incompatibilities. (note: i386 is the architecture type.)
$ sudo cp /etc/apt/sources.list /opt/ltsp/i386/etc/apt/.

$ export LTSP_FILE_DAEMONS=false

Now you need to temporarily need to change file systems so that the updates go to the proper file system.
$ sudo chroot /opt/ltsp/i386

$ mount -t proc proc /proc

Here we go:
$ sudo apt-get update

$ sudo apt-get dist-upgrade

$ sudo apt-get clean

$ exit

$ sudo ltsp-update-kernels

$ sudo umount /opt/ltsp/i386/proc

$ sudo ltsp-update-sshkeys

$ sudo ltsp-update-image

One of the few times that rebooting the might be a good idea.

$ sudo chroot /

$ sudo reboot

So nice only to have to update just one computer instead of a whole lab full or more of computers. You would still work with user accounts and etc as you would with a standalone system.

————————————–

Tex-mex nachos (Some recipes may be available at Notarealchef.blogspot.com)

SUNP0006

Good day.

It’s coming.

Leave a comment

Chit chat

=======

Happy valentines day.

Screenshot - 02162015 - 11:27:33 AM

 

More fun than old fashioned wrestling.

 

 

——————————————–

Our goal here to see what is live on the network and how possibly vunerable those machines are. Might be interesting to use with a wifi network.

First lets get the live systems at the moment. You will need to change your code depending on your network,

alive.sh

 #!/bin/bash
rm goodips
is_alive_ping()
{
  ping -c 1 $1 > /dev/null
  [ $? -eq 0 ] && echo $i >> goodips
}

for i in 192.168.1.{1..255}
do
is_alive_ping $i & disown
done

Generated goodips file:
192.168.1.1
192.168.1.32
192.168.1.99
192.168.1.126

Then we can run a sort of network scanner.

scannet.sh

datafile="goodips"
a=1
m="not done"
while read line
do fdata[$a]=$line
echo $line
        let a=a+1
       for p in {1..1023};
       do
       (echo >/dev/tcp/$line/$p) >/dev/null 2>&1 && echo "$p open"
       done
done < $datafile

Then we can run the bash file to see what is open. (You could also save it to a file.)

192.168.1.1
23 open
53 open
80 open

192.168.1.32
22 open
80 open
110 open
111 open
143 open
443 open
993 open
995 open

192.168.1.99
21 open
80 open
139 open
515 open

192.168.1.126
22 open
25 open
80 open
139 open
445 open

——————————————–

Replace traditional command to install ssh-keys
cat ~/.ssh/id_rsa.pub | ssh usr@host’cat >> .ssh/authorized_keys’

With a single command:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

SSH-COPY-ID(1) BSD General Commands Manual SSH-COPY-ID(1)

NAME
ssh-copy-id — use locally available keys to authorise logins on a remote
machine

SYNOPSIS
ssh-copy-id [-n] [-i [identity_file]] [-p port] [-o ssh_option]
[user@]hostname
ssh-copy-id -h | -?

DESCRIPTION
ssh-copy-id is a script that uses ssh(1) to log into a remote machine
(presumably using a login password, so password authentication should be
enabled, unless you’ve done some clever use of multiple identities). It
assembles a list of one or more fingerprints (as described below) and
tries to log in with each key, to see if any of them are already installed
(of course, if you are not using ssh-agent(1) this may result in you being
repeatedly prompted for pass-phrases). It then assembles a list of those
that failed to log in, and using ssh, enables logins with those keys on
the remote server. By default it adds the keys by appending them to the
remote user’s ~/.ssh/authorized_keys (creating the file, and directory, if
necessary). It is also capable of detecting if the remote system is a
NetScreen, and using its ‘set ssh pka-dsa key …’ command instead.

The options are as follows:

-i identity_file
Use only the key(s) contained in identity_file (rather than look‐
ing for identities via ssh-add(1) or in the default_ID_file). If
the filename does not end in .pub this is added. If the filename
is omitted, the default_ID_file is used.

