Archive for ‘Linux’ Category

Backup server that plays nice with everyone….

datePosted on 13:11, March 1st, 2008 by Many Ayromlou

Just came across this article over at Lifehacker that outlines how you can build your very own cross platform backup server for FREE…….more information on Restore’s own website. These are some of the key features that set RESTORE apart from the competition:

  • Browser Based- Access your RESTORE system remotely from anywhere using the internet. This allows for users and administrators to run backups or check the status of automated backups at any time from any web accessible location
  • Access Backups via WebDAV- RESTORE provides the ability to access prior backups via WebDav.
  • Web Host Model Reseller environment- RESTORE DC was developed with the web hosting environment in mind also, shifting customer backups from a cost of doing business and turning it into an income generator.
  • Permissionable at User Level- Give individuals and groups specified permissions on filestores.
  • Security- Set up what you want your users and groups to access.
  • Multiple Revisions- of filestores, which allow you to choose the specific filestore you wish to recover at a certain time.
  • Error Reporting- Receive reports of errors on the system on various levels and at various intervals.
  • Dynamic Scheduling- Allows for simple and complex scheduling that is fully customizable.
  • Backup Many Operating Systems- Linux, OS X, Windows (95, 98, 2000, ME, XP NT) and Novell Netware.
  • Rapid Recovery- Quickly and easily restore files that you need recovered in real time.
  • Incremental- RESTORE will backup only the files that have been modified since the previous backup took place, optimizing disk space and bandwidth usage.
  • SSH/SFTP- Backup Linux/Unix operating systems including OS X.
  • MySQL Database- You can backup your MySQL Database.
  • Servers and Workstations- Backup all server and workstations regardless of operating system.
  • FTP Sites- Allows your company to backup websites and online storage.
  • Notification- RESTORE will email the administrator and users of successful and failed backups.
  • Offsite Backup- (coming soon) Your company can have a separate copy of data kept at an off-site location as a second security resource.

So STOP NOW and backup your system….otherwise you’ll be very sorry, and I will do my standard HhaaaHhaaa when your hard drive takes a nose dive :-).

TrueCrypt does OSX

datePosted on 11:41, February 12th, 2008 by Many Ayromlou

TrueCrypt has finally released version 5.0 of it’s fantastic File/Volume/Disk encryption software and with that introduced the Mac World to “True” Encryption. Now I know all OSX junkies out there are trying to point out that OSX comes with FileVault (for free), but FileVault only encrypts the users home directory….that’s all. TrueCrypt gives you a lot more flexabilities than FileVault (and BitLocker under Vista). TrueCrypt (atleast under OSX) is implemented as a MacFUSE module (more info on MacFUSE here and here).

Main Features:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire hard disk partition or a storage device such as USB flash drive.
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
    • Hidden volume.
    • No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
  • Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

New features in version 5.0:

  • Ability to encrypt a system partition/drive (i.e. a partition/drive where Windows is installed) with pre-boot authentication (anyone who wants to gain access and use the system, read and write files, etc., needs to enter the correct password each time before the system starts). For more information, see the chapter System Encryption in the documentation. (Windows Vista/XP/2003)
  • Pipelined operations increasing read/write speed by up to 100% (Windows)
  • Mac OS X version
  • Graphical user interface for the Linux version of TrueCrypt
  • XTS mode of operation, which was designed by Phillip Rogaway in 2003 and which was recently approved as the IEEE 1619 standard for cryptographic protection of data on block-oriented storage devices. XTS is faster and more secure than LRW mode (for more information on XTS mode, see the section Modes of Operation in the documentation). Note: New volumes created by this version of TrueCrypt can be encrypted only in XTS mode. However, volumes created by previous versions of TrueCrypt can still be mounted using this version of TrueCrypt.
  • SHA-512 hash algorithm (replacing SHA-1, which is no longer available when creating new volumes). Note: To re-encrypt the header of an existing volume with a header key derived using HMAC-SHA-512 (PRF), select ‘Volumes’ > ‘Set Header Key Derivation Algorithm’.

So stop reading, click here and grab yourself a copy.

Open Source lovin’ for your Server….

datePosted on 12:12, January 11th, 2008 by Many Ayromlou

Continuing with our coverage of “Free your Apps”, here is how you can free your Server (and workstation) of those expensive (usually useless) so-called Enterprise Applications. BitNami stacks make it incredibly easy to install your favorite open source server software. Application stacks include an open source application and all the dependencies necessary to run it, such as Apache, MySQL and PHP or Ruby. All you need to do is download the Stack, provide a few pieces of information when prompted by the installation wizard, and that’s it. By the time you click ‘finish’, your new application will be ready to run. All stacks have been packaged using BitRock’s multiplatform installer.

