Saturday, October 23, 2010

Printing with Konica Minolta PP1300W in OSX Snow Leopard (over Time Capsule)

I was supposed to do this years ago, and I actually tried to, but I never got the gutenprinting stuff to work with the built in CUPS of OSX. However, today was the day I thought I might just do it!

Turns out it was quite easy (after I tried all the different combinations that is...)

  1. Go to Linuxprinting and download the min12xxw dmg (min12xxw-0.0.92-ub.dmg).
  2. Download the Ghostscript stuff from the same page (gplgs-8.71.dmg)
  3. Run the installer for min12xxw
  4. Run the Ghostscript installer
  5. Add your printer (it will auto select the Foomatic/min12xx driver
  6. Save and print!

Monday, October 4, 2010

Automatically upgrade Debian with security updates

So, one of the boring tasks of being a sysadmin is to do updates. Well, it's not really boring, just a boring task of doing it if you have more than 10 systems or so.

Since I'm lazy and not really a sysadmin full-time, I'm cheating by using the unattended-upgrades package. Here is how you do it:

  1. Install unattended-upgrades
  2. Add the following to /etc/apt/apt.conf
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Unattended-Upgrade "1";
  3. See if you need to modify
    /etc/apt/apt.conf.d/50unattended-upgrades
    (I didn't)
  4. Watch your logs for any errors during updates (I use logcheck for this)
  5. Read the additional info at https://wiki.ubuntu.com/AutomaticUpdates for more details about this feature if you want to.

Saturday, July 10, 2010

iPhone 3G iOS4 improved speed

After installing ios4 the phone became extremely sluggish, so I thought "why not google around when I'm at home with this shitty cold".

So, first you need to jailbreak your phone (i.e. redsnow or equivalent).
Then install OpenSSH, adv-cmds erica utilities, vim, bash from Cydia or Rock (i prefer Rock to cydia any day).

Now: start with changing your password on root and mobile user to something not guessable,

--

First tip:

The first one I found was to enable some swap memory by uploading a plist that enable the dynamic pager:

Download com.apple.dynamic_pager.plist, scp it to the iphone and place it in /System/Library/LaunchDaemons/ and reboot.

If you are lazy the iMemory Enhancer is available from Cydia (but I like to know which file they are actually touching).

--

The second one is to disable some of the daemons that take care of background tasks.

Login via SSH and perform this:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.syslogd.plist

and continue with these (if they exist)

com.apple.CrashHousekeeping.plist
com.apple.DumpBasebandCrash.plist
com.apple.DumpPanic.plist
com.apple.ReportCrash.DirectoryService.plist
com.apple.ReportCrash.Jetsam.plist
com.apple.ReportCrash.SafetyNet.plist
com.apple.ReportCrash.SimulateCrash.plist
com.apple.ReportCrash.plist
com.apple.powerlog.plist
com.apple.racoon.plist (this is used by VPN subsystem, so don't remove if you use that)
com.apple.scrod.plist (used for voice, which the 3G doesn't support)
com.apple.tcpdump.server.plist
com.apple.apsd.tcpdump.en0.plist (thought to be used by push notification logging)
com.apple.apsd.tcpdump.pdp_ip0.plist ( -"- )
com.apple.wifiFirmwareLoader.plist (thought to be used for the new OTA (over-the-air) updates)

Oh, and you can do the same with sshd if you want to:
launchctl unload -w /Library/LaunchDaemons/com.openssh.sshd.plist
You can then start SSH when you want by using SBSettings

Now lets, deactivate locationd from startup but let it startpup on request

cd /System/Library/LaunchDaemons

plutil -convert xml1 com.apple.locationd.plist
vim com.apple.locationd.plist
------------------

search for RunAtLoad

change true ----> false

----------------
plutil -convert binary1 com.apple.locationd.plist
reboot

Do this under your own risk.

Found the info at modmyui

--

iPhone 3G has shadows enabled default for icons and the dock, which sucks some power, removing some of the png's are supposedly helping the graph libs giving you more memory and power. So, remove/move these files from /System/Library/CoreServices/SpringBoard.app:

WallpaperIconShadow*.png
WallpaperIconDockShadow?.png

--

Also, on another note, people have seen some improvements by removing additional language from applications. Not sure if it really matters or not, your milage will vary:

http://a-common-hades.blogspot.com/2010/02/final-script-for-deleting-iphone.html

Wednesday, June 23, 2010

Startssl certificate (free) + exim + courier (Debian/Lenny)

So, my godaddy SSL cert finally expired. I wanted a new cert, but I weren't up to paying $29/year/domain for something I only have a few users on, but I still wanted a verified CA (no more adding exceptions). Looking around I found the great startssl.com, a CA that exists in most of todays browsers and email clients, and the best of all, their certs are free for non-business users!