Note that this can be used to ensure that the keys copied have the
comment one prefers and/or extra options applied, by ensuring that
the key file has these set as preferred before the copy is
attempted.

-n do a dry-run. Instead of installing keys on the remote system
simply prints the key(s) that would have been installed.

-h, -? Print Usage summary

-p port, -o ssh_option
These two options are simply passed through untouched, along with
their argument, to allow one to set the port or other ssh(1)
options, respectively.

Rather than specifying these as command line options, it is often
better to use (per-host) settings in ssh(1)’s configuration file:
ssh_config(5).

Default behaviour without -i, is to check if ‘ssh-add -L’ provides any
output, and if so those keys are used. Note that this results in the com‐
ment on the key being the filename that was given to ssh-add(1) when the
key was loaded into your ssh-agent(1) rather than the comment contained in
that file, which is a bit of a shame. Otherwise, if ssh-add(1) provides
no keys contents of the default_ID_file will be used.

The default_ID_file is the most recent file that matches: ~/.ssh/id*.pub,
(excluding those that match ~/.ssh/*-cert.pub) so if you create a key that
is not the one you want ssh-copy-id to use, just use touch(1) on your pre‐
ferred key’s .pub file to reinstate it as the most recent.

EXAMPLES
If you have already installed keys from one system on a lot of remote
hosts, and you then create a new key, on a new client machine, say, it can
be difficult to keep track of which systems on which you’ve installed the
new key. One way of dealing with this is to load both the new key and old
key(s) into your ssh-agent(1). Load the new key first, without the -c
option, then load one or more old keys into the agent, possibly by ssh-ing
to the client machine that has that old key, using the -A option to allow
agent forwarding:

user@newclient$ ssh-add
user@newclient$ ssh -A old.client
user@oldl$ ssh-add -c
… prompt for pass-phrase …
user@old$ logoff
user@newclient$ ssh someserver

now, if the new key is installed on the server, you’ll be allowed in
unprompted, whereas if you only have the old key(s) enabled, you’ll be
asked for confirmation, which is your cue to log back out and run

user@newclient$ ssh-copy-id -i someserver

The reason you might want to specify the -i option in this case is to
ensure that the comment on the installed key is the one from the .pub
file, rather than just the filename that was loaded into you agent. It
also ensures that only the id you intended is installed, rather than all
the keys that you have in your ssh-agent(1). Of course, you can specify
another id, or use the contents of the ssh-agent(1) as you prefer.

Having mentioned ssh-add(1)’s -c option, you might consider using this
whenever using agent forwarding to avoid your key being hijacked, but it
is much better to instead use ssh(1)’s ProxyCommand and -W option, to
bounce through remote servers while always doing direct end-to-end authen‐
tication. This way the middle hop(s) don’t get access to your
ssh-agent(1). A web search for ‘ssh proxycommand nc’ should prove
enlightening (N.B. the modern approach is to use the -W option, rather
than nc(1)).

SEE ALSO
ssh(1), ssh-agent(1), sshd(8)

BSD February 15, 2015 BSD

——————————————–

Couple of cartoons:

More input (aka short circuit)

Screenshot from 2015-03-04 09:33:16

Can you hear me now?

Screenshot from 2015-03-04 11:16:14

Proper inkjet repair.

Screenshot from 2015-03-02 23:24:31

——————————————–

$ cal 2015
                            2015
      January               February               March          
Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  
             1  2  3   1  2  3  4  5  6  7   1  2  3  4  5  6  7  
 4  5  6  7  8  9 10   8  9 10 11 12 13 14   8  9 10 11 12 13 14  
11 12 13 14 15 16 17  15 16 17 18 19 20 21  15 16 17 18 19 20 21  
18 19 20 21 22 23 24  22 23 24 25 26 27 28  22 23 24 25 26 27 28  
25 26 27 28 29 30 31                        29 30 31              

