screenshot of terminal showing output of getfacl command on a file

Set group permissions for whole subdirectory with ACLs

Sometimes you want to preserve file permissions under subdirectories in linux with ACLs but that’s not the whole story. If you want multiple users to be able to read and write to these files, and the group permissions to stay correct, you need to set ACLs and also group +s on the subdirectories. This is to ensure new files and directories are also created with the correct permissions and group ownership.

I wrote a small script that takes a group and a directory as parameters, and recursively fixes the permissions and set new ACL and group permissions so in future, new files will have the correct permissions.

I put set-acl-permissions on github.

It blindly recursively sets permissions so be careful. Also, it may well contain bugs that could cause catastrophic failures.

photo of a Geiger counter measuring the radioactivity of a mug

My uranium mug is not radioactive

A while ago I broke my favourite mug. After a long and difficult search I found a new mug. A mug with the periodic table of elements entry for uranium on it. It also glows in the dark. Gav from the hacker space has a Geiger counter so I took the opportunity to measure the radioactivity of my mug. Luckily it’s not radioactive at all. Only 0.106μSv/h (micro Sieverts per hour).

Pull a backup from a remote host with ssh and tar

Sometimes you might need to copy a whole directory from a remote host, but the remote host does not have enough space to tar the whole thing up and then sftp it off. The solution is to tar/bzip the directory and stream it directly to your local host:

ssh root@remotehost 'tar cjf - /path/to/somedirectory' | pv -cN tar  > somedirectory.tar.bz2

Using pv (pipe viewer) gives you extra progress bar goodness:

tar:  176MB 0:09:14 [ 371kB/s] [                             <=>    ] 
photo of the HP MediaSmart Remote and USB receiver

HP MediaSmart IR Remote for MythTV

I’ve been on a quest to find a good remote for MythTV. My first try was with a Logitech Harmony. Those things are nasty horrible pieces of crap. I’d never touch one again. Programming it is a nightmare. It does not have a generic PVR option so you have to fake it to make it work with Mythtv by telling it its another device and learning those codes in LIRC. It is a very slow device with what felt like a 500ms delay with each keypress. It also tried to know what state your equipment was in so that it could turn things on and off, but of course it would always be out of sync and then you’d have to go through this process of turning things on and off until it was in sync again.

Enter the HP MediaSmart IR remote, also known as HP RC2285202/01. These devices used come with a media player box that HP used to sell. As far as I can tell, its not in production anymore but the remotes are readily available on Ebay.

Features:

  1. Dedicated IR codes for the PVR. On previous universal remotes I have used, I was unable to find a “code” setting that would make all the buttons active, that I could then learn in LIRC.
  2. Back-lit keys. All the keys seem to be backlit. Some universal remotes either only backlight a few keys or have no  backlight at all.
  3. Cheap. A$23 with USB receiver, delivered.
  4. Universal remote. Can control 5 devices including your PVR.
  5. Punch Through. Some buttons like volume and mute can punch through from the TV or Amp, to the PVR device. IE. you can make it turn the volume up on the amp when you press the volume button when in PVR or TV modes.
  6. Takes standard AA batteries.

There are a few downsides too:

  1. Difficult to get going (solved now that you have found this blog post)
  2. Punch through does not work on all buttons.  Namely Power and Source. This is annoying but solvable with a pulse-eight CEC adapter

I spent many hours trying to work out why it would not work on my system. In the end it came down to two things.

For some reason LIRC does not work correctly with MCEUSB receivers that are plugged into USB3 sockets.

You need to tell the kernel to treat the receiver as lirc rather than anything else, in order for LIRC to be able to connect to it:

$ sudo sh -c "echo lirc > /sys/class/rc/rc6/protocols"
$ sudo cat /sys/class/rc/rc6/protocols
rc-5 nec rc-6 jvc sony mce_kbd [lirc]

The word [lirc] surrounded with square brackets tells you it worked.

