Modified on $Date: 2008/05/10 03:56:05 $
Latest updates: (9 May 2008) SqueezeCenter/SlimServer plugin info (13 May 2007) info about PDA Transcode script (7 Nov 2006) running Ubuntu on a Compaq V2000 laptop (28 Mar 2006) script to scan for HDTV channels updated (19 Jan 2006) script for mass-ripping MP3s from CDs
as we enjoy great advantages from the inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously.
-attributed to Benjamin Franklin
Jeff Volckaert created a shell script for transcoding MythTV recordings to a format that can be viewed on portable devices like Sony PSPs and PDAs running PalmOS or Windows Mobile. I wrote a Perl script that extends Jeff's ideas. You can read about the script on the MythTV wiki and view or download the script here.
I recently built a new MythTV system
for recording television and watching HDTV. Recording analog television
with Hauppauge PVR-x50 cards using a cable feed is easy in MythTV 0.19,
and was easy in MythTV 0.18.1, too. Over-The-Air (ATSC) HDTV is also easy.
But cable (QAM) HDTV has not been so easy to set up with my
HD3000 ATSC/QAM HDTV tuner card.
There's a wiki page
that explains how to scan for QAM channels and create a "channels.conf"
file. The steps seemed ripe for scripting, so I made a script called
qamscan.sh to automate the process.
Since my card found *hundreds* of channels from my provider, I've updated
this script (as of 25 March 2006) to automate testing the channels completely.
Older versions would try to spawn mplayer and relied on the user to manually
kill mplayer and decide if the channel was OK, but this one uses console output
from mplayer to determine which channels can be tuned & decoded. I'm still
facing over 30 minutes to test the 246 QAM channels my cable provider has,
but it's much nicer knowing the script can determine which channels are OK.
Note about kernel settings: On my system, the act of displaying a tuned
channel in mplayer would seem to trigger a permanent increase in the kernel's
VmallocUsed (see /proc/meminfo). My Fedora Core 4 system only had about 30mb
of free Vmalloc space after booting, and running this script against my full
'atscscan' output (after booting with vmalloc=500m) brought my VmallocUsed up over 400mb. Adding more complexity,
in order to add "vmalloc=500m" to my grub.conf, I also had to add a line in
the grub stanza reading "uppermem 524288" -- a bug in the FC4 grub package;
quick web searching will turn up details if you're curious.
autorip is a Perl script for ripping MP3s from music CDs. It pulls information from CDDB/Freedb servers and requires no user intervention. It's even suitable for use on "headless" systems like MythTV PVRs.
In Dec 2005 I acquired a Compaq Presario V2000 to use as a personal computer, which means running Linux. I've documented my installation and setup process (and distro rationale) for use in the Linux-laptop.net directory. That information on my experience, including upgrading Ubuntu 5.10 to Ubuntu 6.06 LTS, is here.
Many people make different partitions for their Linux systems, for instance putting /home on its own partition so that it can be left untouched when installing a new version of Linux. Some partitions really ought to be reformatted when installing a new version of Linux. This shell script helps you identify filesystem assets that you probably want to back up before reformatting & installing a new Linux distribution.
To play MP3s and web music streams, I've been using SqueezeCenter, a GPL'ed streaming music system from SlimDevices. SqueezeCenter is designed to serve music streams to SlimDevices' "Squeezebox" music player which networks with ethernet or 802.11g or 802.11b. The Squeezebox hooks into a standard stereo setup, and is a respectable audio component. I have written a few plugins for SqueezeCenter (note: the next previous version of SqueezeCenter is known as SlimServer):
SlimServer/SqueezeCenter plugins I'd like to write, if I had time...
Newer Linux distros have good DPMS / Energy Start support. You can configure them to tell your monitor to go to power down after some period of time so you don't waste energy & light on keeping your screensaver visible. This is espcially important with LCD displays, whose MTBF service lifespan is much shorter than old CRT monitors. I was happy to see good DPMS support when logged in to Mandrake 9.1, but disappointed to see that there was no obvious way to tweak the DPMS power saving options when I was logged out (that is, when X was running and displaying an xdm/gdm/kdm login screen).
In Mandrake 10.1, the process is simpler. Put the following /etc/X11/xsetup.d/, give it a name ending in ".xsetup" (I chose "dpms.xsetup"), and make it executable:
if [ -x /usr/X11R6/bin/xset ]; then
# shut down the screen after 10 minutes
/usr/X11R6/bin/xset dpms 0 0 600
fi
Here's how I configured my Mandrake 9.1 machine to shut the monitor down after 10 minutes of idle time at the login prompt. First, I chose to use the 'gdm' display manager, as it was easiest to figure out, and I like its features (e.g. being able to select a language at login time, just like the old SunOS systems I've used in the past). Second, I had to modify one gdm config script. Here's the diff:
RCS /etc/X11/gdm/Init/RCS/Default,v
retrieving revision 1.1
diff -u -r1.1 /etc/X11/gdm/Init/Default
--- /etc/X11/gdm/Init/Default 2003/12/17 03:59:11 1.1
+++ /etc/X11/gdm/Init/Default 2003/12/17 04:03:53
@@ -4,4 +4,9 @@
/etc/X11/xinit/fixkeyboard
fi
+if [ -x /usr/X11R6/bin/xset ]; then
+ # shut down the screen after 10 minutes
+ /usr/X11R6/bin/xset dpms 0 0 600
+fi
+
exit 0
In May I wrote a longish email to a mailing list about how technology could be used to handle several modern problems: better identification without relinquishing anonymity needlessly; giving users better control over dissemination of personal information; more secure/trustworthy validation of "identification cards". Read it in ugly text-only format here.
