User:Feystorm

Heres some notes I'm keeping and storing here in the hope that google might turn up results on this page and make some people's lives easier.

garbled or distorted vga console with xorg
So I've ran into this problem on several of my machines (coincidentally all nvidia). Basically the problem is when using vga console mode and switching to a terminal after launching xorg. The best way to describe it is the console will be widely spaced out vertically with the normal 80x25 height font in the background, and the vga mode resolution font you selected on top of it.

I eventually gave up on the issue, but here is what I found. The only way to get the console clean again is to run a util like 'resizecons' (from the kbd package), or SVGATextMode (just a theory, didnt try it, but supposedly does the same thing). However this just makes the console readable again. For some reason it doesnt get the number of lines restored properly, and a couple lines will still go off the bottom of the screen (though it is less than when it is in the distorted mode). My box is x86_64, and for some reason the kbd package doesnt install resizecons on this arch. So I had to manually download the package and compile that binary. The magic that seems to somewhat fix this is that it uses the ioctl VT_RESIZE.

But as I mentioned, I eventually gave up on trying to solve this and went over to the dark side (framebuffer).

vesafb vs. uvesafb
So I was tring to determine which of the two was the better choice, and the primary concern was speed. I couldnt find anywhere that documented which method of framebuffer was faster, so I set out to conduct an experiment and see. To cut to the chase, uvesafb is *WAY* faster than vesafb.

In my experiment I ran `time` on catting a 4k file. With vesafb, this took on average 4 seconds (default settings). With uvesafb, the same operation took on average about 0.2 seconds. So in my setup, uvesafb is approximately 20 times faster than vesafb, both with default settings.

Thunar and cifs/smb
Getting thunar to access cifs/smb natively is actually quite easy. Unfortunately there is diddly squat for documentation on how to do it. All you need is to emerge the gnome-base/gvfs package with the samba use flag enabled. After that you'll have to log out and back in for dbus perms to take effect (so dbus needs to be running), but after that just enter 'smb://host/share' in the Thunar path bar and it'll access whatever remote share you want without actually having to mount it manually. For shares that require a authentication, its 'smb://user@host/share'.

On-demand ssh tunnel
This is how to setup ssh tunnels that start up on demand when connected to.

service unlisted {	type		= UNLISTED socket_type	= stream protocol	= tcp port		= 1234 wait		= no	user		= someuser server		= /usr/bin/ssh server_args	= -y -C proxyhost.example.com -W target.example.com:2345 disable		= no	only_from	= 127.0.0.1 }
 * Setup ssh public key authentication to the host you wish to tunnel through
 * Install the xinetd package.
 * Create a file in /etc/xinetd.d similar to the following
 * Start xinetd

It is important to set the 'user' attribute to the user who's public key you want to use. It will also use the known_hosts file for this user, so make sure to log into the box at least once an accept the fingerprint.

In the above configuration, any connections to 127.0.0.1:1234 will be tunneled through proxyhost.example.com to target.example.com:2345. The tunnel will shut down as soon as the connection is closed. You can adjust the ssh parameters like compression as desired.

ACPI
Control of the backlight and most of the rest of the ACPI system requires you to enable 2 critical options that are a PITA to find; CONFIG_ACPI_WMI and CONFIG_HP_WMI. The backlight itself requires CONFIG_ACPI_VIDEO. Once all these options are enabled (and loaded), you can control the backlight through /sys/class/backlight/acpi_video0/brightness. Note, I also found that these modules have to be loaded before nvidia if you are using it. I dont know why but if you load them after, /sys/class/backlight never shows up.

Sound
Uses the Sigmatel IDT 92HD75B3X5 chipset.

Requires the following enabled kernel options

CONFIG_SND_HDA_INTEL CONFIG_SND_HDA_CODEC_SIGMATEL

For the headphone jack to work, you then need to add options snd-hda-intel model=hp-dv5 to /etc/modprobe.d/alsa.conf (or any file in that dir).

wine & mono
If you have the unfortunate need to run windows apps requiring mono, theres a simple fix you have to do if you dont want to install mono through portage, but install it just in the wine environment.


 * use winetricks to install mono28 (mono210 hangs during install when I tried)
 * cd to ~/.wine/drive_c/Program Files/Mono-2.8.2/bin
 * symlink mono-2.0.dll to mono.dll

Without the symlink, attempting to run a mono app through wine will just result in wine: Install the Windows version of Mono to run .NET executables

boinc gui
When attempting to use the boinc GUI interface, it was refusing to connect to the local boinc client, even with 'ALLOW_REMOTE_RPC="yes"' in /etc/conf.d/boinc. In simple view, it was presenting the error "unable to connect to the core client". To solve this issue, switch to advanced view, go to advanced->select computer, put in '127.0.0.1' (this was the critical part for me as 'localhost' wouldnt work' but '127.0.0.1' would), and for password put the contents of /var/lib/boinc/gui_rpc_auth.cfg

If you wish to change the authentication password, just shut down boinc, edit /var/lib/boinc/gui_rpc_auth.cfg and start it back up.

FreeRADIUS wireless authentication via LDAP bind
I have a wireless router running DD-WRT and I wanted to be able to authenticate users against an LDAP database via LDAP bind (and not have to give the password, encrypted or unencrypted, to freeradius). I couldnt find any documentation on how to do this anywhere (at least not any documentation that worked). This is how I got it to work.

