survietamine's microblog

claws-mail reply model

tired of Mozilla Thunderbird, I’m testing (more deeply this time) claws-mail.

One funny feature is the Model writing script (see settings).
Here follows my reply-model script :

%cursor

%account_sig

(i) en réponse au message de %fullname (%email),
(i) du %date_fmt{%d/%m/%Y} à %date_fmt{%H:%M}, ?s{intitulé "%subject", } !s{sans sujet (!)}
(i) adressé à : %to
?c{(i) en copie à : %cc \n}?i{(i) message id : %messageid }

%quoted_msg_no_sig

[find] using -regextype

I don’t know about you.

But for me it’s a pain to escape special chars like that :

[survietamine@desktop omsa-live]$ find -iregex '.*\(contact\|dset\).*'
./DSET_Report_for_Centrapel[localhost.localdomain-SvcTag-16H3F4J-PER710].zip
./data/tmpreport/dsetinfo.xml
./data/xml/oma/docs/dset.css
./data/linux/dsetmemory
./data/linux/dsetboot
./data/linux/xml/dsetboot.xml
./data/linux/xml/dsetmemory.xml
./data/linux/xml/dsetnetwork.xml
./data/linux/xml/dsetmodules.xml
./data/linux/xml/dsetstorage.xml
./data/linux/dsetnetwork
./data/linux/dsetstorage
./data/linux/dsetmodules
./data/dell/DSET
./data/dell/DSET/dsetinfo.log
./data/dell/DSET/omsaliteinstall.log
./data/dell/DSET/omsaload.log
./data/dell/DSET/CDDVDDeviceEnumerator.log
./data/dell/DSET/IdeDevDiagEnumeration.log
./data/dell/DSET/SysReader.log
./data/dell/DSET/ScsiDevDiagEnumeration.log
./gui/contactinfo.htm
./gui/dset.css
./gui/images/productname-dset.gif
./gui/dsetreport.hta
./dsetreport.hta



So, I think it’s better to set an aliases that add ‘-regextype posix-extended’ (or whatever extended regexp you prefer), to be able to write like this :

[survietamine@desktop omsa-live]$ find -regextype posix-extended -iregex '.*(contact|dset).*'
./DSET_Report_for_Centrapel[localhost.localdomain-SvcTag-16H3F4J-PER710].zip
./data/tmpreport/dsetinfo.xml
./data/xml/oma/docs/dset.css
./data/linux/dsetmemory
./data/linux/dsetboot
./data/linux/xml/dsetboot.xml
./data/linux/xml/dsetmemory.xml
./data/linux/xml/dsetnetwork.xml
./data/linux/xml/dsetmodules.xml
./data/linux/xml/dsetstorage.xml
./data/linux/dsetnetwork
./data/linux/dsetstorage
./data/linux/dsetmodules
./data/dell/DSET
./data/dell/DSET/dsetinfo.log
./data/dell/DSET/omsaliteinstall.log
./data/dell/DSET/omsaload.log
./data/dell/DSET/CDDVDDeviceEnumerator.log
./data/dell/DSET/IdeDevDiagEnumeration.log
./data/dell/DSET/SysReader.log
./data/dell/DSET/ScsiDevDiagEnumeration.log
./gui/contactinfo.htm
./gui/dset.css
./gui/images/productname-dset.gif
./gui/dsetreport.hta
./dsetreport.hta



[imageMagick] easy resize of images with ratio keeping

ImageMagick is a real swiss knife for people that want to manipulate pictures.
In this post, I’ll only give an easy way to resize an image and keep its proportions.

Suppose you have an nice wallpaper (eg, downloaded from Vlad Studio site) on your “full HD” (ok, now i’m supposed to say “hd 1080p”…), and your girlfriend wants it on her laptop which resolution is 1440x900.

