Index of /logtags/ubuntu/index

I've just returned home after spending a week in Prague, where I went to the UDS Intrepid. As usual, it was great! As I'm too tired to write a lot about it, I'll try to sum it up in a pictures.

On Monday the week was opened by Jono, who explained how this UDS would work. As always, it was a bit different from the previous ones, to improve and perfect the UDS experience.

During the day we discussed improvements for the next version of Ubuntu (the Intrepid Ibex) and the community processes, in evenings we had super-cheap dinners at all kinds of restaurants. There even was music afterwards!

The week ended with a party at the "XT3" club, where the Canonical band played a few songs before DJ Holbach took over.

Video of the band playing Whiskey in the Jar (about 52MiB)

More pictures: Day 1, Day 2, Day 4, Day 5, Day 6 (sightseeing in Prague)

After lots of trying and giving up, I've finally configured an asterisk server on my Ubuntu server. I got it to accept connections from my SIP client, and to connect to XS4ALL's "Bellen" SIP service.

First, the easy bit: installing asterisk. You can do this with the following command: apt-get install asterisk (note: as Joe Terranova points out, you should pay attention to the security side of this. Installing on a machine inside your LAN isn't too much of a risk, but if you install it on a machine with a public IP address, make sure you have all security fixes installed, and set up iptables.)

Then you have to configure the beast. This can look hard, because there are almost 80 config files in /etc/asterisk. Furtunately, you can ignore most of them for now.

SIP accounts

First, add a SIP account to sip.conf. An entry for a SIP account look like this:

[connection_nickname]
type=peer
nat=yes        ; Or "no", if your client has a public IP
username=the_username
secret=password123
canreinvite=no ; Ekiga needs this
context=default

Once you've configured this, restart asterisk, and tell your favorite SIP client it to connect to your server using the username you just added. Then use it to call 1000, and you should get a test system.

Now you have a working SIP server with one client, you can add more clients… and there's the first problem: there's no way to make a call to the SIP clients. To make this possible, you have to add entries to the dialplan in extensions.conf.

Find the [default] section, and for every SIP client, add lines like these to the section. You may want to remove the include => demo line: it provides the "test" you called earlier.

exten => 2001,1,Dial(SIP/connection_nickname,30)

Give all your clients unique extensions (you can even use names!). Restart asterisk when you've added all extensions, and try calling other logged-in extensions. Congratulations! You now have a basic, working SIP PBX (without a connection to anywhere else, though).

The sections in extensions.conf are called contexts, and you can use them for access control. Every connection to/from the Asterisk server has a context, and can only call extensions in that context. You can use this to make sure that only some people can make expensive calls.

The Outside World

To connect to the "normal" phone system, you can use a SIP account. I have an account at XS4ALL, so I created a SIP account in their service centre. Then I added this to the [general] section in sip.conf (replace the xxxxxx bit with the phone number you got):

register => xxxxxxxxxx:password123@sip.xs4all.nl/xs4all-in

This makes asterisk register with the XS4ALL SIP server, with incoming calls going to extension "xs4all-in". All you have to do to accept these calls, is define the extension in extensions.conf:

[incoming]
exten => xs4all-in,1,Dial(SIP/2001) ; When there's an incoming call from the
                                       ; SIP provider, step 1 is: forward to 
                                       ; SIP/2001 

Note that it's in its own context, so it can't call your extensions (or other SIP accounts!) directly.

You probably also want to use this SIP account to call other people. For that, you'll need another change in both sip.conf and extensions.conf:

sip.conf:
[xs4all]
type=friend
context=incoming
nat=no
username=xxxxxxxxxx
fromuser=xxxxxxxxxx
host=sip.xs4all.nl
fromdomain=sip.xs4all.nl
secret=password123
canreinvite=no
dtmfmode=inband
insecure=very ; Don't worry
disallow=all
allow=gsm
allow=alaw
allow=ulaw
qualify=yes

extensions.conf:
[outgoing]
exten =" _X.,1,Dial(SIP/xs4all/${EXTEN},60,r)

This adds an outgoing SIP line to Asterisk, and adds an extension for "all numbers with one or more digits 0-9", that calls that number on the outgoing SIP line. Make sure you include the "outgoing" context in the context your SIP client is in, so this extension is found when you dial a number.

