Computer Miscellaneous

Sunday, August 24, 2008

(Followup) Solved: Fedora 9 default settings for shared memory /tmp

Context:
Using Fedora 9's default installation configuration, the "temp directory" (using another OS's terms) is utilized as /tmp. This special directory is a shared file system and resides in memory known as tmpfs.

Problem:
The default settings for a tmpfs is half of the available memory.

Constraints:
Fedora 9's default set up uses an in-memory solution for /tmp.

Details:
My system has 2 gigabyte of memory. However, the average usage for /tmp on my machine is less than one 1 megabyte. So, more then 1023 megabytes of memory was allocated and never used.

Solution:
I needed to control the size of the /tmp. This is mounted at boot time using the description in /etc/fstab. After a forum search, I looked at the man page for the mount command to determine the need to use the size option during mount /tmp. I decided to try only having 2 megabytes for /tmp.

Original /etc/fstab:

tmpfs    /dev/shm    tmpfs    defaults    0 0

New fstab:

tmpfs    /dev/shm    tmpfs    defaults,size=2097152    0 0

After making these changes as super user or root, I rebooted my system to get th e settings to become active.

References:

Note:
The other options for providing /tmp are:

disk based /tmp, mounting (via /etc/fstab) a disk partition at boot time (preferred)
directory based /tmp on the boot root partition (not preferred for security reasons)

tmpfs /dev/shm tmpfs defaults,size=10% 0 0

Saturday, July 12, 2008

(Followup) Solved: Fedora 9, Skype for Linux 2.0x and the Microphone

Context:
Using Fedora 9's new sound system Pulse, some sound-centric applications like Skype need to be configured differently from their default sound settings.

Problem:
Immediately after installation, Skype for Linux 2.0.x was able to connect to my account and I was able to hear the test calls with reliable clarity.

However, using the Skype Test Call, my microphone sound was very distorted with static, digitalization, and gaps. Enabling the "Display technical call info", showed very high "jitter" and some "cor" (assuming this means corruption) but a reliable connect speed.

As I was able to use Skype for Windows before moving to Fedora 9, I was able to remove the router as the cause of the problem. See the "jitter" for details if you think this might be your problem.

Constraints:
Fedora 9 uses the "Pulse" sound daemon. Skype is a closed ("black box") software application so it's constraints are vastly unknown.

Details:
While I was able to use my microphone without significant issue (the volume was a little low) with other applications ( Sound Recorder ), Skype did not provide a clean and clear sound processing from the microphone. I tried various solutions (listed below) before finding the correct one for me:

Note: After trying each of these solutions and each failed to solve the problem, I reversed most of changes before starting the next solution. I believe I left some of the solutions from the first reference in place.

Solution:

The solution what worked for me came in two parts:

Enhancing the Microphone Volume

Takes from the second post here:
"A. Right click at the volume control, choose preference.
B. File - Change Device - (OSS Mixer), which is the second one.
C. Below the microphone volume- click on the "microphone icon" until there is no cross on it.
D. File - Change Device - (Alsa Mixer), which is the first one.
E. Edit - preference - scroll down - click Mic Boost (+20 dB)
F. Click "Switches", which is next to Playback. Then click Mic Boost (+20 dB)"
This will result in a louder microphone for all of Fedora 9's sound applications using the microphone. If you find that it's too loud, you can unselect the microphone boost on the "Switches" panel of the sound mixer.

Setting the Hardware Microphone in Skype

Taken from the here:
"Firstly, add these lines:
default-fragments = 8
default-fragment-size-msec = 5
at the end of "/etc/pulse/daemon.conf"

Then, edit "~/.asoundrc" and add the following lines if they do not exist:
pcm.pulse { type pulse }
ctl.pulse { type pulse }
Finally, open Skype. Set the "Ringing" and "Sound Out" devices to "pulse", then set the "Sound In" to the plughw device of your microphone."
While the article has more steps, these are the only steps I executed from this reference.
I added the first modifications to /etc/pulse/daemond.conf as shown. I am uncertain exactly what these settings do.
I did not have a ~/.asoundrc file. I created on in my home directory but I do not think it added to the finally solution.
I believe the key part of the solution was the last step (possibly the only step needed): "set the 'Sound In' to the plughwd device of your microphone." The Skype "Sound In" settings are found on the Options dialog under "Sound Devices". Using the drop down box "Sound In", I did a bit of "trail and error" to find the correct setting and required a restart of X when I selected some of the incorrect options. In the end, my correct setting was "Intel ICH5 (hw:ICH6,0)" and yielded a very clear voice using the Skype Test Call" service. Your setting will probably be similar but different.
From other experimentation, I set the "Sound Out" and "Ringing" to "pulse".

