Loading...
 

Greg's Tech blog

My technical journal where I record my challenges with Linux, open source SW, Tiki, PowerShell, Brewing beer, AD, LDAP and more...

Loading Slackware 12.1

Sunday 11 of May, 2008

Release 12.1 of the famous Slackware disto went gold this past week. I loaded it this week with few issues. A couple things of note.

Pat highly recommends the use of a generic kernel. I installed it today with a initrd file. Here's the mkintrd command I needed

mkinitrd -c -k 2.6.24.5-smp -f ext3 -m ext3 -r /dev/sda1

BTW, I confused the underscore and hyphen before the smp in the kernel spec and the system wouldn't boot ("no kernel modules found").

\\Greg

Slackware 12.1 goes RC-2

Tuesday 22 of April, 2008

Monday afternoon Patrick Volkerding announced Slackware 12.1 went RC-2 and is close to release. From the Changelog (cache)

Mon Apr 21 16:47:32 CDT 2008
We have now reached the Slackware 12.1 RC2 milestone. :-) We're beyond
updating packages or fixing minor cosmetic bugs at this point (actually, we
had hoped to be past that with RC1, but there were still items in need of
attention). What we have here now has proven to be stable for our testers,
so unless some real showstoppers are found we'll be releasing this as Slackware
12.1-final soon.

Highlights
Kernel version: 2.6.24.5
KDE: 3.5.9
Install: Now supports network installs vis http & ftp


\\Greg

BotNet: Call to action

Thursday 10 of April, 2008

I read this morning of the new Kraken botnet (cache) and how it is quickly displacing Storm as the latest generator of SPAM and other internet trash. It is time to take serious action to rid the Internet of this blight and I think the large technology companies should be leading the charge. Can the likes of Microsoft, Sun, Google, IBM, Cisco, ATT, Verizon and others (sorry for the US-centric list of companies!) come together in an all-out assault on the existing and proliferating armies of centrally controlled and probably useless to their owner PCs that are making life risky for the PC owner, miserable for the spam police and nerve-racking for the security professional.

I foresee a multi-pronged, multi-media, high and low tech campaign to seek-out and block infected PCs, educate end-users, provide low-cost PC clean-up services and security software.

These companies should see the combined affect of the poor health of the Internet affects the view of their software, and distracts them from the innovation and product development by requiring them to expend resources on value-less changes to their exisiting products.

Hey, Big IT - how about it?

\\Greg

Logon script

Thursday 27 of March, 2008

More on the corporate logon script.

So here's the final script. There is a lot going on because we're trying to think ahead and be prepared for various user & corporate needs. We based this on a script from one staffers previous job. Had we started from scratch, we would have a slightly lighter script, but would invest more time later solving problems.

Note the use of '::' as a comment lead in (as opposed to REM) for easier readability.

@ECHO OFF
:: *******************************************************************************
:: This is the default Somecorp Windows Login batch file.
:: Modifications
:: 3/17/08 GjM Original script
:: 3/26/08 GjM Moved personal script to end; cleanup
:: 3/26/08 GjM Added setdrive.cmd to unmap then remap drives
:: 3/26/08 GjM Added test to see if were logging into a server.


:: *******************************************************************************
:: Change title of window for NT machines
TITLE somecorp DOMAIN LOGON SCRIPT (%LOGONSERVER%)
echo Please wait while your logon is processed...


:: *******************************************************************************
:: ********************* Set a temporary path for executables. ************************
:: ********************* Used only during logon process. *************************
SET PATH=\\somecorp.com\sysvol\somecorp.com\scripts\bin;%PATH%
SET LOGONBIN=\\somecorp.com\sysvol\somecorp.com\scripts\bin
SET USERLOGONBIN=\\somecorp.com\sysvol\somecorp.com\scripts\users

:: Test to see if we should run this script
cscript /nologo %LOGONBIN%\Groupcheck.vbs "MigratedUsers"
if %errorlevel% EQU 0 (
   echo Failed groupcheck, exiting...
   Goto :EOF
)

