You are viewing abelits

Alex Belits
After The Great TV Transition To Digital, Comcast for a while kept transmitting everything in analog NTSC, so I was able to use my Hauppauge WinTV PVR-250 for cable, and occasionally watched over-the-air ATSC with HVR-950. It was clear that this was not going to last, and recently all but few NTSC channels disappeared. On top of that, when HVR-950 didn't get a sufficiently strong signal or was otherwise confused, a combination of its hardware, driver and MythTV 0.21 ended up in some weird state that prevented all further tuning until full driver reload, so over the air reception was quite far from the painless experience that I remembered from pre-cable, pre-digital days. Upgrade to MythTV 0.22 gave me some improved HDTV output modes, but didn't do anything to reliable ATSC reception, and definitely didn't turn PVR-250 into a digital decoder -- something had to be done. My 40th birthday was an acceptable excuse to buy another device, so after some research I went to Fry's and brought home HDHomeRun -- a networked dual-tuner digital TV receiver.

Not surprisingly, installation and configuration were quite painless -- receiver got its address from DHCP, MythTV detected the receiver and its two tuners, ran a scan on both, and found a bunch of channels. Just as not-surprisingly, SchedulesDirect produced a channels list full of mis-identified channels (apparently radio stations that were recognized as TV), so the list required some tweaking before becoming usable.

The surprising part was playback. For a completely unrelated reason I have recently upgraded my NVIDIA graphics card, and the new card supports VDPAU. Before installing HDHomeRun I have spent some time tweaking MythTV to make HDTV play on a 1680x1050 monitor with my old AMD Athlon XP 3200+ and HVR-950. In the end everything up to 720x576 was set to ffmpeg decoder, Xv output, Yadif deinterlacer, denoise3d filter, everything above -- NVIDIA VDPAU, Temporal deinterlacer. Most channels played smooth, however it seemed like the time spent getting the high-resolution frames from HVR-950 was sufficient to cause some choppiness -- or maybe it only looked like that due to some dropped or corrupt data because I only tested it with over-the-air reception. With HDHomeRun this problem disappeared -- flawless playback on cable channels regardless of resolution, occasional visibly corrupt frames on some over-the-air channels, but no choppiness.

For some reason closed captions (and only closed captions, not other forms of overlays) on some resolutions cause massive slowdown and dropped frames. Low resolution (with all-software decoding and Xv output) is fine, high resolution (hardware decoding and high-resolution overlay) is fine, medium resolution (apparently higher-resolution text overlay on lower-resolution hardware-decoded video) has problems. Other than that, I have a fully-functional TV and DVR that receives cable and over-the-air TV, on a box with Athlon XP 3200+ CPU and a five years old motherboard.

Obviously, the whole thing only works with non-encrypted channels -- if by any chance Comcast will decide that they should DRM the Hell out of their network, everything will be broken again. Hopefully sanity will prevail, and the amount of breakage that it would inflict on all other existing subscribers will keep them from going into that direction. PVR-250 still receives some NTSC channels, and HVR-950 is still connected for its analog video input and may potentially be used as a backup tuner -- if I (or driver developers) will find out how to keep it from getting stuck.

Tags: , ,

5 comments
I made a video of my XO running Ubuntu. Nothing really unusual -- booting up, using wireless networking, running Firefox, watching Youtube video, running OpenOffice.org writer simultaneously with Firefox in 256M without swap, rotating the screen and switching backlight on and off:

Part 1
VideoCollapse )

Part 2
VideoCollapse )

As usual, all video capture, adding titles and format conversion was done on my Linux desktop. Camera is previously mentioned Sony DCR-TRV320, titles added in Kino video editor.

Tags: , , ,

4 comments or Leave a comment

I have posted Ubuntu 8.04 (Hardy) installation procedure and files on OLPC News forums. Here is how it looks like:

Photos of the whole processCollapse )

Xfce desktop

...Collapse )

For now, this is the easiest way to install it -- and since it works using XO itself for building the boot filesystem, it can be done by people who don't have other boxes running Linux. I will also post the "from scratch" installation procedure that produced those files I have placed into tarball -- they were installed in chroot environment starting from debootstrap.

Edit: I have posted the update with "from scratch" procedure.

Tags: , , ,
Current Mood: accomplished accomplished

2 comments or Leave a comment
My mail server in Denver was running Exim 3 for at least five years. Spam filtering was done with a simple setup with Bogofilter called by a delivery agent wrapper that I wrote to avoid using large monstrosities in perl on a resources-starved server. Mail delivery agent wrapper also performed another function -- fixed non-ASCII headers before passing mail for delivery, so Cyrus won't complain about them. Filtering was done by running bogofilter on the message, checking its result and passing "-m spam" to Cyrus delivery agent if the message is supposed to go into spam mailbox. If user had "spam" mail folder under "INBOX", spam ended up there, otherwise Cyrus will put it into INBOX, but the message will still have identifying headers that mail reader can use to mark it as spam.