I implemented this at boot time by adding

/etc/rc-scripts/start-lirc

to /etc/rc.local and then in /etc/rc-scripts/start-lirc

#!/bin/bash
echo "Making lirc the default for rc"
echo lirc > /sys/class/rc/rc0/protocols
echo "Starting lircd"
/etc/init.d/lirc start

Remove lirc from the normal startup process:

$ sudo update-rc.d lirc remove

Test your configuration (retrieve HP-RC2285301-01.conf below):

$ sudo /usr/sbin/lircd -n -d /dev/lirc0 -P ./lirc.pid  HP-RC2285201-01.conf
$ irw

And when you press the keys on your remote, you should see some output from irw.

Tips on installing FreeSWITCH and FusionPBX in debian

I’ve been testing out FreeSWITCH and FusionPBX. I found it non trivial to install in debian. Here are my tips for installing.

  1. Don’t bother with the install script. I found it to be broken. And when it breaks during install, it leaves you in a state that’s very hard to understand and fix. In the end it was easier to install FreeSWITCH by hand, get that working, to the extend that you can make inter extension calls, then proceed with the FusionPBX install.
  2.  Install FreeSWITCH by following the Quick Install Guide.
  3. Commit the entire FreeSWITCH configuration to git so its easy to roll back when you reinstall FusionPBX. Switch to a new branch before making further changes.
    cd /usr/local/freeswitch
          git init
          echo 'db/*' >> .gitignore
          echo 'log/*' >> .gitignore
          echo '.svn*' >> .gitignore
          git add -A
          git commit -m "Initial Commit"
          git checkout -b try1
        
  4. Get the latest version of FusionPBX from svn.
    cd /usr/src
             svn checkout http://fusionpbx.googlecode.com/svn/trunk/ fusionpbx
             cd fusionpbx
             cp -a fusionpbx /var/www/fusionpbx
        
  5. Create a fusionpbx site for apache and enable it. Note that this makes fusionpbx appear at the root of your site. Create fille called fusionpbx in your /etc/apache2/sites-available directory and put the following in it:
          <VirtualHost *:80>
            ServerAdmin webmaster@localhost
            ServerName freepbx.example.com
            DocumentRoot /var/www/fusionpbx
            <Directory />
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
            <Directory /var/www/fusionpbx/>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride None
                    Order allow,deny
                    allow from all
            </Directory>
    
            ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
            <Directory "/usr/lib/cgi-bin">
                    AllowOverride None
                    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                    Order allow,deny
                    Allow from all
            </Directory>
    
            ErrorLog /var/log/apache2/error.log
    
            # Possible values include: debug, info, notice, warn, error, crit,
            # alert, emerg.
            LogLevel debug
    
            CustomLog /var/log/apache2/access.log combined
    
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    
    </VirtualHost>
    

    Then enable the site with a2ensite fusionpbx/

  6. after installing FusionPBX, commit the entire configuration to git to make rolling back easier. Switch to a new branch before making further changes.
  7. set up a FQDN for the box running FreeSWITCH and FusionPBX
  8. use ACL to allow www-data to make changes to the /usr/share/asterisk directory

And after you install and you realise it didn’t quite go as planned

  1. Reset the postgresql database:
    root@fusionpbx: # su - postgres
    postgres@fusionpbx:~$ psql
    postgres=# drop database fusionpbx;
    postgres=# create database fusionpbx;
    postgres=# alter user fusionpbx with password 'XXXX';
    grant ALL PRIVILEGES ON DATABASE fusionpbx to fusionpbx;
        
  2. revert your FreeSWITCH configuration using git
  3. revert your FusionPBX configuration using git




Proxy Dashing Dashboard behind Apache with SSL

I needed to allow access to my Dashing dashboard over ssl from the Internet.  I decided to proxy it behind Apache and get Apache to do all the SSL heavy lifting, mainly because I couldn’t work out if and how you could enable SSL within Dashing itself.

It turned out to be quite simple to implement. I simply created a vhost configuration for my dashboard and enabled it in Apache.