I have uploaded a message sent to Bugtraq that describes a class of Web attacks I call "sea surf" (CSRF). Something of a cross between "web bugs" and Cross-Site Scripting (XSS), Web applications that lack good CSRF countermeasures can be made to take actions on your behalf, without your consent or knowledge, if the attacker can simply get you to open an HTML document. No Javascript is required for this class of attacks.
My old ISP used your regular home directory to store Web content. That meant FTP'ing new files would result in the wrong UNIX permissions. So I wrote an ugly shell script to automate the chmod's. Check it out here.
This is a modification of Lehi Davis' enigma disk which uses a Tinfoil Hat Linux floppy distro as the basis for a boot floppy that can be used to wipe out entire IDE and SCSI hard drives. I use this tool to more thoroughly delete data from hard drives that I'm about to replace/sell/discard/donate. For more info on why I'd bother, see this story about the data researchers found on used hard drives they purchased: "formatting" the drive is not good enough.
Lehi's tool is cool but scary: boot the machine, and it automatically wipes out all the hard drives it finds 15 seconds later. I modified Lehi's rcS startup script so that it is interactive: the floppy will find each IDE and SCSI disk that looks real, and ask you if you want to wipe out the disk. First it asks about entire disks; if you answer that you don't want to wipe out an entire disk, it will search for partitions on that disk and ask about each in turn. The data destruction does not take place until after the disk/partion discovery & interaction phase (which is good, because the "wipe" tool the floppy uses is slow -- about 12 hours to wipe a singel 30 GB IDE disk on a P4 1.8 GHz laptop). Caveat: this floppy won't ask about a drive if there's no corresonding, working /dev/h[sd]? entry. It won't ask about any partition unless there's a corresponding /dev/h[sd]??* device entry. Download my modified floppy image here: enigma.img.gz.
Here is my ~/.xmodmaprc file which I use to make it easy to enter international characters in X. It's well commented (I hope). I much prefer this to the "international" keyboard behavior of, say, Microsoft Windows or even some Linux distributions. The primary benefit of the xmodmap approach (in my opinion) is that my xmodmap file makes it very easy to type chracters in your preferred international language without making it awkward to use common characters like ', ", and , itself.
One of the nice things about using Linux on the Internet is that Linux includes very powerful built-in firewall/packet-filtering code. So you can set up your own rules to help protect your machine from black hats on the Internet.
My scripts support ipchains on kernel 2.2 and 2.4, and iptables/netfilter on 2.4 There's a central configuration file (/etc/Bastille/bastille-firewall.cfg) that sets policies which either script will implement. Yes, you can reboot into different kernels, and it will automatically use the proper tools. The iptables/netfilter code also is designed to minimize problems you might encounter if you have enough connections to fill your "conntrack" state tables.
The Bastille-Linux hardening system uses my scripts, but normally the ones you find here are more current. If you don't want to run all of Bastille, or want to be sure you have the latest firewall code, look at the latest firewall code tarballs in http://www.tux.org/~peterw/linux/.
As of 29 Jan 2000, the firewall code on Tux.org is being released in gzipped tarballs, as it involves multiple files. Versions 0.98beta6 and newer have improvements for Red Hat systems if installed properly -- the firewall will reevaluate its rules when you activate an interface, for better security. Users of other distributions please contact me if you have information on enabling similar functionality in your distribution. Thanks!
On April 19th, I spoke at the monthly DCLUG meeting about network security threats, and laid out an introduction to tcpd and ipchains. My unadulterated (nice way of saying not cleaned up) speaker's notes are available in PostScript format for printing or viewing with 'gv'.
There's been a lot of talk on Bugtraq from time to time about applications that use /tmp in unsafe ways. Many of these apps can be made safe by setting the environment variables TMP and/or TMPDIR to point to a directory that only your user account can write to. Months ago, I wrote a script called bastille-tmpdir.sh that was designed to go inside /etc/profile.d (to be called by /etc/bashrc) to create an appropriate directory and set the environment variables when a user logs in. The latest version is more sophisticated. Particularly nice is the fact that it creates the directories inside /tmp (by default) where they will normally be pruned by reboots or housecleaning cron jobs. Also it's designed to work better in environments where home directories may be on central fileservers and users would want temp space on the local workstation.
