Sunday, December 30, 2012

Multiuser pulseaudio in Mint Nadia (and maybe Ubuntu Quantal too)

I upgraded my several home computers to Mint Nadia recently and the audio stopped working the way I wanted.

I run chrome as several different users (a reasonably secure user, an insecure user and myself) and if (in the insecure or reasonably secure browser) a page had audio, I'd have to copy the URL, and paste it into firefox running as myself to hear the audio.

It turns out, Ubuntu Quantal (I'm guessing it's their fault) had changed how to do system mode in pulseaudio. To begin with, we don't even configure pulseaudio in /etc/default/pulseaudio anymore, now it's /etc/init/pulseaudio.conf.

The new way to enable system mode is:
  1. sudo vi /etc/init/pulseaudio.conf
  2. find the "#start on rulevel [2345]" line
  3. uncomment it (remove the #).
  4. restart pulseaudio.

Thursday, December 06, 2012

tcpdump between apache and tomcat

I needed to monitor http traffic between apache and tomcat (apache was reverse proxying).

I usually use wireshark so I don't actually know tcpdump parameters or filter format :-).

For this very common use case though:

tcpdump -vv  -A -s 1500 -i lo 'port 8080'

Friday, November 30, 2012

sudoers for secure and insecure

run browsers as different users.  Previously I didn't need to customize /etc/sudoers since my user had NOPASSWD:ALL.  I'm stepping away from that insecure (but convenient) practice now, so just doing

  sudo -H -u insecure chromium-browser

won't work anymore since it'll require a password, I won't type one in, and it'll fail.

Now I need to add some entries to /etc/sudoers (sudo visudo)

  tiger ALL=(secure,insecure) NOPASSWD: /usr/bin/chromium-browser

and all works again.

Thursday, November 15, 2012

RALink wifi drivers

Our new laptop (an HP Pavilion G6-2119TU) has been prone to crashing once or twice a day (four times today) because the wifi driver for it is unstable.  I'm hoping that the driver from RALink is more stable.

Had to recompile from source, so posting the link here so I can find it again for when I need to rebuild the module on kernel upgrades or whenever I upgrade Mint.

Sunday, November 11, 2012

multi user pulse audio

Because I run browsers as different users I need all three different users to be able to play sound and by default pulse will only allow the currently logged in user to play sound.

To let all three users play sound (usually when I click on a flash video or stream play music from Pandora) it's sufficient to edit /etc/default/pulseaudio, set  PULSEAUDIO_SYSTEM_START=1, and then restart pulse (with a logout/login or an X restart).

On Mint that port isn't accessible to the network by default.  if it is though, then add appropriate iptables rules so that network access is disabled.

Any local users will now be able to access pulse, so only do this if you trust your local users.

In 2016, the way to do this is now via paprefs.  Install the paprefs package and run paprefs as the main user (i.e., I'd run it as tiger and allow localhost only access to sound).

Do this only if you trust all users on the machine.

Saturday, November 10, 2012

xhost for specific local user only

On Linux (Mint, lately, but also Ubuntu and others) I run my browsers as three different users.

  • When browsing sites that need high security (online banking, etc) I use the browser when logged in as myself, 
  • For regular browsing of important but not financial sites (gmail, facebook, etc) I run a browser as a user named "secure" (could be any other name).  
  • For likely insecure browsing (reddit, etc) I run a browser as a user named "insecure"
Previously I would have a shell script that did:

  ssh -X secure@localhost

with public key auth.  Lately I'd switched to a script that did:

  xhost +

instead so I could just

  sudo -H -u secure chromium-browser

but that's not too secure.  I finally broke down and read the xhost manual and am now doing it the right way with:

  xhost +si:localuser:secure
  xhost +si:localuser:insecure

which at least limits the xhost permission to just those two users.

Sunday, October 14, 2012

Linux Mint/Mate Panel on second monitor

Not obvious. I flailed around for a bit until I found this forum post on how to move a mate panel to the second monitor.

