Archive

Author Archive

Ubuntu keeps sending DNS queries to daisy

12 December 2014 Leave a comment

Recently I noticed that my Linux desktop (Ubuntu 14.04.1 LTS)  sends a DNS query to daisy.ubuntu.com about every 8 seconds. I do not want that, so I did some googling. Turns out that it is a known issue for more than 2 years.

What is happening

A service called whoopsie is actively doing those repeated queries to check if your system is on-line. A misconfiguration in the combination of network manager and dnsmask makes the query to always go to the internet instead of caching the query result for some time. There are several workarounds that stop this, see e.g. https://bugs.launchpad.net/whoopsie/+bug/991481/comments/19

On my desktop computer, I have statically configured my network, so it is not that useful to have the network manager active. I decided to permanently stop this service.

sudo -s
initctl stop network-manager
echo 'manual' > /etc/init/network-manager.override

That should make the query seems less often, it should prevent disabling caching. Unfortunately I see the queries as much as before. So, even as I do see some usefulness in reporting errors, the error reporting should only go on-line after I allow it to go on-line, and not every few seconds, so whoopsie has to go..

Removing whoopsie

The solution to this constant DNS traffic is to switch-off whoopsie. I decided that uninstalling it was the easiest way, and you can undo it by installing it again. So uninstall it, like this:

sudo dpkg --remove whoopsie

After that, no DNS queries to daisy.ubuntu.com anymore!

Categories: Linux Tags: , ,

Managing the TPM 1.2 with Windows Powershell and WMI

14 May 2014 Leave a comment
Categories: Uncategorized Tags: , ,

Touch Pad gone bad? Not!

7 September 2013 Leave a comment

Last week, on my old net-book, suddenly the touch pad stopped working. An external mouse worked fine. It is an Acer Aspire One, with a 8.9″ screen, that came cheap with Linux pre-installed. That was years ago, so no warranty.

I already blamed a faulty driver update, but even after some new upgrades, the touch pad did not start working again. Could the hardware  be faulty. Well just Googling to find if others also had this problem, I found an easy fix. It was NOT the hardware or the driver, just switched off, somehow.  You can enable/disable the touch pad with Fn+F7.

So I might have disabled the touch pad by Fn+F7 by accident. Pressing Fn+F7 again enabled it again, so problem solved.

Categories: Things

webserver experimenten

7 July 2013 Leave a comment

Aangemoedigd door een serie blogs op ArsTechnica en ook omdat er hier eens nginx werd gebruikt en niet apache, heb ik op mijn thuis linux web browse machine de stappen gevolgd om deze tools te bouwen.

De PPA repository voor nginx in het artikel geeft een oudere versie uit de 1.5.x reeks. Intussen is er ook een officiele repository op de nginx site zelf. Ook voor mariaDB is de repository link intussen veranderd.

Ik heb hierbij het certificaat deel met het aanvragen van een echt trusted certificaat overgeslagen en een Self Signed Certificate gebruikt volgens deze instructie, maar ook hier iets, met het idee om later toch nog eens een ‘echt’ certificaat te regelen dat wel door iedereen ‘trusted’  is.

De genoemde instructies waren niet duidelijk m.b.t. welke file nu wat precies bevat en die dan waar gebruikt moet worden in de nginx configuratie. Na wat proberen en testen wel werkend gekregen. Is goed voor een latere blogpost. Het netjes configureren van IPv6 in nginx was een uitdaging, maar uiteindelijk niet moeilijk (als je de oplossing weet). Belangrijk is dat je in de listen regel alleen een poortnummer opgeeft en , maar geen dns-naam. De dns naam (als je z.g. hostheaders gebruikt en meerdere ‘vhosts’) komt in de server_name regel. De betreffende stukjes configuratie zien er nu zo uit:

server {
#listen 80 default_server; #deze staat standaard aan
listen [::]:80 default_server ipv6only=on;
server_name _www.roheve.nl;
….
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl ipv6only=on;
server_name _www.roheve.nl;
….
}

In dit blog nog wat uitleg over bijzonderheden over ipv4 en ipv6 onder linux (iets met hybrid en separate)

M.i. een aanrader om de serie installatie-stappen eens te doen op zo’n regenachtige vakantie dag. De echte aanleiding was echter dat (de voeding) van m’n Acer H324 homeserver het een tijdje terug begeven had en ik daarop ook een miniwebsite had draaien en ik wilde dat speeltje herstellen.