:: Test to see if we are on a server and shouldn't run
cscript /nologo %LOGONBIN%\IsServerOS.vbs
if %errorlevel% EQU 0 (
   echo Running on a server; skipping logon script!
   Goto :EOF
)

goto Main


:MAIN
:: *******************************************************************************
:: **************** Look for LOGONSERVER and reset if necessary ******************
:: **************** This may be necessary if user logins in off net and joins later
:: **************** Ex: mobile user VPNS and runs script to map drives ***********
:: Check for LOGONSERVER var reset for logon process if necessary for remote access
:: if NOT '%LOGONSERVER%'=='\\%COMPUTERNAME%' goto SKIPSERVERSET
:: SET LOGONSERVER=\\DC01
:: CScript %LOGONBIN%\RegWrite.vbs "HKEY_CURRENT_USER\Volatile Environment\LOGONSERVER" \\server REG_SZ
:SKIPSERVERSET

:: **********************************************************
:: Map Corporate shares
call setdrive H \\somecorp.com\Corp\All_HomeDIR\%username%
call setdrive I \\somecorp.com\Corp
call setdrive J \\somecorp.com\Tech
call setdrive K \\somecorp.com\Prod


:: ********************* Look for and run personal logon script ******************
::
@echo Checking for Personal Logon script...

If exist %USERLOGONBIN%\%username%.cmd (
	@echo Found personal login script
	call %USERLOGONBIN%\%username%.cmd
	)


::A real personal login script...
::This is a Netadmin secret (shhh!)
@if exist c:\local\mylogon.bat call c:\local\mylogon.bat

:: *******************************************************************************
:: ************** Inventory Plus REMd out on 013001 by bsc ***************
:: echo %DATE% %TIME% "Starting Inventory Select: " /n
:: INVselect.vbs abcdefg

:: ********************************************************************************
:: **************************** Launch homepage ********************************
::************************** Added 03/22/02 BSC ********************************
::start http://www.somecorp.com


There are calls to several external scripts
setdrive.cmd
IsServerOS.vbs
GroupMatch.vbs

These scripts are documented elsewhere in this blog


As with all this, use it if it helps.

\\Greg

IsServerOS.vbs

Thursday 27 of March, 2008

More on the corporate logon script.
We needed a way to prevent to script from running if we were logging onto a server. We developed a vbscript to test the ProductName registry key for the presence of the word "server". This works for at least Windows 2000 & 2003. Probably will work for 2008, probably not for NT 4. Neither have been tested yet.

'IsServerOS.vbs GjM  3/26/08
'Looks to see if ProductName reg key contains "Server"
'Returns 1 if yes and 2 if no

Option explicit
const HKEY_CURRENT_USER = &H80000001
const HKEY_LOCAL_MACHINE = &H80000002


dim strComputer, oReg, objargs
dim strValueName, strValue, strKeyPath

strComputer = "."

' Bind to WMI registry provider
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
 strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
strValueName = "ProductName"
' query the path and key.  results returned in strValue
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

'Check for "server" in returned value
If instr(strValue,"Server") > 0 then
	'wscript.echo "Running on a server: " & strValue
	wscript.quit 0
else
	'wscript.echo "Not running on a server: " & strValue
	wscript.quit 1
end if


We then made use of it by adding this to the logon script

:: Test to see if we are on a server and shouldn't run
cscript /nologo IsServerOS.vbs
if %errorlevel% EQU 0 (
   echo Running on a server; skipping logon script!
   Goto :EOF
)


Hope it's clear how this is working. Feel free to borrow

\\Greg

GroupCheck.vbs

Thursday 27 of March, 2008

More on the corporate logon script....

We needed a way to control drive mapping based on group membership (or not). We built a vbscript that returns an error code based on user membership in a active directory group. If they are in the group, return 1, 0 if not.

