Tag Archives: Linux

Mounting a Fritzbox NAS share on *nix

Posted on by
Reply

Since I had some trouble mounting the share of a AVM Fritzbox 7270 on my FreeNAS box, I did some research how to do it. The solution was quite easy after I figured why he was whining that he couldn’t find the server (turned out the VPN caused a problem with the NetBIOS resolution). The required share name was also one thing that irritated me since normally you can see that name when you browser the CIFS server. Here actually not, but this is nothing you can’t change with a bit of “smbutil view //server”. In the end the command to successfully mount the share on FreeBSD and Linux is as following:

mount_smbfs -W <workgroup> [-I <fritzbox ip>] //[username@]<fritzboxip>/FRITZ.NAS /mnt/<target directory>

Example: mount_smbfs -W WORKGROUP -I 192.168.178.1 //myuser@192.168.178.1/FRITZ.NAS /mnt/fritznas

It’s quite simple. The parameter “-I” is optional, same goes for the username. Set those as needed and fitting to your settings on the Fritzbox itself. If you need a username/password, he will ask for the password interactive. For how to setup this mount command without password prompt check the manual of smb.conf.

flattr this!

Adding copyright/creator infos to your photos made easy

Posted on by
1

I was lately wondering how I could add copyright/creator information easy to my pictures. First I thought after some reading I could have my camera do it for me, but sadly it’s only available on the more expensive cameras. So how we can still do it without much pain? The solution is easy, it’s ExifTool. With it you can easily add Exif/IPTC information to your photos.

ExifTool is a commandline tool for Windows, OSX, Linux and more. On the website you find packages for Windows, OSX and on Linux/others use your package manager. Once installed, it’s an easy task. Open a commandline, navigate into your photo folder, and issue the following command:

exiftool -by-line="[your name]" -CopyrightNotice="© [your name] ; Licence: Creative Commons cc-by-nc-sa 3.0 United States (http://creativecommons.org/licenses/by-nc-sa/3.0/us/)" -artist="[your name]" -Copyright="© [your name] ; Licence: Creative Commons cc-by-nc-sa 3.0 United States (http://creativecommons.org/licenses/by-nc-sa/3.0/us/)" -v0 -progress -E -overwrite_original *.JPG

The command overwrite the original files, if you don’t want that remove the “-overwrite_original” parameter. And yea, don’t forget to insert your name and change the licence to one of your liking. And if you want process whole folders recursive, then add the parameter “-r” to the line.

You wonder why all the stress ? Well, this way people can tell who made the picture and for what they can (not) use the picture. This especially interesting if you post them public like on G+, Flicker and so on where they can spread uncontrolled. Also it helps you tracking them (unless someone remove the infos).

flattr this!

Getting subtitles from YouTube made easy

Posted on by
Reply

When I wanted to save me some hillarious video from YouTube I encontered a the problem to get the subtitles since they’re part of the fun. But thankfully I found a solution on Sourceforge called “Google2SRT“. With this lil’ program its piece a cake to grab the subtitles you want (except the automatic generated speech2text ones).

google2srt_screenshot

Its very simple to use, just select Web, insert the URL of the YouTube video, hit “Read”. Then he present the found subtitles to you and after selecting which you want just hit “Go”. After that he grabs the subtitles and converts them into SRT (SubRip Subtitles) from where you can easily merge them into a MP4/MKV or edit/convert them into another formats. Since the program is written in JAVA it practially runs where JAVA runs, like Windows, Linux, OSX and more. Used it on a Ubuntu 12.04 (64 bit) and worked fine.

flattr this!

Perfect codec for fluent video editing on Linux is called DNxHD

Posted on by
1

I came across DNxHD just a short while ago, searching for a solution to be able to fluent edit my videos from various occasions. So far it was a bit of a problem since the video editing software had trouble to decode it fast enough (we speak about 1920×1080 AVC video), and so it was a pain to just cut them into pieces. But with DNxHD its piece a cake, the only downside is the fact it need a lot of space (8 min equals ~11 gb when the video is 1920×1080) but the positive aspect is that its visually lossless. Before I used H264 lossless mode, but yea, same problems as with the AVC files from the cam itself, through a bit better since its not in M2TS format anymore. I really wish they would finally add VDAPU (nvidia) and its AMD counterpart to the known video editors. Anyway, to convert a source m2ts to our DNxHD mov (yes, Quicktime, otherwise it won’t work) just do the following on a console after navigating into your video folder:

avconv -i 20120526130908.m2ts -vcodec dnxhd -b 185M -s 1920x1080 -aspect 16:9 -deinterlace -r 25 -acodec pcm_s16be -v verbose -y Shiroku_live_1080_dnxhd.mov