       April                  May                   June          
Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  
          1  2  3  4                  1  2      1  2  3  4  5  6  
 5  6  7  8  9 10 11   3  4  5  6  7  8  9   7  8  9 10 11 12 13  
12 13 14 15 16 17 18  10 11 12 13 14 15 16  14 15 16 17 18 19 20  
19 20 21 22 23 24 25  17 18 19 20 21 22 23  21 22 23 24 25 26 27  
26 27 28 29 30        24 25 26 27 28 29 30  28 29 30              
                      31                                          

        July                 August              September        
Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  
          1  2  3  4                     1         1  2  3  4  5  
 5  6  7  8  9 10 11   2  3  4  5  6  7  8   6  7  8  9 10 11 12  
12 13 14 15 16 17 18   9 10 11 12 13 14 15  13 14 15 16 17 18 19  
19 20 21 22 23 24 25  16 17 18 19 20 21 22  20 21 22 23 24 25 26  
26 27 28 29 30 31     23 24 25 26 27 28 29  27 28 29 30           
                      30 31                                       

      October               November              December        
Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  Su Mo Tu We Th Fr Sa  
             1  2  3   1  2  3  4  5  6  7         1  2  3  4  5  
 4  5  6  7  8  9 10   8  9 10 11 12 13 14   6  7  8  9 10 11 12  
11 12 13 14 15 16 17  15 16 17 18 19 20 21  13 14 15 16 17 18 19  
18 19 20 21 22 23 24  22 23 24 25 26 27 28  20 21 22 23 24 25 26  
25 26 27 28 29 30 31  29 30                 27 28 29 30 31        

eddie@debian:~$ ./cal 2015
                                      2015

            January                 Februray                 March        
      Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa
                   1  2  3     1  2  3  4  5  6  7     1  2  3  4  5  6  7
       4  5  6  7  8  9 10     8  9 10 11 12 13 14     8  9 10 11 12 13 14
      11 12 13 14 15 16 17    15 16 17 18 19 20 21    15 16 17 18 19 20 21
      18 19 20 21 22 23 24    22 23 24 25 26 27 28    22 23 24 25 26 27 28
      25 26 27 28 29 30 31                            29 30 31 

             April                    May                     June        
      Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa
                1  2  3  4                    1  2        1  2  3  4  5  6
       5  6  7  8  9 10 11     3  4  5  6  7  8  9     7  8  9 10 11 12 13
      12 13 14 15 16 17 18    10 11 12 13 14 15 16    14 15 16 17 18 19 20
      19 20 21 22 23 24 25    17 18 19 20 21 22 23    21 22 23 24 25 26 27
      26 27 28 29 30          24 25 26 27 28 29 30    28 29 30 
                              31                      

              July                   August                September      
      Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa
                1  2  3  4                       1           1  2  3  4  5
       5  6  7  8  9 10 11     2  3  4  5  6  7  8     6  7  8  9 10 11 12
      12 13 14 15 16 17 18     9 10 11 12 13 14 15    13 14 15 16 17 18 19
      19 20 21 22 23 24 25    16 17 18 19 20 21 22    20 21 22 23 24 25 26
      26 27 28 29 30 31       23 24 25 26 27 28 29    27 28 29 30 
                              30 31                   

            October                 November                December      
      Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa    Su Mo Tu We Th Fr Sa
                   1  2  3     1  2  3  4  5  6  7           1  2  3  4  5
       4  5  6  7  8  9 10     8  9 10 11 12 13 14     6  7  8  9 10 11 12
      11 12 13 14 15 16 17    15 16 17 18 19 20 21    13 14 15 16 17 18 19
      18 19 20 21 22 23 24    22 23 24 25 26 27 28    20 21 22 23 24 25 26
      25 26 27 28 29 30 31    29 30                   27 28 29 30 31 

Of course you can run the cal command, but would it not be nice to see what went into it.