The host I run is a Debian Lenny machine with exim4 and courier as MTA/IMAP server. So, here we go:

1) Sign up for a cert at StartSSL, follow the instructions (you will eventually end up with a client cert you need to install in your browser
2) Login, verify your email / domain, go into the certificate wizard and create a "Web Server SSL/TLS Certificate"
3) Create a new private key (2048 keylength is default, stick with it). Remember the password, you will need it later.
4) Save the cert as server.crypted.key. Create a keyless version with
openssl rsa -in server.crypted.key -out server.key
, or just use the toolbox and paste the cert and your key.
5) Select one of the validated domains to create a server cert, enter a subdomain such as mail.domain.com, or whatever. My cert was for the domain.com level, and that name wll also be included in the mail.domain.com cert.
6) The cert is eventuall created, so save it as server.crt
7) Go to the toolbox and download the Server Certificate Bundle with CRLs (PEM encoded) as ca-bundle.pem.
8) Copy ca-bundle.pem to /etc/ssl/certs

I have saved my files to /etc/ssl/startssl/. With this as the base, the real work begins:
Create a dhparam file
1) openssl dhparam -out dhparam.pem 1024
2) openssl gendh >> dhparam.pem

For Exim4:
1) Edit /etc/exim4/exim4.conf. Add/edit this fields:

tls_advertise_hosts = *
tls_certificate = /etc/ssl/startssl/server.crt
tls_verify_certificates = /etc/ssl/certs/ca-bundle.pem
tls_privatekey = /etc/ssl/startssl/0x2a.key
tls_dhparam = /etc/ssl/startssl/dhparam.pem
tls_on_connect_ports = 465
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
daemon_smtp_ports = 25 : 465 : 587 : 10025

2) Your done! Restart exim4 and be a happy camper

For Courier
1) cat server.key server.crt > server.pem
2) cat server.pem dhparam.pem > /etc/courier/imapd.pem
2) Edit /etc/courier/imapd-ssl, Add/edit the following:

TLS_CERTFILE=/etc/courier/imapd.pem
TLS_TRUSTCERTS=/etc/ssl/certs

3) Restart courier-ssl

That's how I got it to work. Good luck!

iOS4 pictures missing

After my gf upgraded to iOS4, her camera pictures disappeared. Seems like the discussion forums are swamped with people with the same problem. Here is the solution: (oh, she's running linux, so she are forced to run iTunes in vmware, and these instructions are thus for windows)

Fix iPhone iOS4 "empty camera roll"

Tools:
iphone explorer (http://www.macroplant.com/iphoneexplorer/)

1) Connect your iPhone
2) Launch iPhone explorer and select the "/var/mobile/Media" as the path
3) Backup and then delete the following files:
/DCIM/.MISC/Info.plist
/PhotoData/Photos.sqlite
/PhotoData/PhotosAux.sqlite
4) Unplug your iPhone, launch Camera Roll and wait as it rebuild the database.


Credits: discussion thread at Apple discussion forum

Saturday, May 8, 2010

Mount remote filesystem with sshfs in crontab

So, I use my remote fileserver for XBMC by mounting it via sshfs (live-stream 1080 video FTW!).

Sometimes the server has to be rebooted though, and I want the mount to be automatically re-mounted when the system is back up again, and I use crontab for that. One problem still exist, and that is that the key I use is passphrase protected, something that is good, and since I use ssh-agent it's not really a problem:

*/5 * * * * test -d /mounts/remote.sys/video || . /home/myuser/.ssh/environment ; /usr/bin/sshfs remote.sys:/data /mounts/remote.sys/ -o Cipher=blowfish -o transform_symlinks -o follow_symlinks -o allow_other

So, what does it do? test -d will test if "/mounts/remote.sys/video" is a directory (the -d). If not, "||" means "not equal", so if it isn't a directory, then do the command following "||". Here I first source the environment variables from ssh-agent, then I just run sshfs to mount the remote system.


Very nice indeed!

Thursday, February 25, 2010

Install a new SSL CA cert to your iPhone



My company uses SSL certificates from IPSCA. They are cheap (especially for wildcard certs), but they also kind of suck (since they had a short validity and their level 1 intermediate cert expired 31 of Dec 2009).

To login to our Zimbra email over HTTPS I need to accept the new level 1 intermedia CA every time I want to read my email! Not funny and hence this:

Download the new SSL cert bundle from your CA. Send it as an email to any email account you have configured in your iPhone, press the attachement and you will enter a config program, select Install on your certificate, (it will complain about it not being signed, but nevermind).

Presto! Now I can visit the email server again without the pesky SSL error.

Tip-of-the-hat goes to this forum that provided the clues for the answer.


---

Ok, so I was stupid, which goes hand in hand with reading blogs instead of thinking for oneself: I could have just visited the website and clicked on the .crt link in the browser. When that happens, the "Install Profile" pops up. Just click install, enter your pin and you are done. KTHXBYE.

Track your laptop?

I used to use Adeona (http://adeona.cs.washington.edu/) for laptop tracking, but since OpenDHT closed down Adeona kind of lost all usability. Today, after the whole story about the school that remotely enabled the webcam in the schools laptop to track their students, I got reminded of Adeona again :)

Oh, the irony in this! A-ny-way: I wanted something to replace Adeona, and I found http://preyproject.com/download instead. Just download and install! It is written in Bash/Perl so it is highly customizable. Since I rather prefer to keep my information myself I created a SSH cert and set it to upload files to one of my public systems instead of using their information center.

Wanna know more? Check them out! It's free, and it's even available for android!

BTW:
To enable scp of the data, set "post_method" to "scp" in /usr/share/prey/config, and set username/hostname at the bottom of that file. Also, since you probably want to run it as root, "sudo su -" and do "ssh-keygen" to generate a new cert. Upload this to a prey-user at your server and there you go!