More information

Lots of information on configuring asterisk and related programs can be found at the VOIP Wiki.

I've recently tried to get XS4ALL Mobiel UMTS working a GlobeSurfer iCON 7.2 on Ubuntu. This isn't as easy as it should be, so I'm documenting how I did it here.

usb_modeswitch

The device starts in disk mode, which autostarts and installs the driver on Windows. These drivers are useless to us (the option driver is available in the default Ubuntu kernel), and the device won't do serial things unless it's "switched" to serial mode.

To do this, you need to download usb_modeswitch, and compile it using the compile.sh command (the build-essential and libusb-dev packages are required for this).

Then edit usb_modeswitch.conf, comment the configuration variables that are active in the distributed config file, and uncomment the ones for the "Option GlobeSurfer Icon 7.2". After editing the file, copy it to /etc. Also copy the compiled binary (usb_modeswitch) to /usr/local/bin.

Now you need to set up the system so it will run the mode-switch tool automatically when you insert the UMTS device. You can do this by creating a custom udev rule. Create a file called 80-usb_modeswitch.rules in /etc/udev/rules.d with the following content:

SUBSYSTEM=="usb", SYSFS{idProduct}=="1000", SYSFS{idVendor}=="05c6", RUN+="/usr/local/bin/usb_modeswitch"

Note that you might have to undo most of this once usb_modeswitch has been packaged properly.

PPP

The PPP configuration tools are currently a bit buggy, so it's easier to just create your own chat scripts and ppp configuration files. This isn't very interesting, so I'll just list the filenames and their contents.

/usr/local/bin/umts_chatscript

#! /bin/bash
/usr/sbin/chat -V -f /etc/chatscripts/umts-pin || /usr/sbin/chat -V -f /etc/chatscripts/umts-nopin
/usr/sbin/chat -v -f /etc/chatscripts/umts

Note that this file should be executable! Also note that the first script (umts-prep) sends the PIN to the modem. If this fails, the modem probably already has the PIN, so the dial script continues. If the PIN sending was in the same chat script as the dialing, it would be much harder to ignore the error.

/etc/ppp/peers/xs4all-umts

/dev/ttyUSB0 460800
connect "/usr/local/bin/umts_chatscript"
lock

defaultroute

modem
crtscts

usepeerdns
noipdefault

user xs4allusername
password ""

Use the username from the letter XS4ALL sent you with your SIM, or it won't work.

/etc/chatscripts/umts-pin

ABORT BUSY
ABORT ERROR
ABORT 'NO CARRIER'
REPORT CONNECT
TIMEOUT 10
# Set your pin here 
"" "AT+CPIN=0000"

Don't forget to set your pin!

/etc/chatscripts/umts-nopin

ABORT BUSY
ABORT ERROR
ABORT 'NO CARRIER'
REPORT CONNECT
TIMEOUT 10
# Set your pin here 
"" "ATZ"

Don't forget to set your pin!

/etc/chatscripts/umts

ABORT BUSY
ABORT 'NO CARRIER'
ABORT ERROR
REPORT CONNECT
# Prefer UMTS, but switch back to GPRS if it's not available 
"" "AT_OPSYS=3,2"
OK "AT+CGDCONT=1,\"ip\",\"umts.xs4all.nl\""
TIMEOUT 10
OK "ATD*99***1#"
CONNECT \c

Conclusion

You can now connect using Network Manager, or manually using pon xs4all-umts on the command line. Network Manager currently has a bug: it doesn't detect that the network connection is established, so it won't tell the desktop environment that there's a network connection, so some programs might insist on being in "offline mode".

I haven't found a simple signal level monitoring application. This should either be incorporated into Network Manager, or maybe a small applet-like program is needed.

I think this should all work out of the box, or with minimal configuration. It's way too hard now.

Last week, I started looking for a CalDAV server that suits my needs (I need one that does LDAP authentication), and I couldn't find one. The Apple Calendar Server claims to be able to use LDAP, but only through something calles "Open Directory", which only gets built on Darwin platforms, and RSCDS is PHP and wants to use its own user store on top of any authentication I do..

