apt-get install vim
update-alternatives --config editor

I don't need a firewall on my Raspberry PI which runs XMBC (raspbmc distribution) - it's in a dedicated subnet behind a firewall. Furthermore, there are several reports of iptables having an impact on the performance of network playback, causing buffering issues (although I didn't do any benchmark myself).

I modified /etc/network/if-up.d/secure-rmc by adding "exit 0" right at the beginning like this:

#!/bin/bash

exit 0

dec_to_bin() {
...

And then I ran:

apt-get remove iptables

This was followed by a reboot.

nb: the secure-rmc file appears to be a raspbmc addition, and it could probably just be deleted instead.

In anticipation of World IPv6 Launch Day (6 June 2012), this website is now fully reachable over IPv6.

• http://ipv6-test.com/ (also has a speed test, shows your MAC address when available)


• http://test-ipv6.com/ (provides detailed technical info and "readiness score")


• http://whatismyv6.com/ (IPv4 only, IPv6 only)


• http://www.whatismyipv6.net/ (provides traceroute and ping, also suports IPv4)

According to the Wikipedia IPv6 article, Privacy extensions are, except for the Windows platform and Mac OS X since 10.7 as well as iOS since version 4.3, not enabled by default.

In theory, one can enable the IPv6 Privacy Extensions on all interfaces at once using sysctl like this:

sudo sysctl net.ipv6.conf.all.use_tempaddr=2

However, this currently doesn't work as expected, so I'm using this one-liner in /etc/rc.local:

for IF in `/bin/ls /proc/sys/net/ipv6/conf/*/use_tempaddr` ; do echo 2 > $IF ; done

This also sets "use_tempaddr" for "default", which means it should also apply to interfaces added to the system afterwards.

A simple check to verify that the new configuration is working: ipv6-test.com will print your MAC address when available...

See also: Linux Kernel Bug 11655

Les instructions pour Linux fournies sur le site officiel ne fonctionnent pas pour moi (Maverick / Ubuntu 10.10 desktop amd64).

Il semble qu'il ne soit toujours pas possible d'importer des fichiers sauvegardés dans une version 32 bit de VaudTax avec la version 64 bits, et vice-versa (crash de VaudTax avec une erreur cryptique [1]). Deux options, soit recommencer sa déclaration sans importer les données de l'année précédente, soit faire tourner VaudTax avec une JVM 32-bits ([2]). Pour l'instant j'ai toujours opté pour la deuxième variante. Jusqu'à l'année passée (VaudTax2009), on pouvait télécharger une version incluant une JVM (32-bits), cette option n'est plus disponible mais il est toujours possible d'arriver au même résultat :

1ère étape, avant de commencer le processus d'installation :

$ sudo update-alternatives --config java
There are 3 choices for the alternative java (providing /usr/bin/java).

  Selection    Path                                       Priority   Status
------------------------------------------------------------
* 0            /usr/lib/jvm/java-6-openjdk/jre/bin/java    1061      auto mode
  1            /usr/lib/jvm/ia32-java-6-sun/jre/bin/java   63        manual mode
  2            /usr/lib/jvm/java-6-openjdk/jre/bin/java    1061      manual mode
  3            /usr/lib/jvm/java-6-sun/jre/bin/java        63        manual mode

Press enter to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/lib/jvm/ia32-java-6-sun/jre/bin/java to provide /usr/bin/java (java) in manual mode.