Consider these assertions :
1980x1080 is the TV/cinema (16/9) format (now imported to most computer monitors)
1440x900 is an computer format (16/10)

Their ratios are :
16/9 (or 1920/1080) : 1.77777777777777777777
16/10 (or 1440/900, 1280/800, 1920/1200) : 1.6

In this example, i’ll only use 2 ImageMagick commands (see documentation for more) :

syntax : convert image_src -resize geometry image_dst

example :
[survietamine@desktop Downloads]$ identify vladstudio_atlantis_docking_1920x1080.jpg
vladstudio_atlantis_docking_1920x1080.jpg JPEG 1920x1080 1920x1080+0+0 8-bit DirectClass 529KB 0.000u 0:00.000

[survietamine@desktop Downloads]$ echo '1920/1080' | bc -l
1.77777777777777777777

[survietamine@desktop Downloads]$ convert vladstudio_atlantis_docking_1920x1080.jpg -resize 1440 vladstudio_atlantis_docking_1440.jpg

[survietamine@desktop Downloads]$ identify vladstudio_atlantis_docking_1440.jpg
vladstudio_atlantis_docking_1440.jpg JPEG 1440x810 1440x810+0+0 8-bit DirectClass 351KB 0.000u 0:00.000

[survietamine@desktop Downloads]$ echo '1440/810' | bc -l
1.77777777777777777777

For more information about the ‘geometry’ section of ImageMagick :
http://www.imagemagick.org/script/command-line-processing.php?#geometry

chmod +X

For those that already know well how to change permissions, this memo won’t be usefull.
Maybe, it can be usefull to some others.

umask is generally fixed to 022.
This mask will be applied every times you create files and directories.

For directories, umask will be combinated with max permissions 0777 :
0777 - 022 = 755 (rwxr-xr-x)
For files, umask will be combinated with 0666 :
0666 - 022 = 644 (rw-r—r—)

You can change umask() value for 1 user or the whole system.

But, sometimes, you don’t want to do that and need to set permissions for only 1 directory.

example :
Suppose you (leader of a project) have 1 directory with normal 755.
Now, you want to share it with your team, you want to put it in some share.
On the share, now you want 750 for directories and 640 for files.

So you start with something like this :
drwxr-xr-x leader team  15 oct.  2009 /some/common/directory

You want : group (team) to be able to read files and directories above /some/common/directory

By doing : chmod -R g+r /some/common/directory
All files will be readable by group (team).
But the bad is that directories need ‘x’ bit to be accessed.
If you do : chmod -R g+x /some/common/directory
You’ll set ‘x’ for files and directories.

Before starting to write a script based on `find -type d`, have a look at `chmod +X` (X in capital) will ask chmod to set ‘x’ only where needed.
It will set ‘x’ only for directories.
So, for our case, something like this :
chmod -R go-rx /some/common/directory
chmod -R g+rX /some/common/directory

[proxy] SSL interception using squid

In this article, I’ll show you how to configure Squid to act like an ‘man-in-the-middle’ with HTTPS connections.
If you’re not doing that for yourself (eg : your company/association, you MUST tell people about that, it is ILLEGAL).

credits : to achieve this, I mainly have read this documentation (but I did not yet implement dynamic certificates generation) :
http://wiki.squid-cache.org/Features/DynamicSslCert

Normal behavior of proxies while serving HTTPS sites is to “not acting as mandatoring”.
The connection between the web site and the client is direct.

The only thing you can see in logs (access.log) is ip/fqdn address with method CONNECT (instead of GET/POST) :
1293606062.453    188 192.168.0.1 TCP_MISS/200 5595 CONNECT secured.site.org:443 - DIRECT/12.34.56.78 -

As Squid don’t know about URL, you will only be able to write an ACL that focus on the domain (eg : dstdomain) or ip address.

If for some reasons, you need to allow an HTTPS site (domain/ip), but want to forbid an URL on it, this can be done with usage of ssl-bump feature of Squid.