Categories: Linux, Things Tags: , ,

LDAP provider with remote login (VBscript)

23 March 2013 1 comment

Lately I needed to perform some Active Directory code using the LDAP provider that had to connect to a computer in another domain. This is possible, but took some investigation.

Error checking and variable definitions are missing, just a code sample.

Using these values:

strUser = "contoso\testuser"
strPass = "********"
strComp = "dc1.contoso.com" '* the remote domain controller
strAccount = "testfind"

First Part, getting AD info.

Connect to the remote domain controller and query it for the default naming context. This example could return “DC=CONTOSO,DC=COM” in strTargetDncDomain if a login as the testuser was successful.

Const ADS_SECURE_AUTHENTICATION = 1
Const ADS_SERVER_BIND = &h0200

Set objDSO = GetObject("LDAP:")
Set objRootDse = objDSO.OpenDSObject("LDAP:\\" & strComp & "\RootDSE" , _
  strUser, strPass, _
  ADS_SECURE_AUTHENTICATION OR ADS_SERVER_BIND)
strTargetDncDomain = objRootDse.Get("defaultNamingContext")

To summarise, instead of just using GetObject(), you now need to use the OpenDSObject method on an LDAP provider object and provide some extra parameters to the method.

Second Part, searching AD info.

Search the AD for a specific object. If the object is found, you can use it, similar to how the RootDSE object is obtained, just with a different AD path instead of “RootDSE” e.g. the value of strDnFound. The strTargetDncDomain defined in the first example is used here.

This is almost the same as the case without logging on, just a few extra properties needed.

strBase    = "<" & "LDAP:\\" & strComp & "\" & strTargetDncDomain & ">;"
strAttrs = "distinguishedName,sAMAccountName;"
strScope = "subtree"
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strAccount & "));"

strQuery = strBase & strFilter & strAttrs & strScope

Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Properties("Encrypt Password") = True
oConnection.Open "Active Directory Provider", strUser, strPass

Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
oCommand.Properties("Page Size") = 100
oCommand.Properties("Timeout") = 30
oCommand.Properties("Cache Results") = False

oCommand.CommandText = strQuery
Set objRS = oCommand.Execute
Do While Not objRS.EOF
  strDnFound = objRS.Fields("distinguishedName")
  objRS.MoveNext
Loop

Here, like in the first example, only a few extra parameters are needed to do a remote login to a specific server.

Plugwise Protocol Analysis, Part 6 (Firmware update observations)

7 October 2012 4 comments

Last year, there was a new firmware release for the PlugWise system. Curious as I was, I captured the communication between “Source” and the “Stick”as I did for the other protocol analysis sessions. Today I found me notes about this and document them here. The intention of this is to discover possible new commands used by the Plugwise protocol, some of them might be useful for open source implementations of software to use the “Circles”. I do NOT think uploading firmware should be done through our own software, but it is nice to know how it works.

As I captured this data quite a while ago, I am not sure anymore how complete all this is.

Update Firmware

After I got a message in “Source” that new firmware was available, I captured the chatter between “Source” and “Stick”. This update did update everything it could find, and tore down the old network and configured a new one. This is different from just updating a new module in your network. Probably, because some parts of the mesh-network protocol changed, or just because the “Stick” and/or the “Circle+” need an update, so the mesh-network is reset.

Analysis if the Firmware update process to firmware 2011
Summary of firmware versions as reported by the 0024 response

Before the update,  running firmware 2010

  • Stick    653907008510 4CCEC22A 00
  • Circle+    653907007324 4CCEBFA1 01
  • Circle    653907014023 4CCEC0C2 02

After the update, running firmware 2011

  • Stick    653907008510 4DCCDA69 00
  • Circle+    653907007324 4DCCDAF3 01
  • Circle    653907014023 4DCCDB7B 02

Other remarks

  1. Network ID changed (modified circle+ address)
    • Before update
      • LongPAN:060D6F0000B1B64B
      • ShortPAN:1606
    • After update
      • LongPAN:8A0D6F0000B1B64B
      • ShortPAN:3B8A
  2. Internal archive buffers
    • all buffers cleared
    • first bufferaddress is 0x00044000 (same)