References:

Disclaimer:
This solution worked for me. It may or may not work for you. I am not responsible for your actions nor the your results of your actions should you act on what you read here. I do not claim expertise in this very specific area and only convey my experience. There is no warranty on this (and most) free information.

Followup (July 26,2009):

Based on experiences with Fedora 10 and Fedora 11, the above suggestions are not absolute. In fast, they only highlight the "control points" but generally will not solve the problem. During subsequent testing, I found that a change in configuration required a reboot to truly get a definitive result. For Fedora 11, I finally gave up and configured directly against the hardware layer and not with PulseAudio.

Monday, June 23, 2008

Solved: Restoring the Master Boot Record (MBR) to the boot drive

Context: Missing or corrupted Master Boot Record (or MBR) can and usually will prevent booting a computer.

Problem: Having botched a Linux installation, the Master Boot Record (MBR) was destroyed. To recover and boot the computer again, the MBR must be restored to work order.

Constraints:

No floppy drive
BIOS doesn't support USB booting
CD ROM limited on ability to read different CDs
Windows booted from the MBR directly so I could not use Microsoft's fdisk
Lilo was not found on the Fedora 9 Live CD
Grub-install on the Fedora 9 Live CD did not function according to expectation

Details: Installing Fedora 9 Live CD to an Dell Latitude C600, I didn't allow enough room for the Live CD install (I misremembered options for a selective install.) Additionally, a previous GRUB installation on the Master Boot Record was not clean off before installation started. Near the end of the installation, an error occurred (out of space.) The result was a damaged MBR record. The exact cause of the damage was not known.

Solution: Restore MBR from

Boot Fedora 9 Live CD
Confirm presents of file usr/lib/syslinux/mbr.bin
Open a Xterm or other shell
Log in as root or superuser
Umount the targeted drive partition. In my case:

umount /sda1

Write the replace MBR to the drive:

dd if=/usr/lib/syslinux/mbr.bin of=/dev/sda bs=1

reboot

Note!: This was a "long shot" action on my behalf and thus a risk on anyone following these instructions. The contents of the file mbr.bin were a guess on my part as was the correct use and application of dd. While this works, you should know that your results may vary greatly. Use these instructs only as a last resort! Please read the disclaimers section.

References:

Sunday, June 22, 2008

Solved: Adding NVidia Support to Fedora 9

Context: Installing correct, high performance NVida drivers for Fedora 9.

Problem: The default video drivers provided by the Fedora project work fine. However, enhancements such as 3D Desktop are only available with updated drivers. If you do not have an NVidia video card, this blog entry may not assist you with video card concerns.

Details: The Fedora project is stated that is wishes to avoid any contentious software, either from ownership or patent concerns. NVidia is a privately own company and thus their video drivers appear to fall under this concern. See the first link in the reference section for more details.

Solution: Add an additional third-party repository to your "Update Sources":

Do a full system update with existing installed software
Go to http://rpm.livna.org/rlowiki/
Download Fedora 9 repository RPM and install it
Perform an "Update System", search, and install "akmod-nvida-xx", where xx is the latest (or last known good) version of the drivers.
Follow the directions after the installation. I usually reboot after large installations since Fedora 9's update mechanism does not seem to be notifying or enforcing reboot-needed rules.

Note: the Livna source provides other package updates that Fedora 9's default repository sources do not provide.

Note: In general, adding additional repository sources is a security risk and should be under taken with this in mind.

Note!: I would advise that you limit the inclusion of software from third-party sites to only those specific items you want and only if they are well separated from other elements of your operating system. You can easily have conflicts between different built libraries which can cripple your operating system in the matter of a few button clicks. Know what you are installing, where it's from and how it will (or won't) "Play Nice" with other elements.

References:

Saturday, June 21, 2008

Solved: Booting Fedora 9 Live CD on Dell Latitude C600

Context: Booting Fedora 9 Live CD on Dell Latitude C600

Problem: split screen into 2 or three panels at 800x600.

Details: Fedora 9 Live CD detects built-in video card as "ATI Rage 128 M 2G and display type as "Autoconfigured".

Solution:

Note: this solution requires you to "deal with" the incorrect video settings for a brief period of time.