Cal.c
#include
#include
#include

int width = 80, year = 1969;
int cols, lead, gap;

const char *wdays[] = { “Su”, “Mo”, “Tu”, “We”, “Th”, “Fr”, “Sa” };
struct months {
const char *name;
int days, start_wday, at;
} months[12] = {
{ “January”, 31, 0, 0 },
{ “Februray”, 28, 0, 0 },
{ “March”, 31, 0, 0 },
{ “April”, 30, 0, 0 },
{ “May”, 31, 0, 0 },
{ “June”, 30, 0, 0 },
{ “July”, 31, 0, 0 },
{ “August”, 31, 0, 0 },
{ “September”, 30, 0, 0 },
{ “October”, 31, 0, 0 },
{ “November”, 30, 0, 0 },
{ “December”, 31, 0, 0 }
};

void space(int n) { while (n– > 0) putchar(‘ ‘); }

void init_months()
{
int i;

if ((!(year % 4) && (year % 100)) || !(year % 400))
months[1].days = 29;

year–;
months[0].start_wday
= (year * 365 + year/4 – year/100 + year/400 + 1) % 7;

for (i = 1; i 4) gap = 4;
lead = (width – (20 + gap) * cols + gap + 1) / 2;
year++;
}

void print_row(int row)
{
int c, i, from = row * cols, to = from + cols;
space(lead);
for (c = from; c < to; c++) {
i = strlen(months[c].name);
space((20 – i)/2);
printf(“%s”, months[c].name);
space(20 – i – (20 – i)/2 + ((c == to – 1) ? 0 : gap));
}
putchar(‘\n’);

space(lead);
for (c = from; c < to; c++) {
for (i = 0; i < 7; i++)
printf(“%s%s”, wdays[i], i == 6 ? “” : ” “);
if (c < to – 1) space(gap);
else putchar(‘\n’);
}

while (1) {
for (c = from; c < to; c++)
if (months[c].at < months[c].days) break;
if (c == to) break;

space(lead);
for (c = from; c < to; c++) {
for (i = 0; i < months[c].start_wday; i++) space(3);
while(i++ < 7 && months[c].at < months[c].days) {
printf(“%2d”, ++months[c].at);
if (i < 7 || c < to – 1) putchar(‘ ‘);
}
while (i++ <= 7 && c < to – 1) space(3);
if (c < to – 1) space(gap – 1);
months[c].start_wday = 0;
}
putchar(‘\n’);
}
putchar(‘\n’);
}

void print_year()
{
int row;
char buf[32];
sprintf(buf, “%d”, year);
space((width – strlen(buf)) / 2);
printf(“%s\n\n”, buf);
for (row = 0; row * cols < 12; row++)
print_row(row);
}

int main(int c, char **v)
{
int i, year_set = 0;
for (i = 1; i < c; i++) {
if (!strcmp(v[i], “-w”)) {
if (++i == c || (width = atoi(v[i])) < 20)
goto bail;
} else if (!year_set) {
if (!sscanf(v[i], “%d”, &year) || year = 20)]\n”, v[0]);
exit(1);
}

But the you could add a picture:
$ cat snoopycal.sh
echo ” ,-~~-.___. —-”
echo ” / ()=(() \\ $1 $2″
echo ” ( ( 0 —-”
echo ” \\._\\, ,—-‘”
echo ” ##XXXxxxxxxx”
echo ” / —‘~;”
echo ” / /~|-”
echo ” =( ~~ |”
echo ” /~~~~~~~~~~~~~~~~~~~~~\\”
echo ” /_______________________\\”
echo ” /_________________________\\”
echo “/___________________________\\”
echo ” |____________________|”
echo ” |____________________|”
echo ” |____________________|”
echo ” | |”
echo “”
cal $1 $2

Which could result in:

$ ./snoopycal.sh 3 2015
,-~~-.___. —-
/ ()=(() \ 3 2015
( ( 0 —-
\._\, ,—-‘
##XXXxxxxxxx
/ —‘~;
/ /~|-
=( ~~ |
/~~~~~~~~~~~~~~~~~~~~~\
/_______________________\
/_________________________\
/___________________________\
|____________________|
|____________________|
|____________________|
| |

March 2015
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

Screenshot from 2015-03-17 14:14:30

——————————————–

Gimp does not have the liquid command but it dies have distorts iwarp.