This had to be upgraded...Collapse )

I am running this configuration for almost a week now. The amount of spam went down at least ten times when counted before bogofilter, and spam now mostly consists of short messages containing a random phrase and a URL. Apparently long messages are all sent by botnets, viruses, and spam-specific software while short ones are usually passed through regular mail servers -- I have found what looks like signatures of Microsoft Exchange, Sendmail, Qmail and Exim in them. Bogofilter still filters most of them out, however their short size and legitimate headers make them the most difficult to filter, and I still get tens of them per day in my regular mailbox. I will see if more spammers will switch to this mode that may prompt me to add another kind of filtering specifically against that style of spam.

Tags: ,
Current Mood: accomplished accomplished

Leave a comment
Yesterday I was doing some remote maintenance on the company's servers while sitting at a coffee shop. A combination of OpenVPN and ssh allows me to access everything from outside, serial consoles don't let me lose the connection to servers in the case of some severe networking misconfiguration, or installing a bad kernel, so I didn't have to be in the lab just to run updates and configuration. I still had an updated kernel waiting for reboot, so I was supposed to reboot the server from the lab today just to be sure, but everything else was perfectly usable remotely.

Until I have looked at the log, and got the dreaded hard drive error:

hda: dma_intr: status=0x59 { DriveReady SeekComplete DataRequest Error }
hda: dma_intr: error=0x40 { UncorrectableError }, LBAsect=5096644, high=0, low=5096644, sector=5096642
ide: failed opcode was: unknown
end_request: I/O error, dev hda, sector 5096642

What meant that my remote maintenance just became a local one, with a trip to the store for a new hard drive along the way.

Read more...Collapse )
The whole procedure wasn't what I would call difficult, intellectually challenging or involved the possibility of any significant data loss, the only real problem was that the time spent on the copying alone turned it into an unexpected night shift. In a way it demonstrated something that I already knew, that without RAID or redundant servers you WILL GET DOWNTIME, and that running servers on single drives instead of RAID1 or RAID5 isn't worth the saved money. However one unusual thing about it was that of two drives two failed almost simultaneously. Granted, second drive probably would survive longer if it was a part of hot-swap RAID array, so it wouldn't spin down, but nevertheless I had two drives failing within the same day. If I had RAID in both servers, and two drives failed in the same server, commonly used RAID configurations wouldn't save them. This is obviously not a good excuse to keep the servers without RAID, and I am still supposed to fix that, but it demonstrates that worst-case or nearly-worst-case scenarios do happen, and RAID in both servers would not guarantee that there won't be a "night shift" like this.

There are other reasons why RAID is not a replacement for reliable backups -- rolling back user errors, intrusions, filesystem corruption and broken controllers are more likely scenarios than simultaneous drive failures. RAID does nothing to prevent data loss in those situations, and this is why I have chosen to spend resources on "backup everythng" rather than on "RAID everywhere" in the first place. But again, in the end resourced ended up being spent anyway.

Storage configuration always balances reliability/availability against cost and speed, and it's possible to build an array that survives multiple failures. For a small company, where very low probability of few hours of downtime, and small amount of possible data loss (changes since last backup) is acceptable, massive multiple-redundancy arrays may be pointless, and RAID1/RAID5 will be sufficient. But there is always a possibility that the only way to fix the problem is to restore from backups.

Tags: ,

4 comments or Leave a comment
While XEmacs is a great text editorM-<Delete>M-<Delete>developmentM-<Delete>interactive environment, it has one problem -- its default configuration looks ridiculously ugly:

Large screenshotCollapse )

I mean, background that reminds me of Motif defaults and NCSA Mosaic, fonts from Hell, and UI elements that look like they can fall off the screen and cause some considerable damage to my feet. With the help of the /etc/X11/app-defaults/Emacs and ~/.xemacs/custom.el its ugliness can be reduced to this:

Another large screenshotCollapse )

The custom.el file has the line about KOI8 Cyrillic environment commented out -- uncomment it if you need it. Some fonts are Monotype fonts from "corefonts"/"msttcorefonts" package -- install them or change font names to something you have.

Please note that XEmacs uses X fonts while GTK and Qt use Xft fonts -- it means, XEmacs can't use font smoothing, and you have to make sure, font is included in X server configuration (shows up in xfontsel).

