Recent blog entries for gdvieira

Read-only Bind Mount with systemd

In a previous post I commented on how to create a read-only bind mount out of a read-write mount. That approach only works if your distribution does a mount -a during boot. As Fedora uses systemd to initialize the filesystems, this trick stopped working quite a while ago.

I finally found another trick to get my read-only bind mount. It's a hack, but it works for me in Fedora 20. First create the bind mount as usual, with an entry in /etc/fstab like this:

/source/dir            /destination/dir    none  bind            0 0

Then, create a systemd service to remount the bind read-only:

[Unit]
Description=Remounts bind mount as read-only.
After=destination-dir.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/mount -o remount,ro /destination/dir

[Install]
RequiredBy=destination-dir.mount

Activate the service:

# cp read-only-mount-bind.service /etc/systemd/system
# systemctl daemon-reload
# systemctl enable read-only-backup.service

The remount service should now be called every time the bind mount is mounted by systemd. You can test it by:

# systemctl stop destination-dir.mount
# systemctl start destination-dir.mount

Syndicated 2014-02-11 14:11:51 from Gustavo M. D. Vieira

HP Laptops with Blank Screen on Linux Boot

It appears many HP laptops (including my dm4-2035br) boot Linux kernels with KMS enabled with the screen backlight set to zero. The screen appears blank, but you can see the image if you shine a flashlight on the screen.

If you have the this problem, you can workaround it by adding the following kernel command line:

video.use_bios_initial_backlight=0
How to do it varies from distribution to distribution, but on Fedora you can hit TAB on the installer screen and type it after the other options.

If this solves the problem for you, it might be a good idea to file a bug in Kernel Bug Tracker (under ACPI product).

Syndicated 2013-03-26 16:59:18 from Gustavo M. D. Vieira

Read-only Bind Mount

If you need to bind mount some directory in read-only mode (to securely access a backup dir, for example) it is necessary to first bind mount and then remount in read-only mode.

At least on Fedora, you can perform these two steps automatically using /etc/fstab. Just create a pair of entries like these:

/source/dir            /destination/dir    none  bind            0 0
/source/dir            /destination/dir    none  remount,bind,ro 0 0

I've tested this in a Fedora 14 box. YMMV.

Syndicated 2011-07-23 01:58:09 from Gustavo M. D. Vieira

World IPv6 Day

World IPv6 Day is upon us! Here is a very good article about preparing for it and for the unavoidable IPv6 future.

Syndicated 2011-05-31 19:42:40 from Gustavo M. D. Vieira

Complete Guide to Tap-to-Click in GNOME

Want to know everything that matters about tap-to-click and other touchpad configurations in GNOME. Look no further, go straight to the source.

Syndicated 2010-06-08 01:45:47 from Gustavo M. D. Vieira

Boot an Expert 1.1 in OpenMSX

Someone asked me recently how to run the Expert 1.1 with DDX-3.0 floppy in OpenMSX, as I described in this post.

It is very simple actually, as the configuration of a proper machine is already included in the OpenMSX distribution. If you are curious, look for these files: machines/Gradiente_Expert_1.1/hardwareconfig.xml and extensions/DDX_3.0/hardwareconfig.xml.

All that remains to do is to find the correct ROMs and use the correct command line options. Finding the ROMs is quite easy: ask Google. Put the ROMs in ~/.openMSX/share/systemroms/. The final command line should be something like:

$ openmsx -machine Gradiente_Expert_1.1 -ext DDX_3.0

Syndicated 2009-10-31 18:12:49 from Gustavo M. D. Vieira

GTalk TLS Handshake Bug

Since late February I stopped seeing my GTalk friends in my IM client. I use a personal Jabber server (jabberd2) and all its connections to the GTalk servers were being dropped. After some investigation in the web, I found that Google:

  • Uses a buggy TLS implementation.
  • Has activated encryption for s2s connections starting in February.
The end result was that my server could not establish an encrypted connection with GTalk servers. Here is a very informative bug report.

As GTalk connectivity is very important for any open Jabber server, many servers have published workarounds for the problem. Here is a patch for jabberd2. A new release (2.2.7.1) of jabberd2 was also made to address the issue.

I have jabberd2 2.2.4 in my server. For some reason, I could not make 2.2.7.1 work because of some problems with the Berkeley DB back end. I ended up applying this patch to 2.2.4 and it fixed the problem. I also created a bug report in the Fedora Bugzilla, so maybe a fixed package will be pushed as an update.

Syndicated 2009-03-04 13:45:51 from Gustavo M. D. Vieira

Fedora 9

The Fedora train never stops! I've just upgraded my machines (including this server) to Fedora 9 and I'm very pleased (as usual) with this new release. The polish of the desktop is fantastic. PackageKit is really simple to use (I love its "queue for backend operations" interface philosophy). NetworkManager has matured. The PulseAudio integration, that bothered me a lot in Fedora 8, seems to be complete (the sound daemon is always started and Ekiga won't crash anymore).