'On Error Resume Next
' GroupCheck - GjM - returns errorlevel 1 if user is member of group, else returns 0
' EX: groupcheck.vbs 
' 
'
option explicit
Dim objADSysInfo, strUser, objGroup, objNetwork, strGroup, objUser, group, bMatched
Dim strGroupToTest, objArgs

set objArgs = wscript.arguments
strGroupToTest = objargs(0)
bMatched = False

'************************
'Make no changes below this point (unless you know why!)
'************************

Set objADSysInfo = CreateObject("ADSystemInfo")
strUser = objADSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)

For Each group in objUser.memberOf
    Set objGroup = GetObject("LDAP://" & group)
    If trim(objGroup.CN) = trim(strGroupToTest) Then 
          bMatched = True
	  'wscript.echo "Group match"
        Exit For
    End If
Next

If bMatched then 
	'wscript.echo "User in group"
	wscript.quit 1
else
	'wscript.echo "User not in group"
	wscript.quit 0
End If


To make use of this, we added this to the logon script:

:: Test to see if we should run this script
cscript /nologo Groupcheck.vbs "MigratedUsers"
if %errorlevel% EQU 0 (
   echo Failed groupcheck, exiting...
   Goto :EOF
)

In this example, if the user is part of a group called MigratedUsers the script will continue, else it exits.

This could be adopted to run optional parts of the script based on group membershoip. For example, to map a particular drive.

Feel free to borrow this.

\\Greg

SetDrive.cmd

Thursday 27 of March, 2008

For our corporate logon script, we wanted to make sure all net use commands succeeded even if a drive was already mapped. We developed the following script to do this.

::Setdrive.cmd GjM 3/26/08
:: Unsets and sets a drive mapping
:: Usage:  Setdrive  
:: Ex: Setdrive P \\myco.com\Corp
@echo off
::The for /f acts to split the drive letter from the colon so we don't wind up with k::
for /f "delims=:" %%a in ("%1") do (
	:: if the drive is mapped, delete it and remap it; otherwise just map it
	if exist %a:\ (
		Net use %%a: /del 
		Net use %%a: %2%3%4 
	   ) else (
		Net use %%a: %2%3%4
	   )
)


Here's how you might use this. Note: the setdrive script deals with the presence or lack of the colon after the drive letter.

:: **********************************************************
:: Map Corporate shares
call setdrive H \\myco.com\Corp\All_HomeDIR\%username%
call setdrive I \\myco.com\Corp


It's well commented so I'll leave it at that. Feel free to borrow it.


\\Greg

Album ripping with Linux

Friday 28 of December, 2007
Album ripping with Linux

Getting started

I have a collection of several hundred vinyl albums from back in the day. I've made a couple attempts at recording them with limited success. I received an audio-technica at-PL50 turntable for Christmas and plan to get back on track.

The turntable is actually part of the AT-LP2Da package which is designed to assist the Windows user in recording their albums.

  • The turntable has a built-in preamp so there is no need for an amplifier (most amps provide a tape-out which is provides a 'hot' output usable for recording through your sound card.)
  • The package includes a copy of Cakewalk Pyro for recording under Windows XP
  • Lastly the package includes an RCA-female to mini-plug converter, and a mini-plug to RCA-male converter.

Setup

  • My recording PC

I run Slackware 12 on a Dell Optiplex GX620 that has 2GB RAM and a dual core Pentium M processor. Typically it has over 1GB free RAM and the CPU load is typically less than 1. All this says is there is a lot of performance capacity to handle the recording. Slackware 12 runs KDE 3.5.7 so most utilities will be KDE-based.

  • SoundCard

The Optiplex is a business class PC with a built-in soundcard based on the Intel 945 chipset. kMix reports it as Intel ICH7

  • Turntable

Audio-Technica AT-PL50 belt-drive, pre-amp output 200mV at 1KHz, 5 cm/sec

  • Software
    • Audacity 1.3.3

Audacity is a popular open-source audio recording and editing package for linux (and Windows). I figured I start with that. I'm running version 1.33. (Note: I had to compile this version for Slackware 12. I used the build script from SlackBuilds.org. I had a problem from wxGTK, so I needed to compile that first, then recompile Audacity against the latest library)

    • normalize 0.7.7

This tool gooses the volume of WAV files so the play well digitized. Its available from nongnu.org

    • lame 3.97

The quintessential mp3 encoder. I used this command-line to get great quality MP3s (at about 5Mb / 3 minute song):

lame --vbr-new -V2 -q0
To encode a directory of .wav files, try this:

for i in *.wav; do lame --vbr-new -V2 -q0 "$i" "${i%%.wav}.mp3";done

    • Easytag 2.1.4

A great tool for applying ID3 tags. Once the files were split and encoded as MP3, easytag was able to look up the album via keyword and apply the correct tags automagically. (Hint: sort the files alphabetically)

  • The Process

  1. Recording

There is a lot of information on recording with Audacity at the audacity wiki.