As I don't know enough about the Darwin Calendar Server internals, and I won't touch PHP, I decided to start writing my own WebDAV server (which I'll make into a CalDAV server soon), in perl.

The code is currently still a bit rough, a few mandatory bits of RFC4918 haven't been implemented yet (the "If" header, for example), and a few things are untested (other conditional headers), but it's possible to put files on it using Nautilus, and litmus tests show the basic bits work.

You can get a copy of the current code using bzr:
bzr get http://foodfight.org/download/dav-server/main

I'm off implementing a super-simple version of HTTP Basic authentication, so I can start working on ACL support (RFC3744), which is another prerequisite for implementing CalDAV (RFC4791)...

I've uploaded my first set of photos of UDS Sevilla, covering Sunday and the first bits of Monday.

I'll be flying to Sevilla tomorrow at 12:15, and I'll be landing at Sevilla at around 17:00.

And yes, I'm taking my photo and video cameras :)

I got the replacement for my slow, old 1U server this week. It has loads of disk space (about 960GB), 4GB of RAM, and a Core 2 Duo CPU with the Intel virtualisation extensions. So I installed Ubuntu 7.04 (server edition), and started playing around with kvm.

Ubuntu 7.04 has all the bits you need for virtualization available. Just load the kernel modules, install the 'kvm' package, and you can start installing your virtual machines. As the VNC server inside kvm still likes to crash at unexpected moments, and I wasn't going to forward my X display just to give kvm a place to show VGA output, I had to convince the Ubuntu installer to use the serial console. This isn't as easy as I had hoped it to be (the boot menu on the installation CD requires using the 'normal' console—something I was trying to avoid).

After looking around for a while, I found the Ubuntu network installation files. These contain a special 'serial console' version, which meant I could finally install the guests using PXE. I now have two virtual machines running Ubuntu 6.06.1 on my Ubuntu 7.04 installation, and I still have room for more.

The only problem I have left is starting the kvm instances when the host system starts. I currently use screen and a few shell scripts and start them manually, but I'm thinking of creating an /etc/event.d entry. Does anyone have a better idea?

If your laptop seems to be running hot lately, and it's eating lots of battery power, you might have some old cpufreq settings for gnome-power-manager in gconf. You can reset them to their (new) default values by running the following commands:

gconftool-2 -u /apps/gnome-power-manager/cpufreq_ac_policy
gconftool-2 -u /apps/gnome-power-manager/cpufreq_battery_policy

This brought the temperature of my laptop down, so the fan isn't running all day anymore, and as a side-effect, my battery doesn't give up after an hour anymore after an hour of doing almost nothing (I get the proper 2-3 hours out of it now).

After setting up IPsec with pre-shared keys (in the previous post), I upgraded my setup to use X.509 certificates. This makes it possible to revoke keys (which makes it impossible to connect using those keys.. always nice if a machine gets compromised), and you'll get a key that's generated by something that knows how to generate secure keys (openssl), which is always better than a short 'human-generated' pre-shared key.

It's probably easiest to set up your own CA for this. You can do this by hand using the CA.pl file included with the openssl package, but it's easier to install the tinyca package, and create the certificates from there.

When you've generated a server key for every host you want to set up IPsec on, and exported the public CA certificate and a CRL, you should put the following things in /etc/racoon/certs:

1. The CA certificate (the same on all machines)
2. The CRL (the same on all machines)
3. The certificate (different on all hosts)
4. The private key (different on all hosts)

You should make sure the private key isn't encrypted. Racoon can't handle that yet. The easiest way to do this is to export the certificate/key pair from tinyca using the 'tar' option, then extract the files from the .tar file into the /etc/racoon/certs directory, and run openssl rsa -in my_key.pem -out my_key.pem on it, to remove the password from the key.

After this, you need to let racoon be able to find your CRL. This is done by giving it a filename that's identical to the CA certificate hash. You can do this by running the following command:

# ln -s yourca.crl `openssl x509 -noout -hash -in yourca-cacert.pem`.r0

Now all that's left is actually configuring racoon itself. You need to point it at the certificates you just installed, and have it verify the certificate the other side sends us. All the linked config does is check if it's signed by the same CA, and the signature hasn't been revoked. Check the racoon.conf manual page for more info on the config file format, and the possibility of stricter checks.

