Matthew Gyurgyik

I needed to obtain the firmware for my KWorld ATSC 115 which uses the nxt2004 demodulator. The kernel module saa7134 requires the nxt2004 firmware to operate correctly. In the past the process to obtain the firmware was easy, but now that avermedia-usa now longer makes available the driver, it was much harder to track down the need firmware file.

The problem:

m2n:~ $ /tmp/get_dvb_firmware nxt2004
--2012-07-06 22:51:22--  http://www.avermedia-usa.com/support/Drivers/AVerTVHD_MCE_A180_Drv_v1.2.2.16.zip
Resolving www.avermedia-usa.com... 66.85.153.58
Connecting to www.avermedia-usa.com|66.85.153.58|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2012-07-06 22:51:22 ERROR 404: Not Found.

wget failed - unable to download firmware at /tmp/get_dvb_firmware line 662.

I figured I could just search for AVerTVHD_MCE_A180_Drv_v1.2.2.16.zip or dvb-fe-nxt2004.fw and be in business. Unfortunately, it was not that easy as it took me over an hour to find the file.

I came across linux-firmware-nonfree_1.11_all.deb which contained nxt2004.fw

Since it was so hard to find the firmware file I decided to mirror it along with the original deb package that I got it from.

Files:

• dvb-fe-nxt2004.fw
• linux-firmware-nonfree_1.11_all.deb

To Install:

1. wget http://pyther.net/files/firmware/nxt2004/dvb-fe-nxt2004.fw
2. cp dvb-fe-nxt2004.fw /lib/firmware
3. reload appropriate module or reboot
4. check out dmesg to confirm firmware was loaded

Hope this has helped someone…

Best practice states that passwords should contain letters (mixed case), numbers, and symbols, should be at least 8 characters in length, and should never be used twice. However, this isn’t very practical! How are you suppose to remember a different password for each site you have an account for?

I have been using 4 different password for my various accounts. This method has been working moderately well, but from a security standpoint, it’s suicide. I wanted to use a random password for each of my accounts. But, how would I ever remember all my passwords? A password manager, of course!

What I needed:

• Passwords stored in an encrypted file
• Master password to unlock the encrypted file
• View passwords from the cli/ssh
• Include additional information such as Security Questions and Answers
• Integrated support for Firefox

What I used…

Vim Outliner

Vim Outliner is an outline processor. A screenshot is worth a thousand words.

Encryption

By default when you save the file it will be a simple tab delimited text file. Vim, however, supports encryption. First, you need to set the encryption method by typing :setlocal cm=blowfish. If you want Blowfish to be the default encryption method for vim add the setlocal command to ~/.vimrc. Next, to encrypt the file, type :X. You will be prompted to set a password. Finally, save the file. When you open the file, you will be prompted for the password. If you fail to enter the right password you will see garbage characters.

Firefox Integration  (Mozilla-gnome-keyring)

Mozilla-gnome-keyring allows Firefox to store passwords and form logins in gnome-keyring. Gnome-keyring is much more secure than the default password manager in Firefox. The mozilla keyring must be unlocked to add / retrieve passwords. You can define how long the keyring should remain unlocked for (never, 15 minutes, 60 minutes, etc…). On my desktop I unlock the keyring for 60 minutes, but on my laptop I only unlock it for 10. When logging into a site, Firefox still prompts to  “Remember the Password”.  If you let Firefox remember the password, the password automatically gets recorded in the keyring.

Conclusion

I have been using this solution for about a month and it has fit my needs perfectly. I updated most of my accounts so they each have an unique password such as Dmqngi8ZoPyO or XGVoBOmd7Gar. Passwords are being stored twice: in the password file and in gnome-keyring. Since mozilla-gnome-keyring takes care of adding the passwords into gnome-keyring when I login to a site, I only have to record/update my passwords in the encrypted text file. In the rare case that I’m not at my computer, and I need a password, I simply ssh into my server and open the password file in vim.