Resources

I've collected the following links on recording LPs
Another's thoughts on ripping (cache)

OpenLDAP 2.4

Saturday 17 of November, 2007

I upgraded to openldap 2.4.6 recently and converted from the slapd.conf file to cn=confg and slapd.d directory. The bottom line is the directory config is now controlled through the directory service rather than the config file and config changes are dynamic, happening immediately rather than requiring a directory restart.

(I guess in this sense,it caught up with Active Directory although that comment would be argued fiercely on the openldap list.)

The switch to a /slapd.d-based config is straight forward. You can feed the slapd.conf file through a conversion process by using one of the slap utilities,

The command:

slaptest -f /etc/openldap/slapd.cong -F /etc/openldap/slapd.d
will create the cn=config structure and create the various ldif files that control the frontend, config and backend databases.

Been away

Monday 15 of October, 2007

I've been away for awhile working on a significant project at work. We combined 5 offices and three server rooms into a single building and state-of-the-art data center. It was hugely successful. But this blog and this server have suffered from inattention for the past 6-9 months. The only thing I pulled off during that time was an upgrade to Slackware 12 within hours of release. I really couldn't help myself (I run Vista, too). But it went well except. Some minor issues:

  • apache is now at v2
    • apache config is now in /etc/httpd
    • apache logs in /var/log/httpd
    • apache docroot now in /srv/httpd


So there are a whole crop of things that need work

  • My CA cert is expired! Brilliant, I know. Apparently I only issue the CA cert for 1 week

  • Gallery needs an update, but more importantly there are thousands of spam comment. Mostly rude. Apparently there is a captcha weakness. I've killed many, but the cleanup will be tough.



Classmates extortion?

Thursday 22 of March, 2007

I have to comment on this. I received an e-mail today from Classmates.com today telling me that someone had posted a message to my profile. So I went to the site and was told I would have to upgrade in order to read the message. So do they get to hold that message hostage until I pay? Even after the sender paid for the privilege of sending the message? Brings a whole to meaning to the concept of sending a message, huh? Give me a break.

I've been a non-paying member there for years, but got pretty disgusted a few years back when they went to a pay model and locked down all the information they'd harvested over the years. And that's what they'd done. They provided a useful service for several years in order to gather all the information they could and then put up walls to extort you into signing up for the service. It's lame.

Stay away. Stay far away.

\\Greg

Details:

Classmates.com wrote:
 ____________________________________________________________

                    Who checked you out?
 ____________________________________________________________

 Hi Greg,

 1 person signed your profile!

 Think you know who it was? Find out who's thinking of 
 you now. 
 http://www.classmates.com/go/e/1916436/MVN111406_A_L1A1/4503385848/CM3600


So I clicked the link and found this:

Image

OpenLDAP & SSL/TLS

Friday 09 of March, 2007

I've had a bear of a time getting OpenLDAP to configure for SSL/TLS. I made a couple discoveries today that I want to note.
(Note: this is not a OpenLDAP/TLS HowTo. If you are just starting, please read the OpenLDAP.org docs on configuring TLS)

I was receiving one main error:

no shared cipher

I couldn't figure out whether slapd was configured properly. So first I tested the certs using OpenSSL
--

I ran this in one shell to set up a listner:
openssl s_server 
    -CAfile /var/data/ca/cacert.pem
    -cert /var/data/ca/newcerts/ldap1cert.pem
    -key /etc/openldap/ldap1keyclear.txt -accept 99
    -cipher DHE-RSA-AES256-SHA
and this in another to connect to the listner:
openssl s_client 
    -host uslack2.gmartin.org 
    -port 99 
    -cipher DHE-RSA-AES256-SHA
    -ssl3 (or -tls1)
(note:These commands use your cert files to set up a server and client to exchange data over ssl or tls.)