• installation :
  As this is not normal behaviour and you break the trust on SSL by doing this, many distros won’t provide this feature in their binary packages.
  If you are running on Debian based distro, you’ll need to get the sources of Squid and to compile it with ‘—enable-ssl’ option.
  For now, I personnaly gave up with Debian/Ubuntu for this Squid mitm install and did it with ArchiLinux and it works like a charm.
  
  
• self-signed certificate (pem format) generation :
  openssl req -new -newkey rsa:1024 -days 3650 -nodes -x509 -keyout your.company.com.pem  -out your.company.com
  
  
• if needed, you can generate the certificate to import on browsers (to avoid the warnings about the security breach) :
  openssl x509 -in www.yourcompany.com.pem -outform DER -out www.yourcompany.com.der
  
  
• Squid configuration (squid.conf) :
  I post here only important parts.
  
  acl …
  acl …
  # you must have CONNECT acl
  acl CONNECT method CONNECT
  
  acl clientsboxes dstdomain www.secure.clientsboxes.com
  acl nationalbank dstdomain www.nationalbank.biz
  
  # write some ACL to test URL filter on HTTPS (interception)
  acl rebootbox url_regex ^https://www.secure.clientsboxes.com/path/*to/*reboot/*servers
  
  acl dropaccount url_regex ^https://www.nationalbank.biz/*showmethemoney/*dropthisaccount
  
  # maybe not in the future, but we need this :
  always_direct allow all
  
  # permissions sections (allow / deny)
  http_access allow…
  http_access allow…
  http_access allow…
  http_access deny …
  http_access deny …
  http_access deny …
  
  # some sites need this :
  sslproxy_cert_error allow nationalbank
  #sslproxy_flags DONT_VERIFY_PEER
  
  
  # ssl_bump means that you want to intercept (MITM) this SSL connection
  ssl_bump allow clientsboxes
  ssl_bump allow nationalbank
  
  # and we don’t want to intercept others SSL sites :
  ssl_bump deny all
  
  # now, you can tell Squid you want to forbid theses HTTPS url :
  http_access deny rebootbox
  http_access deny dropaccount
  …
  http_access allow localnet
  http_access allow localhost
  http_access deny all
  
  # tell Squid you want to intercept SSL
  # /!\ SSL interception is not compatible with transparent proxy
  # so DON’T write here ‘intercept’ (new name for ‘transparent’)
  http_port 3128 ssl-bump cert=/path/to/your/self-signed/cert/www.yourcompany.com.pem

Now, you’ll see full URL in logs and url based ACL will be operationnal.

web coding basics : REST

I see so much dirty apps and ERP with their own ways to write/exchange data ;
so if I can advice coders to re-read this article about REST regularly before writing their crappy codes [hope… ]

http://tomayko.com/writings/rest-to-my-wife

Several translations are available, below the-one for French people :
http://www.pompage.net/pompe/comment-j-ai-explique-rest-a-ma-femme/

hard disk data recovery

Recently, I had to recover data on a defective hard drive.

Informations on this page helped me : https://help.ubuntu.com/community/DataRecovery

So, this is a memo (in case the source page disappear) :

• if your partition table is broken, try to fix it with tools like : testdisk, ntfsfix (ntfsprogs package)

• install ddrescue (on Debian based) :
  apt-get install gddrescue
  ddrescue is able to build an image file of your disk/partition
  
  
• try to recover maximum data, the fastest way possible :
  ddrescue —no-split /dev/hda1 imagefile logfile
  
  
• you can ask ddrescue to retry (3 times here) :
  ddrescue —direct —max-retries=3 /dev/hda1 imagefile logfile
  
  
• you want more (retrim = reread full sector) ?
  ddrescue —direct —retrim —max-retries=3 /dev/hda1 imagefile logfile
  
  
• now, you can install foremost
  This tool will be able to read your image file to recover files and store them by mime-types (extensions) : pdf, xls, xlsx, doc, docx…
  foremost can do partition to partition recovery, partition to directory
  Equivalent to foremost : magicrescue, photorec, scalpel…
  
  
• ask foremost to rebuild files :
  mkdir -p /mnt/recovery/foremost
  foremost -i image -o /mnt/recovery/foremost
  
  of course, the destination of recovered files must not be on the junk drive !

