Sunday, February 8, 2015

Broadcom BCM4313 802.11bgn WPA2 on Linux (Ubuntu 14.01 LTS)

Open source beats proprietary software, that's what's happening now. Ubuntu thinks to make a favour to their users by blacklisting the FLOSS b43 driver and installing Broadcomm's wl, perhaps believing that things might work more smoothly. Well, that's not true: for example WPA2 doesn't work.

This is what I did to make it work.

I basically deleted (or moved somewhere else) the blacklist file /etc/modprobe.d/blacklist-bcm43.conf.

Then I uninstalled the Broadcomm dritver:

apt-get purge bcmwl-kernel-source

I also commented out the relevant line in /etc/udev/rules.d/70-persistent-net.rules.

Okay, maybe you still need the proprietary firmware, b43-fwcutter or something like that, but it's at least good news that now everything works fine (after just a reboot) and I can use any modern Wi-Fi network.

I'm not sure all of the above is necessary. Certainly b43 works better than wl, as far as I can tell. Certainly Ubuntu does a great effort in tweaking GNU/Linux to give their users a better experience, but sometimes it's more of a problem than a solution. Perhaps it's just time to relax: the regular Linux drivers (the ones that the kernel or udev would automatically load by default), well, they... just work.

Note: in case you wonder:

# lspci -n
02:00.0 0280: 14e4:4727 (rev 01)

Sunday, March 23, 2014

Stop copy-pasting!

ssh user@machine sh -c 'cat >> ~/.ssh/authorized_keys' < ~/.ssh/id_rsa.pub

When you SSH into Linux from Windows/MSYS

Add the following to your .profile (works with BASH).

if [ "$TERM" = "msys" ]
then
        export TERM=cygwin
fi
Otherwise, vim, less, man, mc... won't work as expected.

Wednesday, September 25, 2013

FreeRADIUS Check attributes operators for users and groups (and a “reasonable” Fall-Through)

mysql> SELECT * FROM radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute          | op | value |
+----+----------+--------------------+----+-------+
| 14 | b        | User-Name          | := | b     |
| 36 | b        | Cleartext-Password | := | b     |
+----+----------+--------------------+----+-------+
2 rows in set (0.00 sec)

mysql> SELECT * FROM radgroupcheck;
+----+-----------+--------------------+----+-------+
| id | groupname | attribute          | op | value |
+----+-----------+--------------------+----+-------+
| 25 | abc       | Cleartext-Password | += | abc   |
+----+-----------+--------------------+----+-------+
1 row in set (0.00 sec)

mysql> SELECT * FROM radreply;
+----+----------+--------------+----+-------+
| id | username | attribute    | op | value |
+----+----------+--------------+----+-------+
|  4 | b        | Fall-Through | =  | Yes   |
+----+----------+--------------+----+-------+
1 row in set (0.00 sec)

mysql>

The trick is using  :=  operator in radcheck (users’ check attributes table) and  +=  in radgroupcheck (groups’ check attributes table).

That way, if a password is present in radcheck, it will be matched against user/NAS-provided data, otherwise the group password will be matched.

This holds true for other RADIUS check attributes (Login-Time, for example)..

Fall-Through = Yes in radreply is optional; but it’s necessary if you have

read_groups = no

in /etc/freeradius/sql.conf.

Of course it’s assumed that user b is member of group abc (radusergroup table not shown here).

References:


Update: User-Name := b in radcheck is unnecessary, but it could be useful in your frontend application (ahem) to create an attribute-less user i.e. a draft user to configure in a second time.

In the same way, Group := abc could be put into radgroupcheck. But, please, never use = operator, use :=. Otherwise FreeRADIUS would find it uncorrect and coerce it to ==, which means a Group attribute would be required, with that value, in the Access-Request packet from NAS, which is certainly not what you want (access will be rejected any time; see also this commit).

Thursday, July 11, 2013

Fix broken dependencies in a .deb package (the dirty way: extract and re-build)

Which is the only available way when you have no source packages available...

dpkg-deb --raw-extract mypkg_1.0.0-1_amd64.deb mypkg_1.0.0-1_amd64

#
# Edit stuff in mypkg_1.0.0-1_amd64/DEBIAN/control ...
#
# (Possibly create a backup copy of the original .deb)
#

# Re-build the package:
dpkg-deb --build mypkg_1.0.0-1_amd64 mypkg_1.0.0-1_amd64.deb

# Install it:
dpkg -i ./mypkg_1.0.0-1_amd64.deb

# Install missing (but now available) dependencies:
apt-get -f install

Now, the longer story.

Sometimes hardware vendors distribute monitoring tools, but they don’t upgrade them to support recent distro releases.

http://downloads.linux.hp.com/SDR/downloads/ProLiantSupportPack/Debian/dists/

In the specific case, hp-snmp-agents (browse|download) was designed for squeeze and depended upon libsnmp15, which has been replaced by libsnmp30 and/or libsnmp-base in jessie (and wheezy?). So the only solution was extracting the package content, editing Depends: row and rebuilding the package.

More explicitly, in DEBIAN/control:

Depends: hp-health, lib32gcc1 (>= 1:4.1.1), lib32stdc++6 (>= 4.1.1), libc6 (>= 2.7-1), libc6-i386 (>= 2.7-1), libsnmp15 (>= 5.4.1~dfsg), bash, ethtool, pciutils, snmpd

has been turned into

Depends: hp-health, lib32gcc1 (>= 1:4.1.1), lib32stdc++6 (>= 4.1.1), libc6 (>= 2.7-1), libc6-i386 (>= 2.7-1), libsnmp30|libsnmp-base, bash, ethtool, pciutils, snmpd

Monday, June 3, 2013

Prevent custom Debian packages from being upgraded (except by your own “flavour”)

The use case is a QEMU build with GlusterFS native integration.

You’ve created your custom debs.

You don’t want your packages to be replaced by the official Debian ones (which lack the desired feature) the next time you do an apt-get upgrade.

So.

Adopt a customized deb revision name/number such as -2+glusterfs

More explicitely, on top of debian/changelog you write something like:

qemu (1.5.0+dfsg-2+glusterfs) testing; urgency=low
Build and install your package (I assume you know how to do that already).

The magic is done by APT Pinning.

Put this in your /etc/apt/preferences (or create a specific fragment in /etc/apt/preferences.d/)

  Package: qemu*
  Pin: version *-*+glusterfs
  Pin-Priority: 1001

So, in case you create your own repo, only QEMU-related packages whose revision number ends in +glusterfs (i.e.your own “flavour”) will automatically replace your installed ones.

Which is visibly far more flexible then using aptitude hold and friends.

Monday, August 6, 2012

dh_make under debian wheezy (testing)

use --copyright, because -c doesn’t work.