I've set up an IPsec tunnel between my network at home and my colocated server. This makes a few things easier: I can now connect to all my machines at home from my server without having to set up port forwarding first (using SSH, of course), and it'll always be encrypted, so if I wanted to, I could even use "unsafe" protocols over the internet. It also exercises the Padlock bits of my VIA C3 CPUs, which means there's almost no slowdown.

First, you have to determine a few things (the values I'll assume in this post are between parentheses):

• The server's (public) IP address (172.16.0.1)
• The client's (public) IP address (172.17.0.1)
• The network you want to use on the server side (10.0.1.0/24)
• The network you want to use on the client side (10.0.2.0/24; this should be a different network from the one on the server)

When you've figured those bits out, install Racoon (it's in the 'racoon' package). Racoon is an IKE daemon. It will listen on port 500 (UDP) for incoming requests and negotiate the keys and encryption methods to use on the IPsec (encrypted) link.

Then it's time to configure racoon. I chose the "old-fashioned" way (not using racoon-tool), because racoon-tool in 6.06LTS is too buggy for me. If you do it like this, you have to edit two files: /etc/racoon/racoon.conf and /etc/ipsec-tools.conf

On the server, you will need a configuration like these racoon.conf and ipsec-tools.conf files. You can read the racoon.conf and setkey manual pages to understand what they're doing.

The configuration files on the client are almost the same, but in the IPs and subnets are in reverse (racoon.conf, ipsec-tools.conf). There's one other difference: the client configuration contains passive off; while the server config contains passive on;. This means that the server will never initiate the connection, so the client will always have to do this first (sending one packet through the tunnel should be enough). If you want the server to be able to initiate the connection as well, you need to set passive to off there too.

After this, all you need to do is set up the shared key, and restart some services. After that, everything should work. Shared keys are configured in /etc/racoon/psk.txt, in the format identifier key. In our case, the identifier is the IP address (of the host we're connecting to), so on the server you put 172.17.0.1 yourkeyhere in there, and on the client you use 172.16.0.1 yourkeyhere.

Make sure both keys are identical, then execute the following commands, and everything should start working the moment you try to send the first packet over the network: /etc/init.d/racoon stop; /etc/init.d/setkey restart; /etc/init.d/racoon start

Please note that you shouldn't use simple words or sentences as a key. The pre-shared key is (afaik) the weakest part in the security of this setup. I'll explain how to use X.509 certificates instead of pre-shared keys in a later post.

If you're also doing firewalling or some kind of NAT on one of the IPsec endpoints, make sure you allow traffic with protocol 'esp' to the remote endpoint.

In the coming weeks I'll extend this with X.509 certificates and a "Roadwarrior" setup, which will allow clients without a known IP address (like travelers with a laptops) to connect.

A few days ago, I tried restoring my laptop to its original factory state by running the recovery CDs that it came shipped with. This mostly worked fine, but after the recovery Windows wouldn't boot properly, and the laptop would freeze with only the word GRUB on its screen.

A few people are going to say "Well, install Ubuntu then", but that's not the point here. The point is restoring the system properly, so it can boot Windows again. I agree that this is actually a bug in the recovery software, but the same thing happens when you delete your Linux partitions and re-grow your Windows partition (which is what some people want, after trying a distribution for a while).

First, you have to get the system to boot Windows. To do this, you need a bootable CD image with GRUB on it. It can be a tiny CD image, with only GRUB on it (probably the smallest CD you'll ever burn :))
You can create one like this:

$ mkdir -p iso/boot/grub
$ cp /usr/lib/grub/i386-pc/stage2_eltorito iso/boot/grub
$ mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -o grub.iso iso

When you boot that CD, GRUB will start up and give you its shell. From this shell you can start Windows like this (change '(hd0,0)' to something else if your Windows installation isn't on /dev/hda1, see the GRUB manual for more on that):

> root (hd0,0)
> chainloader +1
> boot

Windows should now start. It might ask you to complete some steps of the OEM installation (entering your time zone and username, for example), and then reboot. Just re-enter the GRUB stuff to re-start Windows.