For me, the connection established and data was exchanged. Thereby proving the certs & CA were correct.
--
Next I ran slapd with -d 255 to enable debugging. What I found was I using an incorrect directive for the TLS options.

I was using:

TLS_CACertificateFile
TLS_CertificateFile
TLSCertificateKeyFile

not:

TLSCACertificateFile
TLSCertificateFile
TLSCertificateKeyFile

Looks as though I confused ldap.conf and slapd.conf directives. Why are they different one wonders?
---

However, I was still receiving "no shared cipher" error. I was using this as a test tool:

To test for SSL on port 636:
ldapsearch  -H ldaps://uslack2.gmartin.org 
    -vvv cn=gmartin -D cn=Manager,dc=gmartin,dc=org 
    -w password -x
To test for TLS on port 389:
ldapsearch  -H ldap://uslack2.gmartin.org 
    vvv cn=gmartin -D cn=Manager,dc=gmartin,dc=org 
    -w password -x -ZZ


I had the following in slapd.conf and ldap.conf:

TLSCipherSuite DHE-RSA-AES256-SHA

(which I cut and pasted from 'openssl ciphers')

I replaced it with the following to fix the issue:

TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP


It's still not clear to me what the syntax should be - the OpenLDAP docs are poor here IMO. Trying to translate the openssl -v ciphers into what's mentioned in the manpage doesn't help me much. Perhaps I'm dense.

---
So I posted a couple questions to openldap mailing list that don't need answers:
- would there be value in making the slapd.conf and ldap.conf TLS directives align?
- Should slaptest report the bad TLS directives?

And one more. In the man page for slapd, there is this explanation for the -h option:

slapd will by default serve ldap:/// (LDAP over TCP on all interfaces on default
LDAP port).  That is, it will bind using INADDR_ANY and port 389. The -h option 
may be used  to  specify  LDAP  (and  other scheme) URLs  to  serve.   For
example,  if  slapd  is  given -h "ldap://127.0.0.1:9009/ ldaps:/// ldapi:///",
it will listen on 127.0.0.1:9009 for LDAP, 0.0.0.0:636 for LDAP over TLS,

The last part seems inexact. It says -h ldaps:/// will cause slapd to listen on port 636 for LDAP over TLS. Should that say something like:

"will cause slapd to listen for LDAP over SSL on port 636 and for start_tls on port 389. With properly configured TLS directives, specifying '-h ldap:///' will make available TLS over port 389"
-------
And for posterity, here are the TLS directives from my conf files:

slapd.conf
TLSCipherSuite  ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP
TLSCACertificateFile /var/data/ca/cacert.pem
TLSCertificateFile /var/data/ca/newcerts/ldap1cert.pem
TLSCertificateKeyFile /etc/openldap/ldap1keyclear.txt
TLSVerifyClient never

ldap.conf
TLS_CACERT /var/data/ca/cacert.pem
TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP

OpenID Evaluation

Monday 01 of January, 2007

I was talking through OpenID with some friends recently and decided I could best explain it and understand it by writing a bit about it. OpenID is a recent development in the lightweight ID realm where the user maintains the identity and 3rd part web sites decide whether to consume or make use of that ID.

With the proliferation over the past several years of web sites requiring some sort of user profile and authentication (account), it's become more and more of a nightmare for the average person. Not only must we create and manage each of these accounts, but we have to try to remember what we've done and where we've been.

I recently logged in at ESPN to create and entry for the College Bowl Mania contest they run. I logged in early December, created and my entry. I went back several weeks later - cleaned it up and finalized. it. The other day I was told I had not joined the group I'd wanted to. I logged in again (after looking up my ID again) and found no entry. On a whim, I requested my login ID. After giving my email address, I received a message listing two IDs that I hadn't remembered. I logged in with one of them and found my missing entry. I had three accounts on one site!