Although the password file and keyring is encrypted it is still subject to a brute force attack. Make sure to use a strong master password, the longer the better. I would suggest at least 20 characters. In 2009, it would take a super computer 1.5hrs to crack an 8 character (alpha only; lower-case) password, but it would take 631 Billion years to crack a 20 character (alpha only; lower-case) password. Remember, as computers advance these times will decrease. And of course, a key logger could compromise the master password nearly instantly.

http://www.lockdown.co.uk/?pg=combi&s=articles

So for whatever reason you need to install Windows 7 from a flash drive that’s not a problem!

In Linux:

1. Format flash drive: mkfs.vfat -F 32 /dev/sdx
2. Set Label: mlabel -i /dev/sdd1 ::WIN7x64 (optional)
3. Download Grub4Dos – http://download.gna.org/grub4dos/
4. unzip grub4dos-0.4.4.zip
5. Run ./bootlace.com /dev/sdx
6. Copy grldr and menu.lst to the root of the flash drive
7. Add to menu.lst

   title Install Windows 7
   root (hd0,0)
   chainloader (hd0,0)/bootmgr

8. Copy Win 7 Install files to root of USB flash drive.
9. Boot Flash Drive – Select Install Windows 7

TIP: To install any version of Windows 7 (Home Premium, Professional, Ultimate) remove ei.cfg from the sources directory. However, you still need a product key for the appropriate version.

In Windows:

1. Format Drive as Fat32
2. Copy Files from Install DVD to Flash drive

That’s it, boot from the flash drive you are all good.

Note: The windows disk formater writes code to the MBR and VBR. This obvisouly doesn’t happen in Linux therefore we need to use grub4dos as our bootloader.

Why would I want to use Conditional Forwarding?

In my case, my local dns server has entries for local hostnames such as m2n.ion.lan, mongo.ion.lan, and tux.ion.lan. If I am using the vpn dns, then these address lookups would fail. By using Conditional Forwarding I can do all lookups locally, except for ones that match the remote top level domain (example.local). Anything that matches example.local would be forwarded to the remote dns server.

Problem:

1. Connect to remote vpn server and use local DNS server
2. Ping server.remote.local (remote FQDN) – fail
3. Ping server.ion.lan (local FQDN) – success

Of course the remote ping fails because the local DNS server knows nothing about the remote domain. If I was to configure my machine to use the remote DNS server the opposite would happen. I would be able to ping server.remote.local, but a ping to server.ion.lan would fail.

Solution: Use dnsmasq with conditional forwarding to forward *.work.local requests to the remote dns server.

1. Install dnsmasq using your local package manager

2. Edit /etc/dnsmasq.conf

# Tells dnsmasq to forward anything with the domain of remote.local to dns server 10.25.11.2
server=/remote.local/10.25.11.2

# Listen to requests only coming from the local machine
listen-address=127.0.0.1

# Do not cache anything
# A decent dns server will already cache for your local network
cache-size=0

3. Edit /etc/resolv.conf

# Local LAN Domain
domain ion.lan

# local dnsmasq server
nameserver 127.0.0.1

# Your main dns server (dnsmasq will forward all requests to this server)
nameserver 10.20.1.1

4. Start dnsmasq

5. Test – ping a local server and remote server using the FQDN

All dns requests will be forwarded to 10.20.1.1 except any matching *.remote.local. server.remote.local will be forwarded to 10.25.11.2

The OpenVPN server can pass DNS servers and a domain name to the client. This gives the benefit of using the remote dns servers for local hostname lookups.

Finding a good script that worked to do this provide difficult…

In server.conf add:

push "dhcp-option DOMAIN ion.lan"
push "dhcp-option DNS 10.25.11.2"

Then save this script on the client in same location as the client config

#!/bin/bash

case "$1" in
    up)
	    mv /etc/resolv.conf /etc/resolv.conf.bak

		echo "# Generated by OpenVPN Client UP Script" > /etc/resolv.conf
		for opt in ${!foreign_option_*};
		do
	        echo ${!opt} | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /etc/resolv.conf
        done
        ;;
    down)
        mv /etc/resolv.conf.bak /etc/resolv.conf
        ;;
    *)
        echo "Pass either UP or DOWN"
        ;;
esac

In the client.conf add

script-security 2

up "./vpn_dns_update.sh up"
down "./vpn_dns_update.sh down"

Now connect and check /etc/resolv.conf to see if the VPN nameserver and domain is listed.