What happens when the software starts:

1) Initialization sequence. Gets some basic data for the software
1a)    Initialization request to the stick with the 000A/0011 sequence
1b)    Identification request to the stick with the 0023/0024 sequence
This gives the PAN id and the stick-address and the firmware version of the stick.
1c)    Request to Circle+ (software must know address) with 004E/0000 sequence (gives a status 00F4)
2a)    Initialization request to the stick with the 000A/0011 sequence
2b)    Identification request to the stick with the 0023/0024 sequence (repeats 2 or 3 times, reason unknown)
2c)    Identification request to the Circle+ with the 0023/0024 sequence
2d)    Time-sync with Circle+ 0016/0000 and 0028/0000 sequences
2e)    Other setting to Circle+ 004A/0000 (poll interval an probably something else)
2f)    Then a sequences 0029/003A, 003E/003F to the Circle+
2g)    Send the reset code 0008 00/0000, position changes between tests, somewhere after the 004A/0000 sequence
2h)    For ‘source software’, normal scanning starts (0023/0024;0012/0013, later also 0048/0049)

When running the firmware update software, instead of normal scanning an inventory of modules is done with 0018/0019 for 64 modules (this seems the maximum number of modules, but I am not sure of this)

3a)    scanning for available modules with 0018/0019
3b)    query Stick and Circle+ with 0023/0024 sequence
3c)    reset code 0008 01/0000
3d)    query normal Circles with 0024/0023 sequence (once each)
3e)    send reset code 0008 00/0000, twice

4a)    query all normal Circles with 0023/0024 then 000C/0010 (gives firmware version)
4b)    query Circle+ with 0023/0024 then 000C/0010 (gives firmware version)
4c)    query Stick with 0023/0024 then 000C/0010 (gives firmware version)
4d)    send reset code 0008 00/0000

Update Stick

5) get firmware version (request and reply)
SEND    000C 000D6F0000B835CB
RECV    0000 0076 00C1
RECV    0010 0076 000D6F0000B835CB 4CCEC22A

The 000C/0010 sequence is always preceded by a 0023/0024 sequence, both reports the old firmware level.

After the firmware update this check is done again, then the 0010 reports the new firmware version (loaded and ready to start i assume) and the 0024 reports the old firmware version (the running version)
This phase is probably the checking phase of a firmware update.
It starts with an 0008 reset, then queries the circles, then circle+, then stick, then another 0008 reset.

6) First firmware upload (bootloader?) to the stick
6a) a few checks
SEND    0023 000D6F0000B835CB
RECV    0000 0075 00C1
RECV    0024 0075 000D6F0000B835CB 00000000 00000000 00 80 653907008510 4CCEC22A 00

SEND    000C 000D6F0000B835CB
RECV    0000 0076 00C1
RECV    0010 0076 000D6F0000B835CB 4CCEC22A

6b) this prepares for the firmware upload, I assume
SEND    000B 000D6F0000B835CB
RECV    0000 0077 00C1
RECV    0003 0077 00CF    *** -=-Pair/unpair/confirm-=- ***

6c) send firmware/bootloader image
... binary data, not the typical ascii-hex data ... (bootloader, firmware)
6d) a few checks again
SEND    0023 000D6F0000B835CB
RECV    0000 0078 00C1
RECV    0024 0078 000D6F0000B835CB 00000000 00000000 00 80 653907008510 4CCEC22A 00

SEND    000C 000D6F0000B835CB
RECV    0000 0079 00C1
RECV    0010 0079000D6F0000B835CB 4DCCDB7B

Update Circle+

SEND    000F 000D6F0000D3595D023C
RECV    0000 015A 00C1
RECV    0000 015A 00E8 000D6F0000D3595D


Somewhere here the network was torn down and the new firmware uploaded, then the network is rebuild.
No need to analyze the firmware upload on the windows side, as you need the windows software+license anyway.
Could not find the firmware files on disk, so I assume they are held in memory.
Anyway, the circles are updated so that does not mater.