Once Windows is done starting, you have to find the I386 installation directory, either on the installation CD, or on C:\I386 as it was on my laptop, and install the Recovery Console by running C:\I386\WINNT32.EXE /cmdcons.

After doing this, you should reboot the system again (using the GRUB trick) and choose the Recovery Console option from the menu that appears. You will get a very limited shell, where you can type 'fixmbr' to fix the MBR on your boot drive, clearing the GRUB bit and allowing you to start the sytem. To do so, remove the GRUB CD from your drive, and type EXIT at the console.

You should now have a properly booting Windows system, without a hanging piece of GRUB.

I've finally been able to get my Mac Mini to display proper 1360x768 output, without horrible scaling. It turned out that the framebuffer wouldn't accept the new resolution X asked for, and stayed on 848x480, while X would think the new resolution had been set. This, combined with the fact that X.org doesn't seem to have a built-in modeline for 1360x768, caused the breakage.

Now my "Monitor" section looks like this:

Section "Monitor"
        Identifier      "Generic Monitor"
        Option          "DPMS"
        HorizSync       30-61
        VertRefresh     50-75
        Modeline        "1360x768" 84.50 1360 1392 1712 1744 768 783 791 807
EndSection

And my "Device" section like this:

Section "Device"
        Identifier      "ATI Technologies, Inc. Radeon 9200 (RV280)"
        Driver          "ati"
        BusID           "PCI:0:16:0"
        Option          "UseFBDev"      "false"
        Option          "MonitorLayout" "TMDS,NONE"
EndSection

Today I was at FOSDEM, and I found a few people who wanted to have their moviegotchis made.

Thanks guys! ;)

This weekend we had the DutchTeamSpurt, where we've done a lot of translating (this was supposed to happen before the Breezy release, but a few things got in the way). We translated a lot, including a large chunk of the website, into Dutch.

A few people agreed to have a "moviegotchi" made too. I have 23 now!

After a weird day of airplanes and a weird sleeping pattern, everything seems to be back to normal. The washing machine is running at full capacity, the printer has been upgraded—a Postscript-SIMM for my Laserjet 5N arrived during my absence—and all bills have been paid.

I also installed a new shower head (the old one was a solid block of deposited minerals) and a new mirror in my bathroom. The old mirror was a composition of "mirror tiles" so I could never quite see myself without a seam somewhere in the middle, so this gives me a whole new perspective on myself ;)

Also, did you know that pre-assembled 500GB USB-2.0 disks are €200 more expensive than an USB-2.0 case and a separate 500GB IDE disk? For that price difference I'll do the assembly myself (which means I'll have a place to put all of my raw DV video from the end of next week, as both were out of stock today :))

Yesterday we went sightseeing in the old part of Montréal, and the old port. The buildings here are really beautiful, and are a nice change after (almost) only seeing the high-rise concrete jungle that is downtown for a week. After walking for a long time, we decided we'd go to the Olympic park to see the Biodôme and the botanical gardens.

The Biodôme is nice, but small and quite boring. It's basically just a zoo divided into 4 parts (tropical forest, temperate forest, the oceans and the antarctic). In every zone, you'll see a few plants and animals native to a place like that, and lots of small facts (on little signs). It's a GREAT place to take pictures (which I will post when I'm back home).

UPDATE! Thanks to the very generous (or just very stupid) neighbors of the hostel, the pictures have been posted.

Yesterday was the last day of UBZ. It was a lot of fun, and lots of things got specced, ready to implement. And of course we made a group photo:

I've made a lot of pictures (which I can't currently upload, as I have about as much bandwidth as an ISDN link from this place), which I'll upload in the next week, when I get home. Watch the feed for updates!

When Mark saw me walking around taking short movies of the people here at UBZ, he asked me to record the lightning talks (we do these every evening) and the morning group sessions.

I have recorded one set of lightning talks, and this morning's morning session. They will be uploaded to Ubuntu servers the moment I finish editing them, so people who can't be here can still get a bit of a taste of what's going on.

