SysAdmin Blog | Alexander Bochmann

installing GRML to an USB stick from Windows using UNetbootin...

Alexander Bochmann Monday 01 of November, 2010

...there's actually nothing to it, although GRML is not one of the supported Linux distributions in UNetbootin.

Task: Install a live Linux distribution to a FAT-formatted USB stick without losing all the data that's already on it (which rules out the "rawrite2 ISO Image to USB stick" option).

GRML (cache) is a Linux live CD (based on Debian) with all the useful sysadmin tools (and a huge boot menu with alternate stuff that's also on the CD, like a FreeDOS boot image).
UNetbootin (cache) creates bootable USB sticks from predefined plugins, from ISO files, or disk images.

So, download GRML, download UNetbootin, start UNetbootin, select "ISO Image" option and the GRML ISO file (I used grml-small), press OK, wait.

That's it.

Xubuntu suddenly starts metacity...

Alexander Bochmann Monday 19 of July, 2010

Today I logged into my workstation and things looked different than before the weekend. Starting window manager settings from the XFCE4 settings manager didn't work either.

After some headscratching (and running xfwm4-settings from the command line to get it's messages) I found out that Ubuntu had decided to run metacity instead of xfwm as window manager - no idea why.

To get rid of it, the hard way:

aptitude purge metacity gnome-session
update-alternatives --set x-session-manager /usr/bin/xfce4-session

wicd

Alexander Bochmann Sunday 23 of May, 2010

Recently I've been installing Ubuntu 10.04 on an old laptop with just about 160MB RAM (and a 300MHz Celeron CPU)...

After some tweaking the system runs quite nice with LXDE (cache) as desktop environment, and Opera works good as a web browser (as long as I don't access any extremely JavaScript-heavy sites). Just having to use NetworkManager with all it's GNOME dependencies for easy wireless setup was somewhat of a pain.

A post on the LXDE forums mentioned wicd (cache) as an alternative. The version included with Ubuntu just works, although the dialogs are somewhat clunky on an 800x600 display. But then there's also a cli and a curses version of the frontend. Doesn't seem as if I'm going to look back to NetworkManager...

Things I did to save some memory (besides removing anything GNOME-ish):

remove all the Landscape tools
remove AppArmor
use mrxvt instead of the LXDE Terminal (yeah I know, dropping LXDE completely would help a lot more)
purge ureadahead (cache) because of (probably) bug 543230 (cache).
blacklist all filesystem modules I don't use so the kernel doesn't load them
some more stuff I'll add as soon as I remember what it was

rrrraaaarrrghhhh... Ubuntu upgrade rant.

Alexander Bochmann Wednesday 14 of April, 2010

Why is it that graphics support is broken after each upgrade of a Linux distribution?

Upgrading from Ubunu 9.10 to 10.04 beta... On my work ThinkPad T60, kernel crashes on boot unless "nosplash" is specified. X starts up, but the dualscreen setup doesn't work anymore. One panel (DVI) can't sync after some time, the other (VGA) is distorted. Switching from radeon to radeonhd driver solves the problem, but in the old version, radeonhd was the driver with frequent crashes and other problems.

...and why the hell does xinput now expect device IDs as input instead of the device name?

At least everything else seems to basically do what's expected, and I finally have Firefox 3.6 and Thunderbird 3...

disabling ipv6 and AAAA lookups on OpenBSD 4.6

Alexander Bochmann Wednesday 09 of December, 2009

Up to OpenBSD 4.5, running a system with no ipv6 connectivity was somewhat of a nuisance - the resolver would look for AAAA records first, returning (unreachable) ipv6 addresses...

In OpenBSD 4.6, there's a new resolv.conf (cache) option, which allows to disable this behaviour or set a preference (and inet4 is preferred by default):

#/etc/resolv.conf
family inet4

IPv6 addressing can be disabled by setting "-inet6" on interfaces.

See "Re: How to disable IPv6?" by Todd T. Fries openbsd-misc (cache).

graphing spamdb state with munin - v2

Alexander Bochmann Saturday 21 of November, 2009

Some small updates from yesterday:

added a graph for distinct hosts in greylist db
to that end, now writing the two values I need from spamdb output to a temp file, so I don't have to run it twice
changed colours for the graph lines (needs munin > 1.2.5 on the server)
set lowest display value to 11 to better use space available for graphing (might need to be changed if trapped entries drop very low)

#!/bin/sh
#
# Parameters:
#
#       config   (required)
#       autoconf (optional - used by munin-config)
#
# Magick markers (optional):
#%# family=auto
#%# capabilities=autoconf
#
# A. Bochmann 2009, based on standard munin plugin

if [ "$1" = "autoconf" ]; then
        if ( spamdb >/dev/null 2>&1 ); then
                echo yes
                exit 0
        else
                if [ $? -eq 127 ]; then
                        echo "no (could not run \"spamdb\")"
                        exit 1
                else
                        echo no
                        exit 1
                fi
        fi
fi

if [ "$1" = "config" ]; then
        echo 'graph_title spamdb state'
        echo 'graph_args --logarithmic --base 1000 -l 11'
        echo 'graph_vlabel spamdb state counts'
        echo 'graph_category other'
        echo 'graph_scale no'
        echo 'GREY.label greylist entries'
        echo 'GREY.type GAUGE'
        echo 'GREY.colour 000066'
        echo 'GREY_HOSTS.label greylisted hosts'
        echo 'GREY_HOSTS.type GAUGE'
        echo 'GREY_HOSTS.colour 3333CC'
        echo 'WHITE.label whitelisted hosts'
        echo 'WHITE.type GAUGE'
        echo 'WHITE.colour 00FF00'
        echo 'TRAPPED.label trapped hosts'
        echo 'TRAPPED.type GAUGE'
        echo 'TRAPPED.colour FF0000'
        exit 0
fi