Server

 * FreeRADIUS version - 2.1.12
 * Router IP - 192.168.0.1
 * Shared secret - secret1234

Configure modules/ldap ldap{} section with your LDAP server configuration. This is fairly straightforward, but is dependent upon your LDAP configuration. I did not set the identity or password attributes as anonymous bind is able to look up users (though the userPassword attribute is restricted). I also set edir_account_policy_check to no.

Configure eap.conf. In the eap { tls {} } section, configure your certificates. For the dh_file, you can create it with `openssl dhparam -out server.dh 1024`. For the random_file parameter, I specified /dev/urandom

Configure clients.conf. Add a section for your router similar to the following client router { ipaddr = 192.168.0.1 secret = secret1234 require_message_authenticator = no  nastype = other }

Configure sites-enabled/inner-tunnel.
 * Go to the authorize section and uncomment "ldap"
 * Go to the authenticate section and change the contents of "Auth-Type PAP" from "pap" to "ldap"

Router

 * Security mode - WPA2 Enterprise
 * Radius Auth Server Address - 192.168.0.2
 * Radius Auth Server Port - 1812
 * Radius Auth Shared Secret - secret1234

Client
I use NetworkManager for wireless management, and configuring it is pretty simple.

Under the Wireless Security tab
 * Security - WPA & WPA2 Enterprise
 * Authentication - Protected EAP (PEAP)
 * Anonymous identity - *blank*
 * CA certificate - (None)
 * PEAP version - Automatic
 * Inner authentication - GTC
 * Username - *LDAP user, just the name not DN*
 * Password - *LDAP pass*

KVM & bridging
While attempting to setup a VM through virt-manager, I was unable to get traffic from the VM to cross the bridge. Doing a tcpdump on the VM's interface (vnet0) showed DHCP requests, but a tcpdump on the bridge interface (virbr0) would not show them. Thus dnsmasq was unable to see the queries, and respond to them. Turns out the issue is that the VM's mac address must start with 52. This makes absolutely no sense, but thats just what I observed. So a valid mac address would be 52:00:00:00:00:00.

EncFS & autofs/fstab
For some stupid reason encfs goes against all standard practices for taking arguments from fuse. This makes it impossible to mount from autofs or fstab (and not have it prompt for a password).

So I wrote a custom wrapper script that makes encfs behave as it should so that it can take arguments when called by fuse, and not by the user.

Create /usr/bin/EncFS with the following contents and chmod it to 755 use warnings; use strict; use Getopt::Long qw(:config bundling no_auto_abbrev); use Text::ParseWords;
 * 1) !/usr/bin/perl

my @options = ; GetOptions(	'o=s@' => \@options, ); my @pass_options; my @use_options; for my $option (parse_line(',', 1, join(',', @options))) { my ($key, $value) = split(/=/, $option, 2); if(( $key eq "verbose" || $key eq "anykey" || $key eq "forcedecode" || $key eq "public" || $key eq "reverse" || $key eq "stdinpass") && !defined($value)) { push(@use_options, "--$key"); } elsif($key eq "idle" || $key eq "extpass") { push(@use_options, "--$key=$value"); } else { push(@pass_options, $option); } } exec("encfs", @use_options, $ARGV[0], $ARGV[1], '--', '-o', join(',', @pass_options)); exit(1);

Then for the fuse filesystem type, use "EncFS" (note the case difference, this needs to match the script filename).

Example: mount -t fuse -o extpass="cat /path/to/password" EncFS#/mount/source /mount/dest

Note: I advised placing the script in /usr/bin as opposed to /usr/local/bin because the script needs to be in $PATH, and when autofs is started its PATH does not contain /usr/local/bin. You can put it in /usr/local/bin if you dont use autofs, or if you want to modify the path used by autofs.

PulseAudio per-application volume control
PulseAudio supports per-application volume control, but by default this doesnt do much as you can only control these volumes from the pulseaudio volume control utility. Meaning that in an application like Audacious, when the output device is set to PulseAudio, and the volume control is set to hardware, it will adjust the master volume control, not the per-application volume control.

To fix this behavior, set the following in /etc/pulse/daemon.conf flat-volumes = no

Now whenever Audacious goes to adjust the volume, it will adjust the audacious only volume and thus you wont have multiple applications fighting over the master volume control.

Log database
I ended up switching all my logging to a database instead of files. I dont mean a client/server database like MySQL or Postgres, but an embedded database; SQLite.

This approach has 2 main benefits
 * No more log rotating. Instead of having to rotate logs at fixed intervals, a simple SQL query can delete the logs you want.
 * Easy searching. Instead of having to look through multiple rotated or priority-filtered logs, having to read a huge log to look for specific time frame, filter out debugging messages, etc, you can search for exactly what you want.

Setup
Required use flags
 * app-admin/syslog-ng sql
 * dev-db/libdbi-drivers sqlite3

httpd
httpd (apache2 as gentoo likes to call it) writes out directly to files by default. This behavior can be changed but requires a little extra work. httpd supports writing the error log straight to syslog, but for some reason not the info log. You could write out to a file and then have syslog-ng read that file in, but I dont like that solution as now you have to start cleaning up files. And writing to a fifo (named pipe) you run the risk of filling the pipe's buffer if syslog-ng dies.

Using
To read the logs I have written a perl script to query the database. Its not done yet, come back later.