Bitnami Infrastructure stacks are designed for developers and system administrators and provide you a way of installing a LAMP or Ruby environment, but do not include any extra applications. It is not necessary to download an infrastructure stack to use an application stack.

All this ofcourse for free, so again to recap, here is a complete list of what they offer:

So what are you waiting for… up those downloads :-)

Stream your Linux/Windows/Mac Desktop as video using VLC

datePosted on 17:54, January 8th, 2008 by Many Ayromlou

A buddy of mine (thanks Mike) showed me this today. There is a input Access module in the newer versions of VLC (0.8.6+) called “screen” which makes this possible. To stream your desktop to another machine (ip address: in this case) just use the following command in Linux (sorry command line only):vlc screen:// :screen-fps=30 :screen-caching=100 --sout '#transcode{vcodec=mp4v,vb=4096,acodec=mpga,ab=256,scale=1,width=1280,height=800}:rtp{dst=,port=1234,access=udp,mux=ts}'or in Windows (slightly different syntax) use this command:vlc screen:// :screen-fps=30 :screen-caching=100 :sout=#transcode{vcodec=mp4v,vb=2048,scale=1,acodec=mpga,ab=192,channels=2}:duplicate{dst=std{access=rtp,mux=ts,dst=}}This is one massive command, so lets take a look at it in more detail:

  • screen:// is our input module selection (if you just run vlc screen:// you’ll see your own screen on the server inside vlc….kinda cool)
  • :screen-fps=30 specifies that we want to screengrab at 30 fps (from default 5 fps)
  • :screen-caching=100 sets the internal caching to 100ms (from default 300 ms)
  • –sout is our output chain.
  • #transcode tells vlc that we first want to transcode the input using parameters to follow
  • {} contains our transcoding parameters
  • vcodec=mp4v sets the video codec to mpeg4 video
  • vb=4096 sets the bitrate of the transcoded video (4Mb/s)
  • acodec=mpga sets the audio codec to mpeg audio (mp3). Audio does not work yet, this is a place holder.
  • ab=256 sets the bitrate of the transcoded audio (256 Kb/s)
  • scale=1 sets the scaling value
  • width=1280 sets the width of the transcoded video to 1280 pixels
  • height=800 sets the height of the transcoded video to 800 pixels
  • :rtp tells VLC that we want to use rtp protocol to send the encoder output to our receiver machine using Real Time Protocol.
  • dst= is the ip address of our destination/playback machine
  • port=1234 is the default port on the destination/playback machine
  • access=udp specifies UDP protocol
  • mux=ts sets multiplexing to mpeg-2 Transport stream

Now on the destination machine just open vlc, goto File/Open Network and by default the Media Resource Locator on top of the window should read udp:// and UDP/RTP with port 1234 should be selected. If it’s not select UDP/RTP (option 1) and put 1234 as the port number. Press Okay and you should see the video stream from the other machine (your server machine). That’s it….Opensource comes to rescue again :-)

How to live transcode and stream HDV to MP4 using VLC and Linux

datePosted on 22:20, November 21st, 2007 by Many Ayromlou

I’ve been trying to figure out a way to do this on the cheap for a long time and I finally figured it out today. This process allows you to grab HDV from a HDV Camera via firewire, feed it into linux, transcode the 25Mb/s mpeg-ts stream to a 4 Mb/s mpeg4 stream (inside a TS). This mpeg4 stream in turn can be viewed at full resolution (1920×1080) on a remote client running just vlc. Here is the prerequisites:

  1. A decent machine with working Firewire port (anything from the past 2-3 years should do). Laptops might work as well although I have not tried it yet. My machine is a Athlon 4200+ w/ 2GB of RAM and a 512 MB NVIDIA 7900.
  2. Ubuntu 7.10 (Gutsy Gibbon) installation CD.
  3. 4-pin to 6-pin Firewire cable.
  4. HDV Camera with Firewire out (I use a Canon HV20).
Okay so here we go, follow the steps below to get setup:
  1. Get Ubuntu 7.10 installed on your machine. This should be standard installation from the Live-CD.
  2. Reboot, do all adjustments to your display, get network setup, install all the updates.
  3. Using synaptic package manager install the following extra packages: ubuntu-extras, ffmpeg, dvgrab 3 and VLC plus anything else you might want.
  4. Connect the firewire camera to the computer and check /var/log/messages to make sure it gets recognized.
Now that you have the chain setup, it’s time to do a quick test and see if the system is working. Issue the following command from a xterm, making sure that the camera is turned on and in “Camera” mode.

sudo dvgrab -f hdv -noavc -nostop -|vlc -
You have to use sudo under ubuntu to get proper access to the firewire device. The above command runs dvgrab with hdv format and makes sure that 1394 AV/Device control is turned off (this way you can be in Camera mode and get a live feed). The nostop switch prevents dvgrab from sending stop commands to the camera everytime you stop it via Ctrl-C, which I though was a good thing. The last dash forces dvgrab to output to stdout, which we’ll then pipe into vlc (the dash for vlc tells it to use stdin as input).