Now, my memory may be failing me, but the larger point is that along with those three I'll be I have accounts a more than 50 sites around the web. I try to standardize on a single account name, but my name is rather common and I regularly have to try to invent other account names. This all ends up a big mess. Now I'm a rather savvy web user having been on the Internet since before the web, and a near 20 year IT vet so I can't imagine what it is like for the average person. !!! OpenID comes along

In the past year or so, the attention to the Identity problem on the Internet has grown significantly and several

Tikiwiki cvs stuff

Saturday 09 of December, 2006

To work cvs BRANCH-1-9 (Note: the :ext: not :pserver:)

- export CVS_RSH=ssh
- For BRANCH-1-9
-- cvs -z5 -d:ext:gregmartin@tikiwiki.cvs.sourceforge.net:/cvsroot/tikiwiki co -r BRANCH-1-9 tikiwiki

- For HEAD
-- cvs -z5 -d:ext:gregmartin@tikiwiki.cvs.sourceforge.net:/cvsroot/tikiwiki co -r tikiwiki



To Commit:
cvs -z5 -d:ext:gregmartin@tikiwiki.cvs.sourceforge.net:/cvsroot/tikiwiki commit <filename>

PHP debugging

Saturday 02 of December, 2006

I needed to do some debugging of the LDAP authentication with Tikiwiki 1.9.7. I needed a way to see how variables were being set. I found this page on debugging (cache).

I created a file called lib/debug2.inc under /tiki and set the permissions for apache.

I added this line to tiki-index.php:

include ('lib/debug2.inc');

Once that's done, you use this line to print a variable:

debug2_(FILE, LINE, variablename, $variable);

The output is sent to /tiki/debug.out. I ran tail -f debug.out while I was working.

One thing to note., with this loaded, while everything else worked, I could not display tiki-index.php. I would get the error:

"File open failed - global.var.inc"

Fixing LDAP & Tikiwiki 1.9.x

Friday 01 of December, 2006

I use OpenLDAP to authenticate users for my Tikiwiki installation. Between version 1.9.4 and 1.9.6 LDAP auth broke. It looks like tiki upgrade the version of Pear::Auth they use. I found out the problem had to do with the LDAP connection not shoosing to switch to LDAP version 3 calls.

To fix this, there was a short term fix to add this at line 291 of the LDAP.php that comes with Pear::Auth (tikiwiki\lib\pear\Auth\Container\LDAP.php)

$this->options['version']=3;

This has the effect of adding version=3 to the options array that is passed to the LDAP connect method.

So that hack was ok for while, but the I got restless. I modified Tiki so that there is a version option on the Admin->login page. Set this to 3 and all is well.

Here's how:

In lib/userslib.php at line 632 add:

$options["version"] = $tikilib->get_preference("auth_ldap_version", 3);

In tiki-setup.php at line 1195 add:

$auth_ldap_version = "";
$smarty->assign('auth_ldap_version', $auth_ldap_version);

In tiki-admin-include-login.php at line 444 add:

if (isset($_REQUEST["auth_ldap_version"])) {
  $tikilib->set_preference("auth_ldap_version", $_REQUEST["auth_ldap_version"]);
  
  $smarty->assign('auth_ldap_version', $_REQUEST["auth_ldap_version"]);
    }

Lastly, in tiki-admin-include-login.tpl at line 201 copy the LDAP Admin Pwd line and change it to LDAp version and auth_ldap_version (I cannot copy that line here, the html screws up the page)


Podcast Converter

Wednesday 29 of November, 2006

I found a new Podcast called the Story of Digital Identity SToDID. No sooner did I discover it, then the host, Aldo Castañeda, switched to m4a format. He did so due to potential licensing and file size issues with mp3. See his comments in the comments for Episode #38 (cache) where we diascussed the issue.

Well, I own a Creative Zen Nomad Xtra and use it regularly to listen to podcasts. It does not support the m4a format. I went looking for a way to access the content, found a couple tools and wound up writing this Windows script to convert the file from m4a to mp3. It uses some open source tools — faad, lame and tag to do the heavy lifting. One caution - it removes the original .m4a file when complete. Instructions to stop that are included.