TMPFILE=`mktemp -p /var/tmp spamdb.XXXXXXXXXX` || exit 1
spamdb | awk -F'|' '$1 != "SPAMTRAP" {print $1 " " $2}' > $TMPFILE
awk '{print $1}' $TMPFILE | sort | uniq -c | awk '{print $2 ".value " $1}'
awk '$1 == "GREY" {print $2}' $TMPFILE | sort | uniq | wc -l | awk '{print "GREY_HOSTS.value " $1}'
rm $TMPFILE

graphing spamdb state with munin

Alexander Bochmann Friday 20 of November, 2009

Note: This script has been updated.

I'm using the OpenBSD spamd (cache) to do greylisting on my mailserver. Greylisting is still a surprisingly efficient method to deter spammers, especially those brute-forcing through random recipient lists.

On the downside, mailserver statistics generated by Mailgraph (cache) don't say much about current spammer activity anymore, as most connections just don't reach the mail server with a setup like this.

So the following small Munin (cache) plugin sums up information from the spamd database (number of greylist, whitelist, and trapped entries). Note that the number of entries doesn't match the number of sender hosts, as spamd stores information about each host/sender-address/recipient-addres combination.

#!/bin/sh
#
# Parameters:
#
#       config   (required)
#       autoconf (optional - used by munin-config)
#
# Magick markers (optional):
#%# family=auto
#%# capabilities=autoconf
#
# A. Bochmann 2009, based on standard munin plugin

if [ "$1" = "autoconf" ]; then
        if ( spamdb >/dev/null 2>&1 ); then
                echo yes
                exit 0
        else
                if [ $? -eq 127 ]; then
                        echo "no (could not run \"spamdb\")"
                        exit 1
                else
                        echo no
                        exit 1
                fi
        fi
fi

if [ "$1" = "config" ]; then
        echo 'graph_title spamdb state'
        echo 'graph_title spamdb state'
        echo 'graph_args --logarithmic --base 1000 -l 1'
        echo 'graph_vlabel spamdb state counts'
        echo 'graph_category other'
        echo 'graph_scale no'
        echo 'GREY.label grey'
        echo 'GREY.type GAUGE'
        echo 'GREY.max 500000'
        echo 'WHITE.label white'
        echo 'WHITE.type GAUGE'
        echo 'WHITE.max 500000'
        echo 'TRAPPED.label trapped'
        echo 'TRAPPED.type GAUGE'
        echo 'TRAPPED.max 500000'
        exit 0
fi

spamdb | awk -F'|' '$1 != "SPAMTRAP" {print $1}' | sort | uniq -c | awk '{print $2 ".value " $1}'

As the number of GREY entries is usually an order of magnitude higher than the whitelisted (or trapped) entries, I'm using a logarithmic scale on this graph. Otherwise the two smaller values will just be flattened out...

Example graph:

spamdb graph output

dualbooting Windows 7 and Debian Linux

Alexander Bochmann Sunday 04 of October, 2009

I was just about to write on how to configure a Linux dualboot entry for the Windows 7 bootmanager with bcdedit (cache) - there are some slight differences to how to do it under Vista (namely setting "device partition=c:" instead of "device boot").

But the article How to Dual Boot Windows 7 and Linux using BCDEdit (cache) explains it all already. If you have an existing Linux system, install Grub to your Linux partition instead to the MBR, and start reading from the "Configuring for Dual Boot" section near the end of the article.

Now I just need to find out how to prevent Bitlocker from asking for the recovery key every time I want to boot Linux...

Ubuntu on ThinkPad T60 frequency scaling weirdness

bochmann Monday 27 of April, 2009

Recently, I've been noticing that my (office) ThinkPad T60 keeps telling me it's CPU runs at just 1GHz, regardless of the CPU load.

cpufreq-info said something like

current policy: frequency should be within 1000 MHz and 1000 Mhz.

Even more interesting, as soon as I unplugged the power, I got the message I expected:

current policy: frequency should be within 1000 MHz and 1.83 GHz.

Solution, thanks to the ThinkWiki article about frequency scaling problems (cache):

Just add

processor.ignore_ppc=1

to the kernel command line. Now frequency scaling and the CPU governors work as expected.

have Firefox 3 display domain names for non-EV SSL sites

bochmann Friday 10 of April, 2009

I'm not a particular fan of many of the UI choices for SSL sites in Firefox 3 anyway, but what I really don't unterstand at all, is why browser.identity.ssl_domain_display = 1 has not always been a default. (Setting this through about:config will make Firefox display the domain name in the favicon field, similar to what it does for sites using an extended validation certificate.)

Blog Actions