If this works you should get a vlc window and be able to see live video from your HDV camera. If you didn’t then stop here and make sure you get this working first.
So now that we have dvgrab working, lets grab that 25Mb/s HDV stream and squish it down to 4Mb/s mpeg4 stream using the following command:

sudo dvgrab -f hdv -noavc -nostop -|vlc - --sout '#transcode{vcodec=mp4v,vb=4096,acodec=mpga,ab=256,scale=0.5,deinterlace,width=1920,height=1080}:duplicate{dst=std{access=udp,mux=ts,dst=receiver_ip_address:1234}}'
This is one massive command, the first part we already discussed, so lets take a look at the second half:

  • –sout is our output chain.
  • #transcode tells vlc that we first want to transcode the input using parameters to follow
  • {} contains our transcoding parameters
  • vcodec=mp4v sets the video codec to mpeg4 video
  • vb=4096 sets the bitrate of the transcoded video (4Mb/s)
  • acodec=mpga sets the audio codec to mpeg audio (mp3)
  • ab=256 sets the bitrate of the transcoded audio (256 Kb/s)
  • scale=1 sets the scaling value
  • deinterlace sets guess what?
  • width=1920 sets the width of the transcoded video to 1920 pixels
  • height=1080 sets the height of the transcoded video to 1080 pixels
  • :duplicate tells VLC that we want to duplicate the transcoded signal and send a copy of it to our receiver machine.
  • dst is the destination string
  • access=udp specifies UDP protocol
  • mux=ts sets multiplexing to mpeg-2 Transport stream
  • dst=receiver_ip_address:1234 is the ip address and port number of the receiving machine
So now you should be able to open up vlc on the receiver machine, goto File/Open Network menu and select UDP/RTP and specify port number 1234. Once you press OK, you should see the video stream on your receiver machine. Audio works as well and is perfectly synced since it’s captured by the HDV camera at the source and travels together with the video at all time. The delay is about 3 seconds.
This is a great way to quickly setup a HD Video Conference between a couple of locations. You could even modify the network portion of the chain to let VLC multicast the HD stream onto your network…..lots of possibilities. Enjoy :-)

Getting Samba to work properly with SuSE’s Firewall…

datePosted on 19:57, November 1st, 2007 by Many Ayromlou

Here we are again and I have to sadly say…..yet another OS (which I also love) that does not do what it promises. I know that you can do some major iptables kungfu under linux through command line, but when SuSE/Novell tries to sell you Yast as a graphical admin interface they should atleast check to make sure things are working properly.

Samba works under SuSE 10.x, and even with the firewall turned on the machine can act as a member of a Windows domain/workgroup. The problem though, is not with using Samba and having the firewall turned on. The problem is having Samba do more than just act as a member of the domain. We have a SuSE 10.1 machine that is part of our AD domain (spanning 3 subnets) and we also like it to be our local master and preferred master on the local subnet. It has one NIC active (ie: direct connection, with no NAT) and iptables firewall is active on that NIC. The problem is that the firewall rules that Yast2 creates are too restrictive (ie: if you just go to Yast2 and add Samba services as a allowed service). 
Here is how you can fix this with a bit more effort:
  • Setup the firewall with allowed services you like to punch through (ie: ssh, ftp and alike). Include Samba Server in the list as well under allowed services.
  • Start the Firewall, at this point the basic samba stuff is working (ie: you can browse), but you more than likely can not do anything more in terms of domain participation.
  • From the Yast2 interface go to System> /etc/sysconfig editor screen
  • Goto the section Network> Firewall> SuSEfirewall2
  • ADD the following service names to appropriate sections ONLY if they are missing
  • Under heading FW_SERVICES_EXT_TCP make sure you have the following:

microsoft-ds netbios-dgm netbios-ns netbios-ssn

  • Under heading FW_SERVICES_EXT_UDP make sure you have the following:


  • Under heading FW_ALLOW_INCOMING_HIGHPORTS_TCP make sure you have the following:

microsoft-ds netbios-ns

  • Under heading FW_ALLOW_INCOMING_HIGHPORTS_UDP make sure you have the following:

microsoft-ds netbios-ns

  • Under heading FW_ALLOW_FW_BROADCAST_EXT make sure you have the following:

netbios-ns netbios-dgm

Now you’ve got the right holes punched through the firewall so click Finish and enjoy. You can now go back to the Samba config and make changes to become a serving member of your domain/workgroup.