As an after thought, I added the ability to rip the audio m4v files as well.

I use Juice to download my podcasts and it provides a feature to run a command after each download. It provides two parameters for use with the command.
%f = filename
%n - podcast name

I use this command in juice:

start "postDL" cmd /c c:\acc\m4tomp3.cmd "%f" "%n"

The script access %f as %1 and %n as %2

@echo off
::m4ToMP3
::Greg Martin  11/29/06
::Converts m4a and m4v files to mp3 for use on a mp3 player
::  (note: if you've not seen them before, a double colon is similar to a comment (REM)

::sleep to give juice time to complete file write
sleep 5

set podname=%2
set origFileName=%1

:: since a specific filename is passed as %1 the 'for' does nothing except parse
:: the extension & filename
:: fext is set to file extension (.m4a  or mp3)
:: fname is set to filename (less extension)
for %%a in (%1) do set fext=%%~xa& set fname=%%~na& set fpath=%%~dpa

::Convert if needed
if %fext%==.m4a call :convertit %1
if %fext%==.m4v call :convertit %1
call :settag
goto :eof

:convertit
@echo export to wav
::use faad to decode to wav
faad %1
sleep 1
@echo convert to mp3
::use lame to encode to mp3
lame -h -b 96 "%fpath%%fname%.wav" "%fpath%%fname%.mp3"
:: cleanup (remove %origFileName% from the net line to keep the original file after conversion)
del %origFileName% "%fpath%%fname%.wav"
 
goto :eof

:settag
tag --removeid3v2 --genre 90 --album %podname% --title "%fname%" "%fpath%%fname%.mp3"
goto :eof


Feel free to use this script. Please share any changes with me to help make it better.


\\Greg
gmartin@gmartin.org

SSH private key login

Tuesday 31 of October, 2006

I wanted to configure sshd so that I could login without a password. I found a brief article at thinkholelabs (cache). While it has some other problems, the tutorial for authorized keys worked well.

After making this all work, I disallowed password logins using:

PasswordAuthentication no

The next thing is to enable some type of port knocking process.
Found this site (cache), and this DenyHosts script (cache) seems promising, but no time now.

Slackware 11 (part 3)

Saturday 07 of October, 2006

OK so we're cruising. I've configured the local samba settings so I can access my backup server. I copied over some scripts and am currently sync'ing data from my soon to be old server to the new.

While it copies I'll begin installing some of the basics.

* Installed 1.240 of webmin and upgraded internally to 1.30.

* Fixed the sound by installing the 2.6.17.13 modules and turning up the speaker volume :redface:

* Cleaned up lilo.conf so the smp kernel is the default and timeout is 10 seconds

* Started a sync of slackware-current and slackware-11 trees


Slackware 11 (part 2)

Saturday 07 of October, 2006

This morning I started cleanup of the problems listed above. Since I selected the huge26.s kernel, I need to load the modules for the 2.6.17.x modules. They are on disk2 in /extra/linux-2.6.17.13 directory. I loaded the linux-kernels-2.6.17.13.tgz package using 'installpkg linux-kernels-2.6.17.13.tgz'

I also edited /etc/lilo.conf to comment out vgs=790 and uncomment vga=791. I restarted. 'Ifconfig' reported the network problems are resolved, but I still have the video mode problem. Then I remembreed I didn't re-run 'lilo' after the lilo,conf edit. I did so, restarted again and that was resolved.

Next things - I have no sound (predicted by Pat V.) and my machine is only recognizing one core. (less /proc/cpuinfo shows only processor :0 info ) That's because this kernel is not SMP.
The sound will be solved by using a 2.4.x modules. I'm not sure how that works yet.
At this point, I'm going to switch to the 2.6.17.13-smp kernel

  • The kernel package is in /disk2/extra
  • copied the kernel, config and system.map file to /boot
  • created a link to system.map and config in the /boot directory
  • edit lilo.conf and added the new image
  • ran lilo to re-read the config


On reboot, I selected the smp kernel, but there were a bunch of errors about missing modules and the keyboard didn't work. So i restarted the hard way confused


I found the kernel modules in /disk2/extra/ and loded the kernel-module package. After reboot, I have two cores, and 2GB RAM

All goodness!