Also, the moviegotchi page has an RSS2 feed now (thanks j@bootlab.org). I'm a video podcaster now! Ride the hype! :)

Yesterday spacey and I arrived in Montreal, after a 1-hour flight from Schiphol (Amsterdam) to London Heathrow and a 6-hour flight from there to Montreal.

We met Mithrandir and Simira at Schiphol airport, where they were transferring to a direct plane to Montreal, and we met a LOT of Ubuntu-people while waiting on Heathrow.

Long flights like this are BORING. The first hours are OK, you watch a movie, fiddle aroud a bit with your laptop.. but after that it's just a long wait, and watching the map on the entertainment console doesn't help very much. The boredom was made worse by the fact that I couldn't really sleep, as it was evening in Montreal when we arrived, and I wanted to sleep at the hostel to avoid most of the jet lag ;)

Today is Ubuntu Love Day, with talks from lots of people about lots of things: Kubuntu, Edubuntu, the inner workings of the community, etc. -- I'll post some pictures and "moviegotchis" later.

Last week I bought a camcorder to record jdub's BadgerBadgerBadger mega-talk (more on that when the tour is over—stay tuned!).

As buying a camera for only one talk would be a waste of money, I started recording random people (well, Ubuntu-using people) saying that they use Ubuntu, or how they pronounce it.

The results are in my movies directory. Currently, there are only a few, but I intend to expand the list during Ubuntu Below Zero and during the Dutch Team Spurt weekend.

Because I'm a member of the Ubuntu Laptop Testing Team, I have to do a lot of (re-)installs. I don't really like a few of the default settings in Gnome and Firefox, so I whipped up a small shellscript to configure them to my wishes without it taking me an hour. It also looks cool to see the desktop react immediately to gconf keys being changed :)

Everyone seems to be posting their laptop success/failure story, so I can't stay behind ;)

I got a HP-NW8240 to test from Canonical. Lots of things don't work yet for breezy though:

• The default "ati" display driver won't give me a stable image on 1920x1200 (the native LCD resolution). It's all jumping/moving around.
• Because of this (the fglrx driver does work), it's impossible to switch back to the text console from X (bug in fglrx). Also, resuming from sleep nicely doesn't work, probably because of the same (or a related) bug.

The rest of the laptop (hotkeys, docking station, even the LED in the mute button!) seems to work perfectly.

I've booked my flight and made sure the hostel still had free beds.

Oh, and DutchTeam member Spacey is coming too.

The HP NW8240 that Canonical sent to me has a display resolution of 1920x1200 @ 15.4". After using it for a while, it seems like all my old screens (1280x800 @ 15.4" and 1024x768 @ 14" have huge pixels, and nothing will ever fit on the screen. And the fonts are not really as nice and crisp as they are on the HP.

I might be developing a high-resolution addiction..

Apparently, Acer laptop keyboards are the worst:

(note the € and $ keys...)

For the first time in almost 5 years, the 3 audio hotkeys on my ancient laptop work. And not only that, but they do the right things after a clean install of the daily breezy. Breezy is getting better every day.

Hello, Planet Ubuntu!

Because I haven't received the shiny new Ubuntu-test-laptop yet, I've decided to start creating installation reports on my old laptop: a MyNote C730 from late 200. It has a 600MHz Pentium III Coppermine, and a whopping 192M of memory, and it has never worked completely out of the box.

I was a bit surprised by how well the hoary install went (I had previously only installed warty, and upgraded from there), and almost everything worked immediately, even hibernation (which used to cycle a lot: it re-hibernated every time it came out of hibernation, very annoying :)). There were still a few thing that didn't quite work as expected, like IrDA and the sleep button, but that's not a big issue.

Installing breezy is almost the same as installing hoary, except it offers to reize your current partition and create new partitions in the reclaimed space (cool), or installation using LVM (even cooler). Installation of packages after the first reboot looks a lot nicer to. No long lists of dpkg output, but a nice progress bar, so you know how much coffee you need to make before you're able to use the system.

The brand-new breezy install still has some problems too, the most obvious one being thet X doesn't start (but that's supposed to be a temporary problem). I'm going to try again tomorrow. Stay tuned.

You can find the results on the LaptopTestingTeam/AsusL7300G page in the Ubuntu wiki.