Tablet Puppy….

datePosted on 22:23, October 27th, 2007 by Many Ayromlou

For all the Nokia N800 fans out there……this is what happens if Nokia was sponsoring your High school :-). Seriously though, this is a fantastic example of what kids (and adults) can do using the opensource N800 platform for robotics control. Now who’s gonna stick one of these things on a gas powered RC car…..Dibs on the Remote :-)

Okay so this all started with our users not being able to share files on our webserver. We use SSH only for upload/download and interactive access (ie: no ftp). Through trial and error we found out that the default umask (under OSX Server) for sftp uploaded files are 0033 (ie: rwxr–r–) and directories are 0022 (ie: rwxr-xr-x). This creates a problem when one user uploads a file and another user downloads/modifies and tries to re-upload it — they simply can’t because the group permissions are wrong.

If we were using ftp (which we are not) there are some solutions on the net that allow you to modify the startup parameters for the ftp server so that the default umask for all files is 0013 — which would allow a group of people to share/overwrite each others files — but we are using ssh only.

So we came up with two other solutions — a shared upload account and/or a cron job that would modify the group permissions on the website directory to allow group sharing. We went with the second solution and that’s where I ran into so many problems that I decided to create this post. You see normally Unix users know that spaces (and strange characters) in filenames are a no-no. Well that’s not true for Windows and Mac users, they use spaces and other odd characters in their filenames/folders all the time.

I started writing — what I thought was — a simple “for loop” script to go through the website folder and change the group permissions. Of course on the first try things didn’t work nicely because of spaces, so I started compensating for that and came up with:
for i in `find /Path/to/www -type d -print0 |xargs -0 -n 1`
This kinda worked, but the for loop would still split the lines when it hit spaces in filenames. I tried to mess around with it and gave up. After RTFMing a bit more I tried:
for i in `find /Path/to/www -type d -exec echo \"{}\" \;`
The thinking behind this was that the exec would echo the filenames quoted and it should work….well it didn’t, the for loop still split the input lines at spaces.

Finally after a latenight RTFM session (and lots of cursing), I think I’ve found the ultimate file handling loop statement:
find /Path/to/www -type d ! -perm -g=wx -print0 | while IFS= read -rd $'\0' filename
Okay so this version uses “while” rather than “for” but it works like a charm and chews through spaces and all other kinds of weird chars and creates a output stream that’s ready to be used by your choice of commands (chmod in my case).

After trimming and optimizing the script a bit, here is the final product:
# The following find will search for
# all files under /Path/to/www, that
# are NOT symlinks, and do NOT have
# group write permission. The list is
# "\0" seperated and the while portion
# will loop around this character and
# ignore everything else in the path.
find /Path/to/www ! -type l ! -perm -g=w -print0 | while IFS= read -rd $'\0' filename
# We've found a directory with no group
# write permission, so fix it.
if [ -d "$filename" ]then
chmod g+rwx "$filename"
# echo Directory changed
stat -l "$filename"
# We've found a file with no group
# write permission, so fix it.
if [ -f "$filename" ]then
chmod g+rw "$filename"
# echo File changed
stat -l "$filename"

Hopefully you’ll find this code (or portions of it) useful for your own day-to-day hack-and-slash solutions to annoying problems. Let me know if you come up with an even better solution :-)

is TV freed?

datePosted on 10:04, August 31st, 2007 by Many Ayromlou

Well, I’ll leave this one to you. You can decide on it’s Kosherness. The application is called TED and it can find all sorts of TV episodes you might have missed. From the homepage:

ted can find episodes of any TV show you like to watch. Just add your favorite shows to ted and he will search for the newest episodes and downloads them for you. ted uses bittorrent and RSS technology to get you the newest episodes as fast as possible! ted comes with a huge list of shows, all waiting for you to be watched. ted even displays a summary of each show, to help you choose shows you like.

ted requires Java 5 and a bittorrent client and is available for all platforms (Linux, Windows, Mac). Download here.

Manage your Projects FREE….

datePosted on 09:44, August 31st, 2007 by Many Ayromlou

You all know my dislike for Microsoft and their products. Whenever possible I’ve tried to get away from having to use their software. Here is another opensource product that allows us to do our thing without them. From their overview page:

OpenProj is a free, open source desktop alternative to Microsoft Project. The OpenProj solution is ideal for desktop project Click to enlarge in a new windowmanagement and is available on Linux, Unix, Mac or Windows. OpenProj is a complete desktop replacement of Microsoft Project and even opens existing native Project files. OpenProj shares the most advanced scheduling engine in the industry with Project-ON-Demand. The OpenProj solution has Gantt Charts, Network Diagrams (PERT Charts), WBS and RBS charts, Earned Value costing and more.

You can get more detailed information on OpenProj or download now!