[ssh] remove hash for an host

When connecting to a new host, the corresponding RSA fingerprint is showing up and you are prompted to add it

This hash is checked every time you connect to the host.
If this hash has changed (OS reinstall, servers upgrade/switching…), a warning is displayed and you are not able to connect to the host.

OK, you can delete the line by editing ~/.ssh/known_hosts file.
But the proper way is the following via ssh-keygen command :

[survietamine@mybox ]$ ssh-keygen -R remoteHost
/home/survietamine/.ssh/known_hosts updated.
Original contents retained as /home/survietamine/.ssh/known_hosts.old

[archlinux] VirtualBox post-installation steps

This is printed after installation of virtualbox-sun package.
So, if you prefer virtualbox-ose (Open Source Edition) since Sun is now a part of Oracle, check these points :

»> NOTE:
»>  - Run “sudo /etc/rc.d/vboxdrv setup”, every time your kernel is upgraded,
»>    to compile virtualbox driver modules for a new kernel version.
»>  - Add your users to the vboxusers group:
»>      gpasswd -a USERNAME vboxusers
»>  - Customize your “/etc/conf.d/vboxdrv”; usually, defaults are OK.
»>  - Add “vboxdrv” to DAEMONS array in your “/etc/rc.conf”, if needed.
»>  - If USB does not work for you out-of-the-box, add the following line
»>    to your “/etc/fstab”:
none /proc/bus/usb usbfs auto,busgid=108,busmode=0775,devgid=108,devmode=0664 0 0
Dépendances optionnelles pour virtualbox-sun
    dkms: for building and loading VirtualBox modules
    qt: for Oracle VirtualBox QT4 GUI on X-Window System
    sdl: for Oracle VBoxSDL and VirtualBox GUI on console
    vfuse: for mounting VBox (VDI/VMDK/VHD) disk images

clonezilla-live config

• unlike Microsoft Windows, unix-like systems installation like BSD or GNU/Linux need only a few GB
• usb sticks with 8 GB and more are now really cheap
• yes, clonezilla is fine
• yes, clonezilla server version is very fine
• but sometimes, it’s pretty fine too to be able to backup and restore system disks/partitions images from only 1 usb stick.
• so let’s go

As I spent some time on this project, I wrote here a memo about “clonezilla live” on USB stick config

Here are the few importants highlights, in near future, i’ll post an complete version with all commands :

1. create the clonezilla like described on their page
2. boot on the USB stick and choose “clonezilla-live in RAM” mode under “Other clonezilla-live modes” menu.
3. if you booted the “in RAM” version, you could select your usb stick in the “user_local” window
4. select the root (/) directory from the usb stick to store the image
5. give it a explicit name, my choose is “YYYYMMDD-model-osversion”
6. when image is created, mount the stick and move the image directory (for me : /YYYYMMDD-model-osversion) to /home/partimage directory of the usb stick
7. for automated restoration modify the file /syslinux/syslinux.cfg with a section like this (under MENU) :
   label restore mybox
     MENU DEFAULT
     # MENU HIDE
     MENU restore mybox
     # MENU PASSWD
     kernel /live/vmlinuz
     append initrd=/live/initrd.img boot=live union=aufs hostname=lucid quiet noswap edd=on noprompt ocs_live_run=”ocs-live-restore” ocs_live_extra_param=”-g auto -p reboot restoredisk 20100608-dell-vostro320 sda” ocs_live_keymap=”/usr/share/keymaps/i386/azerty/fr-latin9.kmap.gz” ocs_live_batch=”no” ocs_lang=”fr_FR.UTF-8” video=uvesafb:mode_option=1024x768-32 ip=frommedia  nosplash
     TEXT HELP
     image restoration of my lovely linux box
     ENDTEXT
8. comment out the other MENU DEFAULT entry from MENU section.