Copying the text from that link:

  1. Right-click the panel you wish to move and select “Properties”.
  2. Uncheck the “Expand” option under the “General” tab.
  3. Grab one of the edges of the panel by clicking on the left or right end (top or bottom end for vertical panels).
  4. Drag the bar to the desired screen and position.
  5. Check the “Expand” option in the “Panel Properties” window and click “Close”.

Wednesday, June 13, 2012

mDesktop is a winner!

As I mentioned in the preceding post on disabling windows screen flipping, I'm working on a Windows 7 machine at a client site for a few months. I've half heartedly looked for multi-workspace software for Windows. Must be free as in beer (since this isn't *my* computer and it's not important enough to get the company to pay for the software). mDesktop does a great job. I'd love to have some customization features, but it works great as-is.

Disable Windows screen flip

I'm working at a client site for a few months and they use Windows computers there. For a while I'd get confused because when I'd type Ctrl-Alt-Left or Ctrl-Alt-Right, the display would flip to portrait (with the "top" at the left or the right depending on which key combination I'd typed). It turns out this is easy to fix (well, on *this* machine, exactly where it needs to be fixed may depend on video card/driver). And the path to fix it varies too depending on version of Windows. For Windows 7 and for this Intel Q45/Q43 Express chipset: Control Panel > All ControlPanelItems > Display > Change display settings > Advanced Settings Intel(R) Graphics Media Accelerator Driver > Graphics Properties > Display Settings uncheck "Enable Rotation" > Apply and accept the change.

Saturday, April 28, 2012

Auto stop torrents at 100%



id=`transmission-remote -l | cut -c 1-11 | sed "s/\*//"  | cut -c 3- | sed "s/^ //" | grep "$P\%" | cut -f 1 -d " " `

if [ -z $id ]
  echo "no match : $id"
  sleep 60

  echo "stopping $id"
  transmission-remote -t $id -S

Tuesday, March 27, 2012

No supported regular expression matcher error under ant

Solution is at:

sudo apt-get install ant-optional

Tuesday, February 21, 2012

selenium under jenkins after a firefox update

A client ran into a problem recently. After an upgrade of firefox, they suddenly had many selenium test failures. I was confused and couldn't figure it out for a *long* time.

When we'd connect to the running test (vnc), there were two tabs in the controlling firefox window. It turns out that the second tab was a "Thank you for upgrading firefox". That would have been innocuous if it just sat there in the background. Unfortunately, selenium took it over and then started to run the test in *both* tabs.

Since some tests changed session state (e.g., login, do some logged in work, logout) tests would fail when one tab would log the user in and the other tab would log the user out while the first tab wasn't finished yet.

Running firefox manually while forcing it to use the base profile used by selenium fixed the issue. We could also just have edited prefs.js and modified the lastAppVersion entry, but the first fix is easier (it does the lastAppVersion modification) and anyway I only learned about modifying lastAppVersion directly after I'd already done the first fix :-).

Thursday, February 02, 2012

Binding host directories to container directories in lxc with lxc.mount.entry

I'm very happy about lxc.mount.entry in lxc containers (working in Ubuntu 11.10 Oneiric host, not tested on older hosts since I don't have any around).


lxc.mount.entry=/home/[user]/[some_directory] /var/lib/lxc/[container_name]/rootfs/home/[user]/[some_directory] none defaults,bind 0 0

That lets me mount a directory on the host (/var/lib/lxc/**/[some_directory]) inside the container somewhere (in this example,

I'd tried something like that with samba but had instability problems so gave up. Most of the time it would work fine, but sometimes (I never had the time or inclination to figure out why) something in samba would get out of sync and I'd not be able to write new files from the LXC container, delete files, etc.

Samba does have an advantage in that the UIDs don't have to be the same since you specify which user the files will be mounted by locally. But it's easy enough to synchronize UIDs between host and container.