Create a file  called dashboard in /etc/apache2/sites-available/ with the following content:

<VirtualHost *:80>
 ServerName dashboard.example.com
 Redirect permanent / https://dashboard.example.com/
</VirtualHost>

NameVirtualHost *:443
<VirtualHost _default_:443>
 SSLEngine On
 SSLCertificateFile /etc/ssl/CAcert.cert.pem
 SSLCertificateKeyFile /etc/ssl/private/key.pem
 ServerAdmin webmaster@localhost
 ServerName dashboard.example.com
 ErrorLog "/var/log/apache2/dashboard-error_log"
 CustomLog "/var/log/apache2/dashboard-access_log" common
 <Proxy *>
   Order allow,deny
   Allow from all
 </Proxy>
 ProxyPass / http://mylocalserver.example.com:3030/
 ProxyPassReverse / http://mylocalserver.example.com:3030/
</VirtualHost>

Ensure the proxy modules are enabled:

$ sudo a2enmod proxy
Enabling module proxy.
To activate the new configuration, you need to run:
service apache2 restart
$ sudo a2enmod proxy_http
Enabling module proxy_http.
To activate the new configuration, you need to run:
service apache2 restart
$

Enable the new dashboard site:

$ sudo a2ensite dashboard

Check your configuration is working before restarting apache:

$ sudo apachectl configtest
Syntax OK
$ sudo service apache2 restart
[ ok ] Restarting web server: apache2 ... waiting .
$

Don’t forget to delegate your dashboard.example.com hostname to resolve to your apache server’s IP address.

Now visit http://dashboard.example.com/name_of_your_dashboard. Your browser should automatically get redirected to https://dashboard.example.com/name_of_your_dashboard and you should see your dashboard.

broken and replacement parts for towel rail bracket

3D Printed Heated Towelrail Brackets

Our heated towel rail’s brackets broke from old ages recently. After investigating getting a new towel rail and finding out they were quite expensive, I decided to try and design and 3D print new brackets for it.

The first cut of the design turned out to have too little space for the nuts. A second draft with a little more space and it worked perfectly.

The top left of the above image shows the broken parts and the bottom center shows 2 of the 3d printed replacement parts.
3D Printed bracket holding the heated towelrail

Preserve file permissions 664 under subdirectories in linux with ACLs

Have you ever wanted to give several users permission to work on files within a directory, but then struggled with what permissions and user:group ownership to set them to so users can always edit the files?

You might think the solution is to make the parent directory owned by a common group, lets say dev, and then try and make the permissions flow through to the files within. This doesn’t work though, and new files will still be created with the user’s umask, typically 644, which is no good as it results in the other users not being able to edit the file.

The solution lies in ACLs (Access Control Lists). Thanks to Pelle at Stackoverflow for making such a concise set of steps to set this up. Blatantly copied here:

First add the acl option to the mounted partition where the directory is you want to apply this to. Add the acl option to the mount point in /etc/fstab:

/dev/xvda1      /               ext3    errors=remount-ro,acl 0       1

Then remount the filesystem to enable it:

# mount -oremount /

Then set the permissions using the setfacl command:

# setfacl -dm u::rwx,g::rwx,o::r /shared/directory

Test by creating a new file in /shared/directory:

/shared/directory$ touch test
/shared/directory$ ls -al test
-rw-rw-r-- 1 jason dev 0 Feb 20 12:37 test

Marvel in the wonders of modern filesystems.

FreeCAD

screenshot of FreeCAD showing a cylinder intersecting a cube and the Boolean operation window visible

Cylinder intersecting a cube

Hack A Day has a great article introducing FreeCAD.

FreeCAD is a parametric 3D modeler. Parametric modeling allows you to easily modify your design by going back into your model history and changing its parameters. FreeCAD is open source (LGPL license) and completely modular, allowing for very advanced extension and customization.

There are several great things about this.

  1. It’s free as in beer
  2. It’s free as in libre
  3. It’s available for Windows, Linux and Mac OS X
  4. It’s scriptable in python
  5. you can draw things using constructive solid geometry (CSG)
  6. you can create objects by extruding 2D drawings similarly to Solidworks

If this article is of interest to you, see my other list of OpenSCAD alternatives, and my other posts about free CAD packages.