RECV    0006 0003 CircleMAC

SEND    0023 CircleMAC
RECV    0000 0020 00E1

SEND    0007 01 CircleMAC
...
SEND    0023 CircleMAC

****    RECV    0061 FFFD CircleMAC
****    Received the 0061 broadcast between other chatter

RECV    0024 00DB CircleMAC 00010002 00048B28 01 85 653907014023 4DCCDB7B 02
(the clock is uninitialized)

SEND    0016 CircleMAC 0B07923C 00044000 4000 17380D 02
here the time is SET, and reset buffers too
RECV    0000 00DC 00D7 CircleMAC

SEND    0023 CircleMAC
RECV    0024 00DD CircleMAC 0B07923C 00044000 01 85 653907014023 4DCCDB7B 02

SEND    005F CircleMAC
RECV    0060 00DE CircleMAC FFFFFFFFFFFFFFFE

SEND    0057 CircleMAC 003C 0000
RECV    0000 00DF 00F8 CircleMAC
...
SEND    0058 CircleMAC 01
RECV    0000 0123 00F9 CircleMAC


SEND    0023 CircleMAC
RECV    0024 0130 CircleMAC 0B07923E 00044000 01 85 653907014023 4DCCDB7B 02


SEND    0040 CircleMAC 00 01
RECV    0000 0131 00E5 CircleMAC

Conclusion

A plugwise device can have it’s firmware loaded in a buffer and it is activated by a ‘reboot’. Maybe you can switch between 2 firmwares, as can also be done with some other ’embedded’ devices, as kind of fail-save mechanism.  Firmware is uploaded to each device separately.

After flashing new firmware the module is reset and all configuration data (like schakel schema’s) are uploaded again.

Categories: Domotica Tags: ,

Linux Samba with CIFS and Windows Home Server

7 October 2012 Leave a comment

Last year I experimented with a borrowed NAS  and wanted to use it as a backup for my windows home server. At home most of my computers run linux and I wanted to map those shares automatic on my main desktop. Not wanting to re-invent a wheel again, I did a google search and found this:

http://www.digiplace.nl/2011/01/27/hoe-verbind-je-ubuntu-automatisch-met-een-samba-share-op-een-qnap-nas/

So I needed to put the following lines in  /etc/fstab, or for testing, something similar after the sudo mount command

my Nas (all on the same line):
//nas/data /media/nas cifs credentials=/root/.naslogin, rw,iocharset=utf8,dir_mode=0777,file_mode=0777 0 0

My Homeserver (all on the same line):
//whs/ebooks /media/whs/ebooks cifs credentials=/root/.whslogin, rw,iocharset=utf8,dir_mode=0777,file_mode=0777 0 0

This worked for my NAS but not for my windows home server.  Mounting the share from the home server  failed . It just trow an error: “mount error(5): Input/output error“, that pointed to the right solution. NOT!

After some searching, I found the reason. I was not using the netbios name for the windows server, but an alias.

http://lists.samba.org/archive/linux-cifs-client/2005-January/000649.html

What happened.

Mounting the share failed because windows refused the connection. The internal netbios name of my home server did not match the name in the mount command.

Remember that for windows, the computer name is also the netbios name, and the home server is running Windows Home Server (i.e. Windows 2003). I decided to have a dns name for my home server different than the internal computer name, so there was a mismatch.

Once I knew the cause, the solution to this was easy. Just use the same computer name as the computer thinks it has, and not something else 🙂 even through that other name resolves to the same computer. After adding the netbios name of my home server to the hosts file on linux and using the netbios name in the mount command, it worked.

sudo mount -t cifs //roheve/ebooks /media/whs/ebooks -o credentials=/root/.whslogin,iocharset=utf8,dir_mode=0777,file_mode=0777,nounix

And now it ‘just works’.

PS: I need to remember these to (copy_n_paste is easy)

sudo mount -t cifs //sw-hy1.testlab.local/c$/data /media/testlab/hy1 -o credentials=/root/.testlab,iocharset=utf8,dir_mode=0777,file_mode=0777,nounix

sudo mount -t cifs //sw-hy2.testlab.local/data /media/testlab/hy2 -o credentials=/root/.testlab,iocharset=utf8,dir_mode=0777,file_mode=0777,nounix

Categories: Linux, Windows Tags: , , ,