Here I convert the live performance of Shiroku that I captured on the  Dokomi this year into DNxHD for editing. The file also needs deinterlacing and decimate since its taken in 50i. If you capture in 60i (NTSC) you want to change the “-r 25″ to “-r 30″. Also you can change here already the resolution if you plan to use a lower res later or your camera actually takes a lower res. To do so change the “-s HxW” parameter, for example for 720p go for “-s 1280×720″. When you change the picture size you also can change the video bit rate. I found a useful table at this page. Currently ffmpeg just support 8 bit DNxHD, and through that our video editing software also only support 8 bit since practically all software on Linux use ffmpeg for de/en-coding in the end. If you system don’t have “avconv” just replace it with “ffmpeg”. I migrate from the ffmpeg to the avconv command since with ffmpeg-0.8 the “ffmpeg” command is marked as legacy. Also I found it quite useful to export from my video editing software to DNxHD, and encode the material with Handbrake. The DNxHD export works way faster than the usual H264 export, and Handbrake tends to encode the H264 more efficient then the video editing software does. If you still look for software to edit with, here is a list of software I use(d):

And if you have suggestions for more video editing software, just post a comment. I’m always open to try something new.

flattr this!

How to fix the blue colorization of videos in Flash 11 on Linux

Posted on by
Reply

I had this annoying color bug that showed everything with a blue dust over it, like on YouTube. To fix call a page with Flash and then do a right-click, go to settings. There select the first tab and deactivate the hardware accerlaction. Then load a page with a flash video player, and enjoy watching flash video again. This works only for the Flash from Adobe.

flattr this!

pam_geoip – Restrict accounts to certain Cities/Countrys only

Posted on by
Reply

A friend did ask me, if its possible to block access to his SSH server by blocking via GeoIP which he is already successful using on his webserver to lower the amount of spam he gets (at the cost of potential visitors, but thats his choice after all, right ?). So I dugg a bit in the net, and came across the module pam_geoip.so which allows me based on Maxmind’s GeoIP City Database to block access to services using PAM for authentification. What I show here is a example how to install it and block certain countries using GeoIP City DB lite (aka Maxmind’s free database) from accessing our SSH accounts. This works on a Ubuntu/Debian Linux, for other Distributions/OSes please check if the libary packages named similar. I expect you to have the basic development tools installed already. So let’s start:

sudo apt-get install libgeoip-dev libpam0g-dev
wget http://ankh-morp.org/code/pam_geoip/pam_geoip-0.9.tar.gz
tar xzvf pam_geoip-0.9.tar.gz
cd pam_geoip-0.9
make
sudo -i
cp pam_geoip.so /lib/security/
chown root:root /lib/security/pam_geoip.so && chmod 644 /lib/security/pam_geoip.so
cp geoip.conf /etc/security
chown root:root /etc/security/geoip.conf && chmod 644 /etc/security/geoip.conf
cd /etc/security
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
chmod 644 /etc/security/GeoLiteCity.dat

When that is done, fire up nano and set the geoip.conf to something similar as this:

#
# /etc/security/geoip.conf - config for pam_geoip.so
#

#<domain>   <service>  <action>  <location>  
*           sshd       deny      CN
*           *          ignore    UNKNOWN

When you’ve done this, fire up nano again to edit this time /etc/pam.d/sshd and add this:

account required pam_geoip.so geoip_db=/etc/security/GeoLiteCity.dat system_file=/etc/security/geoip.conf action=allow

With all this we set the pam_geoip module to default allow, and block all access attempts from Chinese IP’s. Don’t forget to restart the sshd and logout, as we don’t wanna be root longer then needed. You can use way more complex configurations like allowing access to a certain account only in a specific place or within a radius around this place. But for that I would really suggest to buy the premium version of the GeoIP City Database for the higher accuracy. For country-blocking the free should be fine for most of us through. For more complex usage check out the modules website at http://ankh-morp.org/code/pam_geoip/geoip.conf.html. And also checkout the included manpages/config samples. Thanks for help with the installation and the sample to block Chinese IP’s goes to guruway’s blog.

flattr this!

Make amavis-new speak German with you

Posted on by
Reply

By concidence I came across a translation of the amavis-new templates for it’s messages in German and a guide how to set those translations up. The translated templates you can download from http://fblan.de/postfix/amavis/de_DE/. The install instruction works on Debian/Ubuntu, on other OSes please check where the entry in the config lies. And here is how to install them (requires root):

sudo -i
mkdir /etc/amavis/de_DE
cd /etc/amavis/de_DE
wget http://fblan.de/postfix/amavis/de_DE/charset
wget http://fblan.de/postfix/amavis/de_DE/template-dsn.txt
wget http://fblan.de/postfix/amavis/de_DE/template-spam-admin.txt
wget http://fblan.de/postfix/amavis/de_DE/template-spam-sender.txt
wget http://fblan.de/postfix/amavis/de_DE/template-virus-admin.txt
wget http://fblan.de/postfix/amavis/de_DE/template-virus-recipient.txt
wget http://fblan.de/postfix/amavis/de_DE/template-virus-sender.txt

Once you took care of that, we need to edit the file /etc/amavis/conf.d/30-template_localization. Comment out the old line “read_l10n_templates(‘en_US’, ‘/etc/amavis’);” and place a new line with “read_l10n_templates(‘de_DE’, ‘/etc/amavis’);” below. After a restart amavis now sends out his reports in German instead of English. And do not forget to do a logout after the amavis restart, we don’t wanna act as root longer then necessary! ;-)

The guide is from o-o-s.de and the translation from fblan.de, thanks to both!