Tags: ,

2 comments or Leave a comment
Last two entries were about the vincent.jb.org incident, and I guess, many people who had seen them, found most of the text to be unreadable technobabble. Since at this point the immediate problems are solved -- vincent.jb.org is up, and scammers lost their email addresses -- it makes sense to explain, what the hell happened, and why.
Very long entry hereCollapse )

Tags: , ,

Leave a comment

Since two addresses in the vincent.jb.org incident were from Yahoo Mail, I have reported them to abuse@yahoo.com.

So far, it looks like I am talking to some piece of software, specifically designed to keep email away from people who are supposed to respond to it. Or at least this is how it's used by hard-working Yahoo admins:

MeYahoo
Wed, 09 Aug 2006 16:01:45 -0600Thu, 10 Aug 2006 21:28:44 -0700
Fri, 11 Aug 2006 00:33:36 -0600Thu, 10 Aug 2006 23:36:21 -0700
Sat, 12 Aug 2006 09:45:24 -0700
Sun, 13 Aug 2006 00:10:39 -0600Sat, 12 Aug 2006 23:55:00 -0700
Mon, 14 Aug 2006 01:49:51 -0700
Tue, 15 Aug 2006 04:06:09 -0600Tue, 15 Aug 2006 14:13:14 -0700

Update: After re-sending email to security@yahoo-inc.com I have finally received a reply that mentions a particular person who, I assume, was the first human other than myself involved in this exchange (personal information X'ed out in that email). On August 16 both exploitko@yahoo.com and priv8.1337@yahoo.com don't work anymore, so it looks like Yahoo doesn't ignore everything, just email sent to abuse@ address.

On the other hand, psikoma.host.sk is alive and well, http://psikoma.host.sk/zoot.tgz (rootkit) and http://psikoma.host.sk/paypal.tgz (fake Paypal site) still contain the old addresses.

Tags: ,

4 comments or Leave a comment
On August 4 I have got a call from j_b -- he had remotely rebooted vincent.jb.org box, and sshd failed to start. The box runs Debian Sarge, and is located at my lab, connected to my network to use my otherwise underutilized bandwidth, so I was the only person who could look at the console and restart sshd. The fact that sshd failed to start was not by itself suspicious because that box occasionally went through upgrades and reconfigurations, and it wasn't too much of a stretch that sshd startup script ended up in a broken state at the moment when the box was rebooted.
Cut for hugenessCollapse )

Tags: , ,

3 comments or Leave a comment
I have decided to move a fax server from a router box (Pentium MMX 233) to the main server (dual Athlon MP 2600+) that runs mail (Exim and Cyrus) and PBX (Asterisk). A router is really not supposed to have a bunch of users connected to its services, and especially not to store huge numbers of Postscript and TIFF files. Giving a router any access to NFS would be a security disaster, so I had two options -- make it into a terminal server for a remote Hylafax, or remove everything fax-related from it completely, and use a new shiny Sipura^H^H^H^H^H^HLinksys SPA-3102 VoIP adapter (replaced FXO-less Zoom 5801 that is now at my home) as a kinda-modem, with all processing running on a server. After all, they are on the same Ethernet, so it must work, right?

Not exactlyCollapse )

So now fax works, though I am not sure if this is a good solution considering that I could do the same thing by just allowing a remote access to the hardware faxmodem on the router. It has an advantage that Asterisk always knows that local phone line is busy when it is sending or receiving a fax, and a disadvantage of lower reliability and higher CPU load. I can make Asterisk aware of the locks on the modem device that Hylafax uses, however that would be a pretty big kludge, so I am not sure yet if I'll keep this configuration. In any case, it works.

Tags: , ,

1 comment or Leave a comment
For a while I had an Asterisk-based VoIP setup at work, that was used for occasional experimenting with SIP and H.323 clients and forwarding local (area codes 303 and 720) calls to my celphone that still has area code 650 (SF Bay Area). It was ridiculously trivial for such a cool technology, so I have decided to put it to a more fitting use, or at least do something more or less practical. That meant, of course, that main office phone should be no longer directly connected to the outside line, and that Asterisk should take over handling of all incoming calls.

Read more...Collapse )

Tags: , ,

6 comments or Leave a comment
The company bought an old IBM Infoprint 32 on Ebay -- even older Lexmark Optra E310 that was our main printer used for drawings and templates had worn out paper feeding mechanism, and 8 inches wasn't nearly enough for most of the drawings that we had to produce. Infoprint 32 supports Postscript, and prints on up to 11x17", what is kinda reasonable, considering that equipment made for 19" rack should fit into 17". The problem is, it doesn't come with a PPD file, and searching for it returns nothing.

After more searching I have found a Windows driver from IBM, ftp://ftp.software.ibm.com/printers/drivers/netwrk/wxpsa_en.exe, that happened to be a CAB archive. It contains, among other things, IBM43321.PPD, a file that doesn't seem to be present anywhere else. Feeding it to CUPS enabled me to print large drawings in a civilized manner, that is, without switching paper formats by pulling the Letter tray out.