As usual, there are some sore spots. And I seemed to attract a lot of bugs this time. For example, among the most common bugs in F9, I got two: "Synaptics touchpad touching to tap doesn't work" and "Samsung hard disks crash the installer". The last one was a real problem and I ended up upgrading using YUM, which I don't recommend if you have a lot of installed packages and have to suffer ridiculous Brazilian "broadband" speeds.

But it gets better. I was hit by more obscure stuff: While installing Fedora on the university cluster I discovered that Anaconda doesn't work right now with static IPs. I ended up setting a DHCP server just for installing Fedora. Also, due to a rewrite GDM XDMCP support is broken. I must be one of the two guys who still use XDMCP to power an old terminal and share the (relatively) powerful desktop. I worked around it by enabling KDM instead of GDM.

The annoying thing about these bugs is that most of them were found on the beta testing period of F9, and none were corrected for the final release. At least, I don't have to feel guilt for never trying one of the preview releases. ;)

Finally, this isn't a bug proper, but I hope I can help someone with the same problem. If your numeric keypad stops working mysteriously, go to the "Assistive technology" preferences and disable the "Mouse keys". It was enabled magically during the upgrade and took me bit of time to figure it out.

Syndicated 2008-08-25 22:45:23 from Gustavo M. D. Vieira

IPv6 on Fedora (Redux)

A little improvement on my IPv6 setup. I discovered a handy configuration parameter for RADV that makes it unnecessary to update the configuration file in the rare occasion my IP address changes. The improved /etc/radvd.conf looks like this:

interface eth0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 0:0:0:1::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
                Base6to4Interface eth1;
        };

};

Syndicated 2008-06-24 20:54:12 from Gustavo M. D. Vieira

IPv6 on Fedora

After hearing about the activation of IPv6 (AAAA) records for four of the root DNS servers I got very curious about IPv6 and its current state of adoption. Well, it turns out IPv6 may not be the solutions to all Internet woes but we will have to learn to live with it anyway.

And so I did. Like 99.999% percent of Internet users I don't have a native IPv6 connection, but enabling a IPv6 tunnel on Fedora is very, very easy. I decided for the simplest type of tunnel, called 6to4. This type of tunnel is very convenient as I don't need to register it anywhere nor do I need to ask permission to anyone. It is based on the kindness of people that run 6to4 routers in the IPv4 Internet at the 192.88.99.1 anycast address. Usually people disregard this type of tunnel as being slow, but routing from Brazil to the world is already so slow I found the performance acceptable. Besides, there isn't much yet to do in the current IPv6 Internet.

Enabling a 6to4 tunnel on Fedora is ridiculously simple. First put the following lines in /etc/sysconfig/network:

NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=tun6to4
IPV6FORWARDING=yes

The last line is only required if you are going to share the IPv6 connection with a local network. The rest of this recipe assumes you are. Now find the configuration file for the interface connected to the Internet. If it is eth1 the file should be /etc/sysconfig/networking/devices/ifcfg-eth1. Put the following lines there:

  IPV6INIT=yes
  IPV6TO4INIT=yes
  IPV6_CONTROL_RADVD=yes
  IPV6TO4_ROUTING="eth0-:1::1/64 wlan0-:2::1/64"

Once again, the last two lines are only required if you have a local network you want to provide with IPv6 connectivity. If not, remove the extra lines and you are set. Restart the interface and you are connected to the IPv6 Internet! When using 6to4, probably due to the performance concerns, Fedora prefers IPv4 addresses. So, go to a IPv6 only site (like http://www.ipv6.bieringer.de/) to test it. And remember to define a IPv6 firewall. Your current iptables firewall only covers IPv4, use ip6tables to create a IPv6 one.

A nice thing about this setup is that a 6to4 tunnel gives me a whole /48 netblock based on my IPv4 address. So, no NAT in my local IPv6 network! The last two lines lines above allow the networking scripts to control the RADV daemon and to create IPv6 addresses to other interfaces (besides the one you are actually configuring). Just treat the /48 of your 6to4 address as a prefix and create a /64 netblock for each interface. Create a /etc/radvd.conf file with an entry like this for each interface:

interface eth0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 2002:XXXX:XXXX:1::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };

};

Where 2002:XXXX:XXXX is your automatically configured 6to4 adress. Start RADV daemon and the hosts in you internal network should receive an automatically generated address.

For me, the next step would be to do the same to this site and add a little bit more content to the IPv6 Internet. Unfortunately, the Xen kernel used by my VPS provider doesn't support stateful iptables support for IPv6. I though IPv6 support on Linux was a done deal, but this critical functionality was only added about and year ago in kernel 2.6.20. It seems IPv6 may be a bit farther in the future than I expected. But it was surely fun to set it up anyway.

Syndicated 2008-02-25 22:27:45 from Gustavo M. D. Vieira

31 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!