Part of my job nowadays is regular Linux consulting for various clients. As part of this, I end up having to reconfigure my network quite a lot, and often by hand. Two examples:

I am setting up some services on a closed server network. I am connected to this using regular, wired Ethernet. This network does not have access to the internet, so I also have access to a WLAN which does. However, I need access to both internal and external DNS zones, so I need to use two different set of servers, depending on the domain name. I also currently set up some static routes to get to the internal DNS and have to chattr +i /etc/resolv.conf in order for the DHCP client not to overwrite my manually configured DNS.

Another example: I am troubleshooting Varnish, deep in a company’s intranet. To get access to this, I first have to use a VPN client, then ssh with an RSA token as well as password. From there on, I use tsocks to connect to an intermediate host before using tsocks again to get to the actual Varnish boxes.

Currently, I set up all of this infrastructure by hand, which doesn’t really work so well when I switch between clients and go home and use the same laptop there. Does any network configuration tools help me with complex setups such as the ones above? I realise they are not exactly run-of-the-mill setups used by most users, but for me they are two fairly common examples of setups I need.

(when your wife/SO is not around)

• Finally get around to play with the PowerPC you have had standing besides your desk for about a month.
• Discover that it still doesn’t boot, since it can’t find its hard drive. Also discover that it doesn’t want to talk to your USB keyboard.
• After a while, think of removing and replugging the SAS connectors, which fixes the boot problem. The machine now runs YDL.
• Decide you want to install Debian instead of YDL, but also wonder how to do that safely since you still can’t talk to Open Firmware.
• Search for the RJ45-to-serial adapter you got with the box. Discover you probably wired it wrongly the first time around. Break it when you try to rewire it.
• Find that spare DB9 connector you had lying about, find soldering iron and fix up the connector.
• Become very, very confused, since you get perfect output, but input still doesn’t work. Discover you managed to solder all the connections mirrored. It worked with effectively just one wire, not even shared ground. Resolder.
• Download Debian ISO, burn it on a DVD. Get annoyed at the machine for failing to boot from the DVD.
• Set up netboot, boot from network.
• Discover d-i doesn’t install a kernel, nor a bootloader, do that by hand.
• Oops, bootloader didn’t work. Iterate a couple of times of running mkofboot until it suddenly feels like booting from the hard drive.

Hurrah! And it only took like six or seven hours.

Notes for later: This is an YDL Powerstation, the magic mkofboot invocation is mkofboot -b /dev/sda1 --filesystem raw; the raw bit is needed for IBM hardware. The firmware also cares about whether the partition is marked as bootable or not, so make sure to mark it as such.

A little while ago, I discovered Emacs has D-Bus support now. I wanted to play around with it, and I discovered Alban’s collaborative editing page. It seems like Emacs’s D-Bus documentation is somewhat lacking, though CVS has some more docs.

Alban’s work seems to need a well-known name, something Emacs can’t yet do, so I’ll probably add a method to text-remote-control where any app can register and say “Hi, I support your interface” as I think this makes more sense. I don’t have any code that does anything useful yet, but once text-remote-control is fixed, I don’t think that’s very hard.

I finally got around to releasing eweouz 0.2 tonight. It is still a bridge between emacs and Evolution Data Server, now with both gnus and wanderlust support.

Changes include:

• Actually works now, sans stupid typo
• A bit more documentation
• Now handles non-ASCII names, thanks to setlocale.
• Be a bit more paranoid and fail if opening addressbooks and such fails.

eweouz now also has a mailing list and a git and gitweb repositories.

I just released the first version of eweouz, the interface between emacs and evolution-data-server. Sources are available, no packages yet. It is now possible to both add contacts from within gnus and search for contacts.

Patches and feedback is of course welcome.

Today, I submitted my two first patches to the kernel. One is fairly trivial (remove a USB ID from the pl2303 driver), the other is a fixup of a patch from some other guy, which adds support for DTR, RTS and CTS to the ch341 driver. Yay, hopefully they’ll get accepted.

The reason for this journey into kernel land is I got a TEMPer USB thermometer in the mail yesterday. After a fair bit of digging around, I found some source code to drive it from C# and Windows. I wanted to poke at it from Linux and C.