(si l'option JVM 32-bits n'apparaît pas, il faut d'abord installer le paquet ia32-sun-java6-bin)

Une fois VaudTax installé, il faut télécharger et décompacter xulrunner :

$ cd $HOME/VaudTax2010
$ wget http://releases.mozilla.org/pub/mozilla.org/xulrunner/releases/1.9.2.16/runtimes/xulrunner-1.9.2.16.en-US.linux-i686.tar.bz2
$ tar -xpf xulrunner-*

Finalement, il faut encore modifier le fichier VaudTax2010 en ajoutant ces deux lignes juste après `VM_SEARCH_PATH="$PATH"' :

export MOZILLA_FIVE_HOME=$HOME/VaudTax2010/xulrunner
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${MOZILLA_FIVE_HOME}

Note : une fois VaudTax2010 installé, on peut exécuter à nouveau "sudo update-alternatives --config java" pour rétablir la configuration initiale - les paramètres sont en effet enregistrés dans le fichier VaudTax2010.lax


[1]

The program 'SWT' received an X Window System error.
This probably reflects a bug in the program.
The error was 'RenderBadPicture (invalid Picture parameter)'.
  (Details: serial 5455 error_code 161 request_code 149 minor_code 7)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

[2] la troisième variante serait d'étudier le format de fichier produit par chacune des versions pour créer un outil de conversion

Let's say you want some output to be echoed to the console but also to be passed to a pipe. Specifically, in my case I wanted a message to be displayed to the user and also to be sent to syslog. You could of course just print it twice, but in some cases it's not possible, or it makes it more complicated than it should be.

There is a simple solution with tee:

echo "a test" | tee >(logger)

[edited 2012-08-22, new version of my patch to fix the issue reported by SgtMalicious]

tcpdump and wireshark are the tools that usually come to mind when you have to capture network traffic. But in some situations where you have to record a large amount of data and you want to avoid losing packets, tcpdump has some limitations. When I was hit myself by the tcpdump packet loss problem, I quickly found out that I was not alone and that a number of people had already researched the topic and/or provided alternatives.*

In particular, I found two different tools to perform the task: Corey Satten's gulp (http://corey.elsewhere.org/gulp/) and lindump from HP Labs (http://tesla.hpl.hp.com/opensource/)

I also found two interesting papers about capturing high volumes of traffic: http://www.usenix.org/events/fast09/tech/full_papers/anderson/anderson_html/ and http://docs.di.fc.ul.pt/jspui/bitstream/10455/3299/1/thesis-nhenriqu.pdf (the second quotes the first one among others, and also contains useful info to optimally spread the load among different cores)

After some tests I quickly became a happy gulp user, and thanks to the software being open source I was able to add features to it that I missed from the latest tcpdump versions:

-n - allows to change the default filename template
-t - allows to add a timestamp to the filename
-G - rotate pcap file every n seconds
-F - allows to skip the check for an ethernet interface
-Z - allows to specify a command to post-process each capture file

I've sent a patch to Corey Satten, who intends to setup a repository to hold the various contributions he gets for gulp. In the meanwhile, you can find my changes in the attached file (02-gulp-ntGFZ.patch.gz). For your convenience and for completeness, I also provide here the patch from Guy Harris that fixes issues on 64 bit systems (see http://seclists.org/wireshark/2009/Oct/105, apply that one first).



* other people have reported a performance drop with libpcap version 1.0 compared to previous builds, see http://thread.gmane.org/gmane.network.tcpdump.devel/4629 or http://seclists.org/tcpdump/2010/q3/index.html#11

1. create and enable a "regular" swap partition (fdisk / mkswap / swapon)

2. install ecryptfs-utils and run ecryptfs-setup-swap

sudo apt-get install ecryptfs-utils
sudo ecryptfs-setup-swap


 
            

For years the default behaviour in Thunderbird had been to forward e-mails as attachments, but at some point it was changed to "inline". You can still manually choose how you'd like to transfer a message by going to "Message" -> "Forward as", but I couldn't find a way to set the default in the preferences.

There is, however, a way to change it without messing with manual edit of config files. Go to "Preferences" -> "Advanced" -> "Config Editor...", and look for "mail.forward_message_mode". 0 is for "attached", 2 is for "inline".

When performing tests you may sometimes want to send specially crafted icmp packets. hping is a handy tool for that.