And should the fblan.de webpage down for some reason, I have a local copy for download here.

flattr this!

500 OOPS: vsftpd: refusing to run with writable root inside chroot() with vsftpd 2.3.5+

Posted on by
1

If you encounter this errormessage after a recent update or fresh install with vsftpd 2.3.5 or newer, here is whats happend:

As of vsftpd 2.3.5, the chroot directory that users are locked to must not be writable. This is in order to prevent a security vulnerabilty.

Depending on the configuration you utilize this can be a problem. If so I suggest for the moment to downgrade to 2.3.4 (I’m aware not the best solution!), or change your setup. People with ArchLinux have another solution to this, they can install vsftpd-ext via AUR and then set in the config allow_writable_root=YES. If someone has the patch agains the source for this, I would love to get a copy.

Downloadlinks for 2.3.4

https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz

https://security.appspot.com/downloads/vsftpd-2.3.4.tar.gz.asc

As soon I find a better solution to this problem, I will write again.

flattr this!

Mounting an iOS 5.0.1 device on Ubuntu – how to fix it

Posted on by
Reply

After you upgraded your iOS device to 5.0.1 you probably get an error like “Unhandled Lockdown Error (-15)”. The problem is the shipped libimobiledevice which don’t like iOS 5 devices. To fix it do the following:

  • In a terminal type: “sudo apt-get install ifuse libimobiledevice-utils” (without the ” :)
  • Unlock iDevice from device’s lock screen (only needed the first time), plug it in
  • In the terminal type: “idevicepair unpair && idevicepair pair”
  • Unplug the iDevice
  • Make sure the lock screen is still unlocked
  • Plug it back in

After that it works fine, even with a locked iDevice (iPhone in my case). Most information for this article came from an article over at askubuntu.com.

flattr this!

A bunch of tips for improving your postfix setup

Posted on by
Reply

Laptop with a opened envelope on the screen that has written eMail on it.Today I learned a few things on postfix and how to set it up cleaner. So I want to share this insights with you, especially the part how to clean up the mail header since it helps a lot and improves your privacy quite a bit. So let’s get started, shouldn’t we ? Lets start by adding a limitation on the SASL authenticated clients which address they can to send out mail. This gets archived by setting up “smtpd_sender_login_maps =” and adding “reject_authenticated_sender_login_missmatch” to smtpd_recipient_restrictions, so he check the map we setup in smtpd_sender_login_maps and if the SASL authenticated client fails rejects the mail. The map is looking like this:

# envelope sender           owners (SASL login names)
john@example.com            john@example.com
helpdesk@example.com        john@example.com, mary@example.com
postmaster                  admin@example.com
@example.net                fred, barney, john@example.com

So, setup the list with the addressed and allowed owners. Then convert it to a hashmap with postmap, and setup postfix.

$: postmap hash:/etc/postfix/addressowner_map
$: postconf -e \ 
'smtpd_sender_login_maps = hash:/etc/postfix/addressowner_map'
$: postconf -e \
'smtpd_recipient_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unauth_destination'

Don’t forget to make smtpd_recipient_restrictions fitting your setup! After that restart postfix, try first to send out using the usual sender address. It should work fine, but when you set up a sender address you don’t own he should reject it. More information on this mechanism you can find in the Postfix SASL How to.

I was looking a while now for a way to remove my IP from outgoing mails, so my server is the start point of the delivery path. This is to hide my IP, also internal IPs and it solves problems with anti-spam mechanism like SPF. postfix (or any other SMTP server) receives mail from other mail servers (“incoming”), and mails by users (“outgoing”). As we don’t want to strip any headers from incoming mail, we first have to force all users to authenticate (which is a good thing anyway), and make Postfix add another header to authenticated (“outgoing”) mails. Then, we can match this header and strip both the Received line containing internal host names and IPs, and the authenticated header. So edit the config like this:

$: postconf -e 'smtpd_sasl_authenticated_header = yes'
$: postconf -e 'header_checks = regexp:/etc/postfix/header_checks'

Then create the file “header_checks” and add the following line, while editing “yourdomain\.com” to match your mail servers domain.

/^Received: .*\(Authenticated sender:.*/ IGNORE
/^Received: by yourdomain\.com .*from userid [0-9]+\)/ IGNORE

Restart postfix. This takes care of our problem. Send out a mail and compare the resulting header with an older, its much cleaner. Thanks goes to Moblog, who explained it nice and from where I took some parts. So this enables us, cause we have a clean header, to add a SPF record to our domain. To archive this, just create a TXT record with the content “v=spf1 a mx -all”. Simple but working good. For more information on SPF, check Wikipedia, since OpenSPF.org is at least for me always down.

That’s it for today, hope it was inspiring for you.

flattr this!