After more poking, I found it’s an I2C device connected to the USB serial adapter, where you talk to it by twiddling DTR, RTS and CTS. The C# code was fairly easy to port, so now I can get temperature readings from the command line. The code is a quick hack, but I guess it might be interesting to some people. Oh, and the calibration seems entirely off (but it was off in Windows too), so feedback on whether it’s more accurate for other people would be appreciated.

Some years ago, when I hacked on a TDB backend for Evolution Data Server (EDS), I also wrote something about writing some command line tools for accessing my contacts and so on. I’ve finally gotten my act together and wrote the necessary glue to have addres completion between Gnus and EDS. It’s nowhere as feature-complete as BBDB is, but it allows you to complete addresses, at least. Get it from git (gitweb). I’ll hopefully expand it a little bit and cut a release fairly soon.

Various people have been posting about what to do when the zombies attack.

You are in a mall when zombies attack. You have:
1. One weapon
2. One song blasting on the speakers
3. One famous person to fight along side you.

1. Katana. Doesn’t run out of ammo and should slice up those zombies quite nicely.
2. One of the songs from the soundtrack of “The Rock”. I can’t remember which right now, since it seems to have disappeared from my music collection.
3. Given I’m facing undeads, somebody holy. I suppose Jesus might work well.

(This post is mostly as a reminder to myself on how I’ve set up my backup system. It should probably go on a wiki instead so I can keep it up to date.) After the recent OpenSSL debacle in Debian and Ubuntu, I found that all my backups were encrypted with something amounting to a well-known secret key. Ouch. I was not entirely happy with how my old backup system worked either (it was based on boxbackup). In particular, the on-disk format was opaque, the tools needed to access it were not particularly user-friendly and I had to run Yet Another CA for managing the keys for it.

After looking around a little, I settled on rdup which is a tool very much written in the unix tradition of “do one thing and do it well”. As it reads on the home page:

The only backup program that doesn't make backups!

(which is almost true).

It keeps a list of information about which files have been backed up locally on the machine to be backed up, including some meta-information such as file size and permissions, so it can take a new backup if any of those changes. For more details, read the web page and the source.

rdup is more of a framework for making your own backup system than a complete system in its own right, so this post is really about how I have customised it.

First, I want my backups to be encrypted, and rdup supports encryption (both GPG and mcrypt). I’m lazy, so I settled on what rdup-simple gives me, which is mcrypt. Key generation is easy enough: head -c 56 /dev/random > /root/backup-$(hostname).crypt.key and then a chmod 600 to avoid it being world-readable.

In /root/.ssh/config, I put

Host backup-$hostname
Hostname $backupserver.err.no
User backup-$hostname
IdentityFile /root/.ssh/id_rsa_rdup
ProxyCommand pv -L 40k -q | nc %h %p

so as to make it fairly easy to move stuff around and to make it pick up the right identity. The last bit is a trick to rate limit it so it doesn’t saturate my DSL. pv has a wonderful -R switch which lets me change the arguments to an already-running pv, if I want to do that. ssh-keygen -t rsa -f /root/.ssh/id_rsa_rdup to generate an ssh key. It got put into /home/backup-$hostname/.ssh/authorized_keys on the backup server, so the line reads like:

command="/usr/local/bin/rdup-ssh-wrapper",no-pty,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3N

The /usr/local/bin/rdup-ssh-wrapper is a small perl wrapper which only allows the rdup commands and sanitises the command line somewhat. Since I don’t want to make a backup of all bits on my machines, I have an exclude file, which lives in /root/rdup-exclude. It is just a list of regexes of files to ignore.

To actually make a backup, I run something like for p in /etc /home /var; do rdup-simple -v -a -z -E /root/rdup-exclude -k /root/backup-$(hostname).crypt.key $p ssh://backup-$(hostname)/srv/backup/$(hostname)/$p ; done which then goes on for a while. It gives me nice structures with hard-linked files to avoid using more disk space than needed. I can then just have a small find(1) script prunes old backups as I don’t need them.

15:58 [Canonical] -!- Irssi: Disconnecting from server irc.canonical.com: [kthxbye!]
15:58 [Canonical] -!- Irssi: Connection lost to irc.canonical.com

From tomorrow on, I’m working full-time for Linpro, a Norwegian Linux consulting company.