Tags: , ,

1 comment or Leave a comment
I have installed Asterisk on the first Trogdor server -- being smtp/pop/imap/http/dns/mysql/postgresql did not take much of its resources, and I wanted to get some experience with voice over IP. So have got asterisk from CVS, bought a Zyxel P-2000W v2.0 wireless SIP phone, got an account at VoicePulse Connect, and added KPhone (for both x86 Linux and Zaurus) and GnomeMeeting to cover that weird ancient thing called h.323. And then I had to configure the whole thing to make all those things talk to each other.
How I have configured all thatCollapse )

Tags: , ,
Current Mood: accomplished accomplished

8 comments or Leave a comment
Not much happened recently, so here is a photo of Zaurus in my car, following my position on the map and playing music through the car stereo.

large imageCollapse )

Tags: , ,

Leave a comment

Nine months ago I have upgraded my Zaurus last time, and had a mixed impression about it. Now I have found that a new OpenZaurus 3.5.3 is released, and decided to check if it is a noticeable improvement.

It is. In fact, if it wasn't for some stupid problems, it would be great, however as usual for OpenZaurus, every release has some annoying problems. This time those problems were:

  1. Truly atrocious startup scripts.
  2. fsck not called when mounting ramdisk or SD/MMC card with ext2 filesystem.
  3. ext3 still isn't supported by the provided kernel.
  4. GUI package manager still sometimes crashing for no reason.
  5. Serial port stil running getty by default.
  6. Crashing on suspending when suspend is called by pressing a button, and for some reason doing the same for "right arrow" held down for a few seconds.
  7. By default, home directory is sitting on builtin ROM, and not in RAM or a card.
  8. Konqueror package has dependency on some snapshot version of libqte2 that is not present in the distribution, however works fine with one supplied.
  9. gpsd is missing.
  10. For some reason portmap is enabled.

Everything else that I didn't like about the old version, was fixed. CF cards work without any glitches, supplied media player plays music without any tweaking, gpsd from 3.5.2 works just fine (except that it came with a wrong startup script), zroadmap is now included in the distribution, and is a 1.0.8 version, a noticeable improvement compared to 1.0.1 that I have used before. Everything is compiled with the same version of libraries, so after fixing the scripts, moving Opie to SD card and root's home to a ram disk, I have got something as reliable as the original Sharp ROM, and as useful as "bleeding edge" setup that I had to piece together before.

I should make patches and send them back to the developers.

Tags: , ,

3 comments or Leave a comment

We all know about dual (and multiple) head setups -- install a board that supports multiple screens, or just multiple boards, or both, connect monitors, configure X to either run Xinerama or just multiple screens (or run Ultramon if you use Windows), and you have multiple screens, that share mouse and keyboard, allowing you to move the pointer around them, more or less following their physical layout.

From that point opinions are split -- some people prefer Xinerama-like configuration where all monitors form a large screen (so a window can be simply dragged between them), some keep screens separate. There is however a situation that often happens to sysadmins -- they get a lot of equipment but it's all underpowered, and the numbers of computers remains equal to the number of monitors. The obvious solution is to just attach all video cards and monitors to the fastest computer, and from there use remote X and ssh to talk to everything else. If the "main" desktop is fast enough, everything is great, however usually this is not the case, and latency+network traffic increase make this configuration rather suboptimal.

Another solution is to simply have all computers separate, and use separate keyboards and mice for them. This would be great if not the need to keep all keyboards somewhere on the desk, plus leave enough space near each of them for the mouse (or use multiple trackballs) -- the whole setup is cumbersome even with two boxes on the average desk. To save space, one can use a KVM switch without the "V" part, however having to turn the knob every time you switch between computers is annoying, and on top of that many sysadmins, myself included, hate KVM switches with a passion, and don't want to see them anywhere close to their desk on principle.

Faced with this problem, I have decided to keep "heads" where they originally were, yet build a setup where I can do everything from a single keyboard and mouse. The program to do this magic behind the scenes is already known, it's x2x, however something still has to run it when the user still has no control over a computer without a keyboard. And it would be reasonable to expect that on multiple computers joined in this setup the user may login, logout and reboot them at different times, losing the connection between them. And last but not least, there is always a matter of security -- the times when people did not think twice before typing xhost + passed long ago.

Here is my solutionCollapse ) Update: Oh, wow, I had ssh-x2x-slave truncated for three years in this entry. Fixed.

Tags: , ,

9 comments or Leave a comment
The second trogdor box is now being installed using its board's PXE and serial console support, without a monitor, keyboard and other things that don't belong on the server.

ScreenshotCollapse )

Tags: , ,

Leave a comment