Screenshot from 2015-03-17 14:52:40 Screenshot from 2015-03-17 14:53:29

Screenshot from 2015-03-17 14:55:07Screenshot from 2015-03-17 15:00:06

——————————————–

Had a video that I made, but wanted the audio separate just to listen to it. So I did

$ avconv -i inputfile.flv  outputfile.mp3

Then copied the file over to the music server.

Screenshot from 2015-03-17 15:30:15

——————————————–

Getting Flash files:

Go to the page with the flash file you would like to get at and the show the source.

Screenshot from 2015-03-17 16:31:45

The get the file:

$ wget http://www.mydr.com.au/babies-pregnancy/animation-fertilisation-of-egg-by-sperm/files/images/animations/fertilisation.swf

Play it with your viewer.

——————————————–

Just a big snoopy.

$ fbc snoopy.bas

$ ../snoopy

Screenshot from 2015-03-17 17:01:04

——————————————–

Screenshot from 2015-03-18 22:57:32

Remark: Logic for a sous vide system

Set lo

w_temperature

Set high_temperature

Set start_time

Set end_time

Turn on heat

Turn on led

if end_time < start_time then stop.

loop until time > end_time.

Get temperature

if temperature > high_temperature then turn off heat and turn off led

if temperature < low_temperature then turn on heat and turn on led

get time

loop

turn led off

end

 

——————————————–

Focaccia sort of

pizza

Good day.

Just another post.

Leave a comment

Chit chat

======

Converting the nslu2 back to the original firmware. Oops, delaying that idea.

Lost a drive that was using arch linux.  Worked fine the last time I used it. Replaced it with a drive that has Debian. At least the machine is still being used.  Not a good week also lot a Raspberry Pi.

Had to put on a new ends on a few network cables. Once you  have done enough of them, you never forget the wo-o-wg-bl-wbl-g-wbr-br aka

white-orange orange white-green blue white-blue green white-brown brown

Moved some c source files over to the pogoplug and tested compiling some c code.

Brother is getting the android 5 update. Android 5 without hardwire access is a fail.

Getting close to 1.5 million views at http://www.instructables.com/member/computothought

—————————————–

To convert a web page for use with the arduino, you will need to add a preface and an ending to each line of code.

Original code:

<html>
<body>
This is a text message.
</body>
</html>

Using vim add a beginning with: :%s!^!client.println(\”!

client.println(“<html>
client.println(“<body>
client.println(“This is a text message.
client.println(“</body>
client.println(“</html>

Then using vim add an ending with: :%s/$/\”);/

client.println(“<html>”);
client.println(“<body>”);
client.println(“This is a text message.”);
client.println(“</body>”);
client.println(“</html>”);

Result:

Also:

client.println(“”);
client.println(“This is a test of the arduino.”);
client.println(“”);
client.println(“<pre>”);
client.println(”                                 ___________”);
client.println(”                                [___________]”);
client.println(”                                 {=========}”);
client.println(”                               .-*         *-.”);
client.println(”                              /               \\”);
client.println(”                             /_________________\\”);
client.println(”                             |   _  _   _      |”);
client.println(”                             ||\\(_ |_)||_)||\\ ||”);
client.println(”            ,.–.   ,.–.    ||~\\_)|  || \\|| \\||”);
client.println(”           // \\  \\ // \\  \\   |_________________|”);
client.println(”           \\\\  \\ / \\\\  \\ /   |                 |”);
client.println(”            `*–*   `*–*    ‘—————–‘”);
client.println(“</pre>”);

Your code should now work within an ethernet sketch. The rest is up to your imagination.

—————————————–

Try at your own risk. Your system could be damaged.

Plug goes into a sound card output. Of course, you will need an AM capable radio to receive the transmissions. Dial needs to be set at or near 100x10khz. There was several strong competing stations where we tested this project.

—————————————–

Decided to make a sd card with arch linux using these instructions:

SD Card Creation
Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.