Boot from Fedora 9 Live CD and log in to default login

If the the screen is divided into sections and generally not working, continue. If it's perfect, you're done. Don't make any changes based on what I say in this blog entry.

Move Application panel to left hand side. This will allow you to see more of the menus. Do this by clicking in the grey area next to the mail icon, click and drag to the left side of the screen.

Go to menus "System | Administration | Display", then the "Hardware" tab. Make the following changes:

Display: "LCD Panel 800x600"
Video Driver: "Vesa -Generic VESA-compliant video cards"
Press Ok to commit these changes

Press keys CTRL ALT BACKSPACE to restart the X Window System only.

Do not reboot - any changes made will be lost during a reboot as they only reside in memory.

After you log in again, I was (you might be) able to see the screen correctly.

Note: I tried "LCD Panel 1024x768" the first time with no positive results.

References:
I located some information, ideas, clues or inspiration from the following locations. I am not responsible for external content nor it's availability:

http://ubuntuforums.org/archive/index.php/t-769002.html

Monday, April 21, 2008

When SELinux bites, tell SELinux to go bite it's self

SELinux is a rather impressive, if not annoying efficient process and access-based security system for Linux. I currently enjoy the warm, affectionate glow of alerts on Fedora 8.

As useful as SELinux can be, there are easy ways to make it squeal like a stuck pig (i.e. complain frequently.) My last "stuck pig episode" included a few 25M log files of nothing but squealing. At issue, was a mislabeled file that sendmail wanted to access. After causing my internal email to queue up more than 4000 messages, I decided to work on it.

If I had the specific path to the offending object(s) listed in the alert message, I could have solved this problem with something like:

# Fedora 8: tell SELinux to restore
#   default security labels to a file
#   or directory:
/sbin/restorecon 'services'
/sbin/restorecon -R '.'

Common net-thinking is that the default labels are occasionally fouled when some updates occur. They are most likely fouled more frequently by users editing in their home directory and promoting them into a new location on the file system without handling the security labeling (which is actually the point of this kind of security: know what you are doing and tell the OS what is and isn't OK to do.)

After trying to use the alert system's recommendation, I finally looked for a more blunt instrument (the alert needed to have an absolute path for the offending element so that I could have a change to locate and fix it.)

So, I went to my friend, my buddy, my pal: Google. Google told me (indirectly) to look here for this pearl of wisdom:

# Fedora 8: tell SELinux to restore
#   security labels to all files:
touch /.autorelabel
reboot

This operation asks SELinux to reapply the default security labels to all files on the file systems after a reboot. This "relabel them all and let Root sort them out" approach may have solved more problems than I knew.

Note: I am not running any custom policies yet so there wasn't a conflict for me.

Monday, April 7, 2008

Using SSH and SOCKS to access the web [via Firefox] from remote computer

Source(s)

Information provided in this post was originally located here:
http://www.noah.org/wiki/Category:SSH#SOCKS5_with_Firefox

Description

Occasionally, it is necessary to "web surf from afar". Less about security than about originating IPs, I found a need to create a secure connection so I may web surf as if I were on a different computer.
Use Case 1: Some corporations do not want access to popular or potentially harmful web sites.

Use Case 2: Some websites do not service users from some IP ranges, i.e. from out of the country of hosting.

Setup

SSH Tunnel
In this solution, will will use an encrypted connection between the local computer and a remote computer that you have access and is running and ssh daemon. This solution will create a local computer port that will allow anything sent to this port to be transported to the remote computer and on to it's destination as if it had originated from the remote computer.

On the local computer:
ssh -N -C -D 9999 USER_NAME@IP_ADDRESS
-N : do not open an interactive console on the remote computer [optional]
-C : use compression [optional]
-D : use SOCKS 5 [required]
9999 : local computer port to uses to access the SOCKS proxy [a port # is required, not necessarily 9999]
USER_NAME@IP_ADDRESS : the user name and remote computer information [require most likely]
Note: This connection will persist until the computer is rebooted or you find and kill the associated ssh task in the process list. That being said, be careful not to start more than one ssh tunnel to the same computer.

FireFox Proxy
Use menus Tools | Options
Click on Advanced icon
Select Network tab
Press Settings button
Select Manual Proxy Configuration radio button
Enter localhost and port 9999 on the SOCKS Host and Port.
Press Apply/OK until all extra dialog boxes are closed.
You are now ready to web surf though the remote computer.
Note: I recommend using a proxy switcher extension so you can enable and disable the use of the proxy without needing to go though the menus and dialogs, as shown above. Here is one for example.