One of the things that would always irritate me, with Linux, was the fact that I could not resume my machine by hitting a key on the keyboard.  When I first searched for an answer, to this issue, many of the replies stated “look for an option in the BIOS.” To my dismay, I had no such option in the BIOS. After more searching I found /proc/acpi/wakeup!

/proc/acpi/wakeup looks like this:

Device	S-state	  Status   Sysfs node
UAR1	  S4	 disabled  pnp:00:08
SMB0	  S4	 disabled  pci:0000:00:01.1
USB0	  S4	 disabled  pci:0000:00:02.0
USB2	  S4	 disabled  pci:0000:00:02.1
US15	  S4	 disabled  pci:0000:00:04.0
US12	  S4	 disabled  pci:0000:00:04.1
NMAC	  S5	 disabled  pci:0000:00:0a.0
P0P1	  S4	 disabled  pci:0000:00:08.0
HDAC	  S4	 disabled
MXR0	  S4	 disabled  pci:0000:00:10.0
BR11	  S4	 disabled
BR12	  S4	 disabled  pci:0000:00:12.0
BR13	  S4	 disabled
BR14	  S4	 disabled
BR15	  S4	 disabled
BR16	  S4	 disabled
BR17	  S4	 disabled

Now this might be confusing, at first, but do not fear! We are interested in only two types of devices: USB and US

USB0	  S4	 disabled  pci:0000:00:02.0
USB2	  S4	 disabled  pci:0000:00:02.1
US15	  S4	 disabled  pci:0000:00:04.0
US12	  S4	 disabled  pci:0000:00:04.1

To figure out which device is which take the number after pci: and run grep on dmesg. Example for US15: dmesg | grep 0000:00:04.0

You will likely get a lot of output… you should look for something similar (Note: this differs by hardware, it likely won’t be the same)

[    6.164097] usb usb4: SerialNumber: 0000:00:04.0
[    7.284302] input: BTC USB Multimedia Keyboard as /devices/pci0000:00/0000:00:04.0/usb4/4-3/4-3:1.0/input/input2
[    7.284363] generic-usb 0003:046D:C312.0001: input,hidraw0: USB HID v1.10 Keyboard [BTC USB Multimedia Keyboard] on usb-0000:00:04.0-3/input0
[    7.300110] input: BTC USB Multimedia Keyboard as /devices/pci0000:00/0000:00:04.0/usb4/4-3/4-3:1.1/input/input3
[    7.300287] generic-usb 0003:046D:C312.0002: input,hiddev96,hidraw1: USB HID v1.10 Device [BTC USB Multimedia Keyboard] on usb-0000:00:04.0-3/input1

As you can see US15 is my USB keyboard so I will simply run echo "US15" > /proc/acpi/wakeup to allow US15 to wake up the computer.

USB0	  S4	 disabled  pci:0000:00:02.0
USB2	  S4	 disabled  pci:0000:00:02.1
US15	  S4	 enabled   pci:0000:00:04.0
US12	  S4	 disabled  pci:0000:00:04.1

If it is not appearant which devices are which there is always the trial and error process. Enable one, see if the desired device wakes up the machine and if it doesn’t, disable the device (by executing the echo command again) and try another.

Lastly just add the echo command to your startup script. On Arch /etc/rc.local is a good place.

There is a bug with PacketTracer which seems relatively minor but can cause a lot of frustration to users.

Take me for example: I am taking Cisco 3. It has been 2 years since I took Cisco 1 and 2. The first day in class we were given a review packet tracer file to work on. I forgot to save and when I finally remembered it bit me in the but! I went to save my work and PacketTracer crashed! I lost everything.

Issue: PacketTracer 5.2.1 crashes / segfaults on linux when saving files.