  1. Start fdisk to partition the SD card:
    fdisk /dev/sdX
  2. At the fdisk prompt, delete old partitions and create a new one:
    1. Type o. This will clear out any partitions on the drive.
    2. Type p to list partitions. There should be no partitions left.
    3. Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +100M for the last sector.
    4. Type t, then c to set the first partition to type W95 FAT32 (LBA).
    5. Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
    6. Write the partition table and exit by typing w.
  3. Create and mount the FAT filesystem:
    mkfs.vfat /dev/sdX1 mkdir boot mount /dev/sdX1 boot
  4. Create and mount the ext4 filesystem:
    mkfs.ext4 /dev/sdX2 mkdir root mount /dev/sdX2 root
  5. Download and extract the root filesystem (as root, not via sudo):
    wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz
  6.  sudo apt-get install bsdtar
  7. bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root sync
  8. Move boot files to the first partition:
    mv root/boot/* boot
  9. Unmount the two partitions:
    umount boot root
  10. Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.
  11. Use the serial console or SSH to the IP address given to the board by your router. The default root password is ‘root’.
  12. Once you log in be sure to update the  system with pacman -Syu

—————————————–

You can take software from years even decades ago and still reuse it. For example, found some accounting source code originally written as early as the 1970’s that can be compiled and used on present day systems. Albeit that the software needs some polish to be presentable by today’s standards, it still works just as well.

Account setup:

Then you can enter some data:

Lastly, you can views the results of your entries say in a simple t-account format:

The datafile:

$ cat bizness

02052015               XX X X X X X XXXXXXXXassets             XXXXXXXXXXXXXXXliabilities        XXXXXXXXXXXXXXXcapital            XXXXXXXXXXXXXXXincome             XXXXXXXXXXXXXXXexpenses           XXXXXXXXXXXXXXXunused             XXXXXXXXXXXXXXXunused             XXXXXXXXXXXXXXXincome/expense sum.XXXXXXXXXXXXXXXCash               d�D c Cd@�D czCc�c D

cHCXXXXXXXXSupplies           d C    c�BXXXXXXXXXXXXXEquipment          dzDXXXXXXXXXXXXXXAccounts payable   czd DXXXXXXXXXXXXXNotes Payable      XXXXXXXXXXXXXXXCapital – owner    c�DXXXXXXXXXXXXXXDrawing – owner

dHCXXXXXXXXXXXXXXFee income         c@�DXXXXXXXXXXXXXXRent               dzCXXXXXXXXXXXXXXSupplies expense       d�BXXXXXXXXXXXXXXTelephone Expense  d�BXXXXXXXXXXXXXX

What software can you put back to work?

—————————————–
With more and more people using the command line, changing permissions is a must. Chmod (chmod) is used to change permissions of a file. Do not use it that much except when setting permissions on the .ssh folder or on a web server application directories

i.e.
$ sudo chmod -R 755 appdirectory

or

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/*

Explanation examples:

Permissions Command
User Group World
rwx rwx rwx chmod 777 filename
rwx rwx r-x chmod 775 filename
rwx r-x r-x chmod 755 filename
rw- rw- r– chmod 664 filename
rw- r– r– chmod 644 filename

r = readable  w = writable x = executable  – = no permission

Here is another way of looking at it:

ugw function
400 r– read by owner
040 -r- read by group
004 –r read by anybody (other)
200 w– write by owner
020 -w- write by group
002 –w write by anybody
100 x– execute by owner
010 -x- execute by group
001 –x execute by anybody

To get a combination, just add them up. For example, to get read, write, execute by owner, read, execute, by group, and execute by anybody, you would add 400+200+100+040+010+001 to give 751.

There is also a nice web based calculator you can use on a web page of your own making: http://wsabstract.com/script/script2/chmodcal.shtml

Note: Some people like to use:
chmod ugo=rwx myfile
Where the nerds use:
chmod 777 myfile

—————————————–

Some experimental mysql database setup scripts. Should be able to use then with Mariadb. (USE AT YOUR OWN RISK!)Original script:#!/bin/bash EXPECTED_ARGS=3 E_BADARGS=65 MYSQL=`which mysql`
#Danger do not use GRANT ALL ON *.*
Q1=”CREATE DATABASE IF NOT EXISTS $1;” Q2=”GRANT ALL ON *.* TO ‘$2’@’localhost’ IDENTIFIED BY ‘$3′;” Q3=”FLUSH PRIVILEGES;” SQL=”${Q1}${Q2}${Q3}” if [ $# -ne $EXPECTED_ARGS ] then echo “Usage: $0 dbname dbuser dbpass” exit $E_BADARGS fi $MYSQL -uroot -p -e “$SQL”To use it, just run:
./createdb testdb testuser secretpassSomeone’s modified script:#!/bin/bash