You can get a compressed tarball of the latest code from http://www.tux.org/~peterw/linux/. The tarball now includes an install/upgrade script that will put the scripts in the proper location (assuming your distro supports /etc/profile.d scripts!) and migrate your current settings if you have an earlier vresion of the scripts installed.
'sudo' and 'su' make it fairly easy to run command line apps as another user. But X apps are more difficult, particularly with regard to limiting aan application's access to X resources that it has no business messing with. My runxas Bash shell script uses SSH, xauth, and Xnest to start up an X environment that you can run apps in as a different user. This will allow you, for instance, to run a Web browser in something of a "sandbox", where it cannot access your important files or interfere with other X applications. Important notes
A simple little script that converts a Netscape Address Book export (LDIF) file to Pine's ~/.addressbook format.
A friend of mine wanted to set up some user accounts for Web publishing. He wanted to restrict the users to their own home directories. With wu-ftpd and some tweaks to /etc/ftpaccess, this script can make it easier to set up individual users for chroot'ed FTP access.
A proof-of-concept Perl script for monitoring the number of free PID slots, and reacting to changes in the size of free space in the process table. The package includes sample reaction scripts that can initiate and revoke firewall rules, and send emails in response to changes.
This script is designed to help you view PDF files from the Web. Since you don't always want to use the same app for viewing PDF's (for instance, you'd probably rather run 'xpdf' than Acrobat if you could, as it's smaller and faster), this small Tcl/Tk app lets you choose which PDF viewer to use. In Netscape's Preferences -> Navigator -> Applications, under the PDF setting, you'd use something like
But what you really want to use is the Red Hat 'linuxconf' utility to set up a ppp0 interface. One problem with the Red Hat setup is you have to choose whether only root can (de)activate the interface or any user. I have devised modifications to "ifup" and "ifdown" that allow system administrators to easily add their own policies for each interface. E.G. only allow users in certain groups. Or ones logged into certain tty's, etc. Take a look: http://www.tux.org/~peterw/linux/ppp/
Not really. Call this the "bailing out" OS/2 stuff. I really like OS/2. The interface, especially with Stardock's Object Desktop beats everything else hands-down. We won't see anything like Work Place Shell for years, and that's a shame. Anyway, one of the biggest problems was moving frol from PMMail.
So how to switch? Well, if you have Perl and Linux, you can use
this script (together with this
one) to convert a mounted OS/2 partition's PMMail 1.91 folders to Netscape
4 / Unix mbox style. Also with this other script you can convert PMMail's ADDR.DB address book to an LDIF file for importing into Netscape 4.
Notes:
I checked out a bunch of of palmtops before settling on the HP 200LX. While it's a great machine, I must confess lately I've been seriously considering a Palm device...
"PNR" is an excellent app for offline email and USENET browsing. Connect to a UNIX shell, run a script to make some UQWK packets, download, and go. Read, reply, and post on the road. Reconnect, upload some files, run another script, and you're done. Minimum on-line time, maximum portability. I took the fetch script from the distribution and modified it more to my liking. Especially improving it ability to deal with newsgroups. Here, take it.
The HP has a nice 21-entry currency converter function in the built-in calculator. While this is cool, it's a hassle to update the values manually. Quite a while ago, H. Shrikumar wrote a nice Perl script for converting some data from a Web site run by GNN. Shrikumar's script created an HP macro that would open the calculator and update all 21 currencies. In the fall of 1996, AOL dropped GNN and the data disappeared however. So to keep my HP up to date and teach myself a little Perl, I wrote a new script that does pretty much the same thing as Shrikumar's with a big difference: it's a Web application. You can pick your own 21 currencies in the order you want and it'll build a custom macro on the fly. Best of all, Mitch Hamm was able to get permission from the Bank of Montreal to use their data, which is updated every weekday. Very cool. Thanks, BMO!
Anyhow, the application is on the Palmtop Network site, specifically, http://www.palmtop.net/money.html
LXFileman is a recent project to teach myself the Tcl programming language. It's a graphical front end to Andreas Garzotto's LXTOOLS package. Andreas' programs let you move files between the palmtop and your UNIX workstation. You can get the latest version here. Take the script, the lxtools package, or just look at the Changelog to see if I've done anything lately. Once it's released, you can bet it will be available at the S.U.P.E.R. site.
All the scripts I've made available here are released freely under the GNU General Public License. Use it (even on Unix systems from litigious bastards like SCO). Break it. Fix it. Have fun.
|
"runxas" notes: It is possible to prevent other X applications from snooping on your keystrokes in applications like xterm that offer a "Secure Keyboard" option. But note that a parent X window can always snoop on a runxas-spawned child, even when using the "Secure Keyboard" option within the Xnest window. If you play with runxas, Secure Keyboard, and xkey or xeyes, you should get a good feel for some of the limitations of the X window system's security mechanisms. |