[archlinux] apt-file equivalent

pacman and yaourt are great but…
…

Q: Is there an equivalent to apt-file (GNU/Debian) that allows to search for a file within packages not installed (on repositories) ?

A: pacfile

eg :
pacfile mkfs.vfat
extra/dosfstools-3.0.9-1 sbin/mkfs.vfat
extra/dosfstools-3.0.9-1 usr/share/man/man8/mkfs.vfat.8.gz

parallel ssh

pssh and consors are usefull if you administrate a huge number of *nix boxes.

But adding hundred of fingerprints on your ~/.ssh/known_hosts file may take some time.

On a trusted network, here how to bypass this, by using SSH option :

add SSH option (-O) “StrictHostKeyCheckin=no” to the pssh, pscp, pslurp… command

e.g :
pssh -P -h machines.list -O=StrictHostKeyChecking=no uptime

transparent xlock

@work, when i leave my desk, i have to lock the screen because of open spaces conditions.

But, one of my monitors displays is used for servers monitoring purpose.
To enable my coworker to watch it i don’t want animation when screen is locked.

This does work with the xlockmore package :

xlock -mode blank -geometry 1x1

[wii] wbfs management

Xmas and a lot of gifts “duty” are coming…

My son wish for Xmas is a Wii.

As I prefer him not to switch Optical media, i browse the web for infos about the scene.

Yes, even if the DVD media backups copies can work with some loaders, I prefer to prevent alteration, then reburn (slow burning is required for Wii, I use 1x speed)…
And avoiding optical medias will save : switching time, loading time, life of the optical drive lens…

Conclusion : it’s possible to store backups directly to WBFS partition instead of ISO format. USB Loader GX was easy to install, even after last system update (4.2e) through Home Brew Channel.

The great part about that is the ability to convert back to ISO if you want to burn it.

Under GNU/Linux, getting wbfs tool to work was real kiddy :

• get tarball here : http://github.com/kwiirk/wbfs
• untar it with : tar xzfv kwiirk-wbfs-b607c30.tar.gz
• doing ‘make’ on the untared folder
• then wbfs binary is available

pre-requisites :

• an empty (not formatted) partition : they recommend Gparted on the readme but, of course, you may (as I did) use others tools (fdisk…).
• wbfs 1st commands (replace /dev/sdb1 with your right path) :
  • wbfs -p /dev/sdb1 init : initializes your partition (be careful : 1st time only, because it will empty your partition ! )
  • wbfs -p /dev/sdb1 add /path/to/your/iso : adds the game to this partition
  • wbfs -p /dev/sdb1 ls : lists games on your partition
  • wbfs -p /dev/sdb1 df : shows free disk space

P.S. : the ‘-p /dev/sdb1’ is optional for commands after the init

This installation works like a charm of the Wii with 2.5in USB hard drive or USB stick (even cheap ones).

about history command

history is a usefull command for many purposes like “recall a command”, investigation…

This memo is about ‘history tips’ i find useful :

• add date and time :
  export HISTTIMEFORMAT=”%F %T “ (or any strftime format, I prefer : %Y%m%d %F)


• hide some commands, this may be usefull if you wanna type passwords (like FTP, mysql…) :
  • export HISTCONTROL=ignorespace
  • prefix commands you want to hide with a space
    
    
• ignore some commands that are not important (for you) :
  export HISTIGNORE=”pwd:ls:cd:”
  
  
• re-use a previous command argument :
  Suppose that, before deleting a file, i prefer to check it with ls first…
  • ls -lh /path/to/the/file/i/want/to/check/myfile
  • rm -f !ls:2 
    :2 refers to 2nd argument i passed to command ls found in history

credits go mainly to this site : http://www.thegeekstuff.com/2008/08/15-examples-to-master-linux-command-line-history/