BTICK=’`’
EXPECTED_ARGS=3
E_BADARGS=65
MYSQL=`which mysql`
Q1=”CREATE DATABASE IF NOT EXISTS ${BTICK}$1${BTICK};”
Q2=”GRANT ALL ON ${BTICK}$1${BTICK}.* TO ‘$2’@’localhost’ IDENTIFIED BY ‘$3′;”
Q3=”FLUSH PRIVILEGES;”
SQL=”${Q1}${Q2}${Q3}”
if [ $# -ne $EXPECTED_ARGS ]
then
echo “Usage: $0 dbname dbuser dbpass”
exit $E_BADARGS
fi
$MYSQL -uroot -p -e “$SQL”Using a little whiptail:

#!/bin/bash

USERNAME=$(whiptail –title “Mysql username” –inputbox “What is your Mysql username?” 10 60 $USER 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
echo “Your pet name is:” $USERNAME
else
echo “You chose Cancel.” ; exit
fi

PASSWORD=$(whiptail –title “Mysql password” –passwordbox “Enter your password and choose Ok to continue.” 10 60 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
echo “Your password is: XXXXXXXX”
else
echo “You chose Cancel.” ; exit
fi

DBNAME=$(whiptail –title “Database name” –inputbox “What is database name?” 10 60 DBNAME 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
echo “Your pet name is:” $DBNAME
else
echo “You chose Cancel.” ; exit
fi
DBUSERNAME=$(whiptail –title “Database username” –inputbox “What is your database user name?” 10 60 DATABASEUSERNAME 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
echo “Your pet name is:” $DBUSERNAME
else
echo “You chose Cancel.” ; exit
fi
DBHOST=$(whiptail –title “Database host name” –inputbox “What is your database host name?” 10 60 DBHOST 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
echo “Your pet name is:” $DBHOST
else
echo “You chose Cancel.” ; exit
fi

DBPASSWORD=$(whiptail –title “Database password” –passwordbox “What is your database password?” 10 60 DBPASSWORD 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ]; then
echo “Your password is : XXXXXXXX”
else
echo “You chose Cancel.” ; exit
fi

MYSQL=`which mysql`

Q1=”CREATE DATABASE IF NOT EXISTS $DBNAME;”
Q2=”GRANT ALL ON $DBNAME.* TO ‘$DBUSERNAME’@’$DBHOST’ IDENTIFIED BY ‘$DBPASSWORD';”
Q3=”FLUSH PRIVILEGES;”
SQL=”${Q1}${Q2}${Q3}”

$MYSQL -u $USER -p $PASSWORD -e “$SQL”

—————————————–

More on whiptail:

A message box shows any arbitrary text message with a confirmation button to continue. whiptail –title “<message box title>” –msgbox “<text to show>” <height> <width>

Example:

#!/bin/bash

whiptail –title “Message Box” –msgbox “Create a message box with whiptail. Choose Ok to continue.” 10 60

Screenshot from 2015-02-07 12:22:20

Create a Yes/No Box

One common user input is Yes or No. This is when a Yes/No dialog box can be used. whiptail –title “<dialog box title>” –yesno “<text to show>” <height> <width>

Example:

#!/bin/bash
if (whiptail –title “Yes/No Box” –yesno “Do you like computers (yes/no)?” 10 60)
then echo “Yes, you like computers. Exit status was $?.”
else echo “No, you do not like computers. Exit status was $?.”
fi

Optionally, you can customize the text for Yes and No buttons with “–yes-button” and “–no-button” options.