Reason: PacketTracer 5.2.1  is built against Qt 4.4.3.  However, it is using the system version of Qt which is likely newer. In my case, I’m using Qt 4.5.3. Many other distributions also use 4.5.3. It appears that there has been a code change between Qt 4.4.3 and 4.4.5; therefore, making 4.4.5 incompatible with PT 5.2.1.

Solution: Have PacketTracer use the qt libs that it ships with.
This  can be accomplished with the use of LD_LIBRARY_PATH and a shell script.

#!/bin/sh

export LD_LIBRARY_PATH="/opt/pt/lib"
/opt/pt/bin/PacketTracer5

Adjust the paths as necessary, save the file, and make it executable.
PT might not look as nice and pretty, but it won’t crash!

I was asked to convert some European (PAL) dvds to the American (NTSC) format. With the help of a few linux tools, the process is pretty painless. A cautionary note: the process takes about 3 hours for one dvd using  my AMD X2 7750.

What you need:

• vobcopy or dvdrip
• projectx
• avidemux
• mplex (part of mjpegtools)
• wine
• dgpulldown.exe (windows app)
• dvdauthor
• dvdxchap (part of ogmtools)

First, we need to rip the DVD to the computer. We can do this by using dvdrip or vobcopy. Vobcoby is a simple command line utility that rips vob files straight from the dvd to the hard drive. dvdrip is a gui tool which is very easy to use. Load it up, create a new project, select the rip tab, and pick the title you want to rip. Ripping the dvd will probably take anywhere from 15-20 minutes.

Vobcopy Example: cd /home/pyther/dvdrip and vobcopy /dev/sr0

Next, we want demux (seperate) the audio and the video. ProjectX is very easy to use for this task and ProjectX insures the video and audio stay in sync.

To Demux the video:

• Start projectx
• File->Add
• Select all the vob files that were just created
• At the bottom where it says “recent output directories” select “output to same location as 1st file in collection”
• Then click the Quick Start button on the side

This result in the following files being created:

• *.m2v = mpeg 2 video file
• *.ac3 = AC3 Audio File
• *.sub = Subtitle Files

If there are multiple audio tracks you will see zorro-001.ac3, zorro-001[1].ac3, zorro-001[2].ac3
In my case:

• zorro-001.ac3 == Hungarian
• zorro-001[1].ac3 == English
• zorro-oo1[2].ac3 == Directors Comments

Lets clean up the directory right now:

• move *.vob files into a new folder called vob
• move *.sub into a new folder called subs
• Rename the audio files (ex. zorro-001.ac3 -> hu.ac3)
• Remove any audio tracks that you do not want in your remastered dvd (ex. Directors Comments) (more…)

Well  I got up this morning at 4:30am and headed of at 5:15am to Columbus, Ohio. The trip wasn’t bad, however the fog made it a bit harder. After 2hrs and 20 minutes in the car I made it. 1hr 30min early. I got breakfast, and looked over a few things.

The exam was fairly easy and took me about 1hr 30 minutes to complete. I got stuck on the last part of the exam which involved auto-mounting.

On my way home I stopped at Hardee’s, a great burger place!

We were instructed that we would be given an email letting us know if we passed or failed.

I have been using Arch Linux since 2005. It is a great distro and there are a few devs that are still keeping it the Arch Way. For this I am grateful. However, the community has taken a change for the worse. When I first started using Arch if you asked a noob question you were given a man page or a google query. If you wanted to succeed with arch, you had to read up. I think this turned away a good amount of users, but that was the type of distro Arch was. Now the community is soft, we are willing to put up with people that have no clue what they are doing and that can’t survive on their own!

ataraxia summed it up very well:

“A part of me really misses those old days. We’re far too welcoming of people who don’t substantially get what The Arch Way is even about, or who just don’t agree with it. Arch hasn’t been materially harmed by the changes, but I think we’re overly patient in these forums nowadays with people that are just too inexperienced to succeed anyway, and even more so with BIGNUM practically-identical threads that could have been avoided by simply reading the last day’s posts (or even the front page news) before posting a new thread.”