Slackware 11 Install

Friday 06 of October, 2006

I'm planning a Slackware 11 install and upgrade. I have new hardware (Dell GX620 Dual core, 2GB RAM, 250Gb SATA drive and the Intel 945 chipset.

My current system is an old Dell GX110, 1Ghz, 360MB RAM. I've installed quite a few packages over time. Here's my list

packageversion
TikiWiki1.9.4
Gallery2.x
WebCalendarCVS
phpGEDView3.3.8
PhpMyAdmin2.6.1
phpLDAPAdmin0.9.5
OpenLDAP2.3.20
OpenSSL
Nagios2.1
Webmin


I've downloaded the ISOs (hurray for bittorrent), burned them, printed and read the Readme, changes & hints and other pertinent docs from disk 1.

My next step is to boot from CD and partition the drive. I'm trying to find the best way to do that (yeah there are only guideline). I like using / & swap so that I can take advantage of one big disk, but I think there is benefit to segregating data from system.. Problem is I tend to store data in /var and custom programs in /usr/local so if I switch both out to their own partitions, I'm asking for future trouble. I think I'll go with the single partition for now.


Next decision was what FS to use. I read an article recently where SUSE dumped Reiserfs as the default format for disks. In reading their reasoning (basically, lack of developer interest), I've decided to use ext3 instead.)

Everything installed. I selected the huge26.s kernel and rebooted. I did receive an error on boot that an unsupported video mode was selected. I'll need to do some work in lilo.conf

I ran xorgsetup and started kde. After firing up Firefox it appears there is no network. Sure enough ifconfig shows only 'lo'

I need to copy some files from my backup PC. I've reconfigured smb.conf and started it, but at the moment it will not find the PC. Guess I'll come back in the morning.

\\Greg

Webcalendar

Thursday 21 of September, 2006

To prove mysql was working I installed webcalendar.

I copied the files over from uslacker and used <span style="font-style: italic;">phpmyadmin</span> to export the database.

I created a database (yes latin1_swedish is the correct collation) and imported the file that came from the export.

I had to change <span style="font-style: italic;">setting.php</span> to use <span style="font-style: italic;">user.php</span> and not <span style="font-style: italic;">user-ldap.php</span> since ldap is not currently running.

I managed to rememeber my non-ldap userid (Greg) and the password (sorry!)

All is well

Mysql install

Thursday 21 of September, 2006

Slackware-current uses Mysql5. I installed it and have had problems with the permissions. I re-ran muysql_install_db and reset the root password and all seems well.

Installed phpmyadmin 2.8.2.4 and then upgraded to 2.9.0 released today.

System upgrade

Thursday 21 of September, 2006

started the upgrade of this site onto new hardware. The new box has an Intel Core Duo w/2GB RAM. I built it with Slack 10.2 and upgraded to current. I'm awaiting 11.0 final before I complete the install. pat has just release RC5 so we're real close.

New system

Sunday 06 of August, 2006

I'm rebuilding on a Dell GX620, Pentium D Core Duo, 2GB RAM, 250GB SATA. Nice machine. I had some problems getting started.

  • Video recognition

When I went through xorgconfig, the xorg.conf that was created would not start. Final error was No screen found. I tried lots of things. Seems like there is a problem with the Intel 945 chipset. Whenever I specified the i810 driver, no glory.
I was using the default vesa driver, but it only recognized up to 1024x768 and my LCD needs 1280x1024.

I posted to LinuxQuestions and was asked to try xorgsetup instead. The conf file worked and all is swell. Here's the thread from LQ (cache)

  • Missing RAM

The machine has 2GB RAM but only 900+MB are recognized by the OS. Posted that to LQ as well. Apparently I need to recompile with Himem support. Thread here (cache)

My plan is to upgrade to -current. After that, I'll try both of these issues again.