Example:

#!/bin/bash

if (whiptail –title “Test Yes/No Box” –yes-button “Free software” –no-button “Closed software” –yesno “Which do you like better?” 10 60)

then echo “You chose free software Exit status was $?.”

else echo “You chose closed software. Exit status was $?.”

fi

Screenshot from 2015-02-07 12:44:13

Example:

#!/bin/bash

if (whiptail –title “Test Yes/No Box” –yes-button “Free software” –no-button “Closed software” –yesno “Which do you like better?” 10 60)

then echo “You chose free software Exit status was $?.”

else echo “You chose closed software. Exit status was $?.”

fi

You saw the freeform and the password boxes in the previous section.

Create a Menu Box

When you want to ask a user to choose one among any arbitrary number of choices, you can use a menu box. whiptail –title “<menu title>” –menu “<text to show>” <height> <width> <menu height> [ <tag> <item> ] . . .

Example:

#!/bin/bash

OPTION=$(whiptail –title “Menu Dialog” –menu “Choose your option” 15 60 4 \ “1” “Grilled ham” \ “2” “Swiss Cheese” \ “3” “Charcoal cooked Chicken thighs” \ “4” “Baked potatos” 3>&1 1>&2 2>&3)

exitstatus=$?

if [ $exitstatus = 0 ];

then echo “Your chosen option:” $OPTION

else echo “You chose Cancel.”

fi

Screenshot from 2015-02-07 12:13:57

Create a Radiolist Dialog

A radiolist box is similar to a menu box in the sense that you can choose only option among a list of available options. Unlike a menu box, however, you can indicate which option is selected by default by specifying its status. whiptail –title “<radiolist title>” –radiolist “<text to show>” <height> <width> <list height> [ <tag> <item> <status> ] . . .

Example:

#!/bin/bash

DISTROS=$(whiptail –title “Test Checklist Dialog” –radiolist \ “What is the Linux distro of your choice?” 15 60 4 \ “Debian” “Stable Debian” ON \ “Ubuntu” “Copycat Debian” OFF \ “Centos” “Copycate Redhat” OFF \ “Mint” “Copycat Ubuntu/Debian” OFF 3>&1 1>&2 2>&3)

exitstatus=$?
if [ $exitstatus = 0 ];

then echo “The chosen distro is:” $DISTROS

else echo “You chose Cancel.”

fi

Screenshot from 2015-02-07 12:04:52

Create a Checklist Dialog

A checklist dialog is useful when you want to ask a user to choose more than one option among a list of options, which is in contrast to a radiolist box which allows only one selection. whiptail –title “<checklist title>” –checklist “<text to show>” <height> <width> <list height> [ <tag> <item> <status> ] . . .

Example:

#!/bin/bash

DISTROS=$(whiptail –title “Test Checklist Dialog” –checklist \ “Choose preferred Linux distros” 15 60 4 \ “Debian” “Stable Debian” ON \ “Ubuntu” “Debian copycat” OFF \ “Centos” “Redhat copycat” ON \ “Mint” “Copycat Ubuntu/Debian” OFF 3>&1 1>&2 2>&3)

exitstatus=$?

if [ $exitstatus = 0 ];

then echo “Your favorite distros are:” $DISTROS

else echo “You chose Cancel.”

fi

Screenshot from 2015-02-07 11:50:35

Create a Progress Bar

Another user-friendly dialog box is a progress bar. whiptail reads from standard input a percentage number (0 to 100) and displays a meter inside a gauge box accordingly. whiptail –gauge “<test to show>” <height> <width> <inital percent>

#!/bin/bash
PCT=0
(
while test $PCT != 100;
do
PCT=`expr $PCT + 10`;
echo $PCT;
sleep 1;
done; ) | whiptail --title "GAUGE" --gauge "Hi, this is a gauge widget" 20 70 0

Screenshot from 2015-02-07 11:40:30

By now, you must see how easy it is to create useful dialog boxes in an interactive shell script. Next time you need to write a shell script for someone, why don’t you try whiptail?

—————————————–

Another simple pasta favorite (fettucine made from scratch).

SUNP0031

Good day.

 

Older Entries

Follow

Get every new post delivered to your Inbox.