However, the default behavior is to refuse to send "unsupported" Type/Code combinations. eg

hping3 -c 1 --icmp -C 33 -K 0 192.168.70.1
HPING 192.168.70.1 (wlan0 192.168.70.10): icmp mode set, 28 headers + 0 data bytes
[send_icmp] Unsupported icmp type!

Fortunately, there is an (undocumented) --force-icmp option that you can add to bypass the check:

hping3 -c 1 --icmp --force-icmp -C 33 -K 0 192.168.70.1
HPING 192.168.70.1 (wlan0 192.168.70.10): icmp mode set, 28 headers + 0 data bytes

--- 192.168.70.1 hping statistic ---
1 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms

After a fresh pfSense install, I found out that traffic from specific hosts was being dropped when it should have been allowed based on the firewall rules I defined.

It turned out that the option "block bogon networks" was activated on the WAN interface, and that fresh pfSense images come with a slightly outdated bogon list.

If you are facing this problem, you have three options:

1. disable the "Block bogon networks" option at the bottom of the WAN interface page

2. after at most one week, the list will be updated automatically as long as the box is online (there is a cron entry, grep your config file for bogon)

3. if you don't want 1. and can't wait for 2, you can trigger the update process manually by running:

/etc/rc.update_bogons.sh 0

Check the output from the Status -> System Logs -> System page (I ran it from a serial console, but it should work fine by ssh or from the exec.php page too)

Composer le 0868 868 868.

In Ubuntu Karmic (and possibly Jaunty ?), when you install libsane, it adds a file /lib/udev/rules.d/40-libsane.rules which contains rules that match on supported scanners and set the environment variable "libsane_matched" to "yes".

This in turn triggers the following in /lib/udev/rules.d/70-acl.rules:

# USB scanners
ENV{libsane_matched}=="yes", ENV{ACL_MANAGE}="1"

<snip>

# apply ACL for all locally logged in users
LABEL="acl_apply", ENV{ACL_MANAGE}=="?*", TEST=="/var/run/ConsoleKit/database", \
  RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"

In the end, the result is that an ACL is created for the device, which allows locally logged in users to use it (read/write permission). eg for my scanner:

~# lsusb
Bus 001 Device 005: ID 04b8:011c Seiko Epson Corp. Perfection 3200
~# ls -l /dev/bus/usb/001/005
crw-rw-r--+ 1 root root 189, 4 2009-12-28 00:11 /dev/bus/usb/001/005
~# getfacl /dev/bus/usb/001/005
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/001/005
# owner: root
# group: root
user::rw-
user:crox:rw-
group::rw-
mask::rw-
other::r--
~#

However, I also wanted to allow access to the scanner from other workstations through saned. In older Ubuntu versions, you could just add saned (or whatever user the service runs as) to the scanner group. This no longer works since the device belongs to root:root, and ACLs are added for specific users. The solution that works for me is to create a file /etc/udev/rules.d/99-sane-group.rules with the following contents:

# change group to scanner for sane devices
ENV{libsane_matched}=="yes", GROUP="scanner"

Then you just need to run

sudo udevadm trigger

and the group of the device magically changes to scanner.

Of course you could also add a similar rule specifically for a certain device instead, in my case this would work too:

ATTRS{idVendor}=="1d6b", ATTRS{idProduct}=="0002", GROUP="scanner"

To check that it worked, run the following:

sudo su -s /bin/bash -c 'scanimage -L' saned

Faced with a noisy Dell Precision 490 computer running Ubuntu Karmic, I found an easy way to reduce the noise level to an acceptable threshold. (fancontrol did not help since it seems not to be compatible with the chipset used by Dell at least on this computer.)

Step 1, install i8kutils:

sudo apt-get install i8kutils

Step 2, add i8k to /etc/modules:

sudo sh -c 'echo i8k >> /etc/modules'

Step 3, edit /etc/default/i8kmon so that it looks like this:

# /etc/default/i8kmon



# Change to one enable i8kmon

ENABLED=1

I8KMON_ARGS="--daemon --nouserconfig --auto"

Step 4, reboot and enjoy!