Feb
08
2011

Enabling HDA Intel ALC889 Digital on Ubuntu 10.04/10.10

The digital output on my Gigabyte GA-EP45-UD3P was not working and I wanted to validate it against my usb output for sound. This is what I had to do to get it working nicely:

Install ALSA Backports, obviously choose the right distribution:

sudo apt-get install linux-backports-modules-alsa-<LUCID/MAVERICK>-generic

Open this file to add a line:

sudo nano /etc/modprobe.d/alsa-base.conf

Insert this line at the bottom said file:

# Added to enable ALC889 Digital Interface
options snd-hda-intel model=6stack-dig

Save the file, reboot your machine (easier to do this then try to reload the module), now check your levels in alsamixer to make sure that nothing is muted.

Listen to something awesome.

Posted in Audio/Video/Graphics | No Comments »

Feb
08
2011

Configuring MPD for Bit Perfect Playback with an external DAC

Bit Perfect sound is sending the exact bits from a sound file typically to an external Digital Analogue Converter (DAC) without re-sampling. Both Windows and Linux by default send all audio through a general re-sampler. On Windows XP the sampler is known as KMixer(1) and in Linux with ALSA it is known as Dmix(2). In Windows XP you can use WASAPI, Kernel Streaming or ASIO. In ALSA you can configure Dmix to handle all kinds of settings by configuring ‘plugs’ that are set up to support a particular sampling rate.

A greatly preferred method of playing audio is to set up an MPD server for the following reasons:

  • Low system resources (Can run on a wall plug computer(3))
  • Headless installation (Can be controlled via a tablet or phone through the network)
  • Handles incredibly large databases of music (4.3 TiB and counting in my setup)
  • Highly Configurable (as we read below)

Read the rest of this entry »

Posted in Audio/Video/Graphics | 7 Comments »

Jan
23
2011

Enable SSL on Apache2

Recently had to set up SSL for a Redmine install. Wanted to put my notes in here for enabling SSL for Apache2

Read the rest of this entry »

Posted in Server Administration, Web Development | 1 Comment »

Dec
03
2010

A Clean Bash prompt

I have been working with some large file sets recently that number in the tens of thousands of files and nautilus just doesn’t enjoy looking through them. One of the things that has always bothered me was the prompt wrap I get when I navigate into deeper directories. Typically the first thing I do when getting onto a new environment is set my defaults for the size that the terminal launches… however this is still a kludge solution. Read the rest of this entry »

Posted in Server Administration | No Comments »

May
08
2010

KVM with Bridged Networking on Ubuntu (10.04 LTS) (With UFW, Netfilter, Bridge-Utils, Virt-Manager)

One of the big reasons I moved to the new Ubuntu LTS for my main server was to get the new packages for KVM. To my disappointment, the versions that ship with 10.04 are slightly antiquated, especially with the amount of changes that are happening in the KVM development society. I found this PPA maintained by Daniel Baumann had everything that I needed. He keep is quite up to date and resolves build problems quickly. I don’t recommend you to use this PPA for production systems, I use it for my personal system and try to give any support to Daniel that I can because it really helps me out that he is packaging/maintaining this for the bleeding edge KVM packages.

KVM is a really great piece of virtualization software that is up and coming in the linux world, in the last several months the graphical (newbie) tools have become very simple to use. These tools still lag behind other solutions for virtualization such as VirtualBox or Vmware products, however KVMs performance and developmental activity make it a likely candidate for people setting up virtualization servers for personal and enterprise use.

Before we begin let me explain my set-up. I have a server that will be running the qemu-kvm software with libvirt that I will administer from my laptop running virt-manager. You can use KVM and Virt-Manager all while on the same machine without issue, but this guide is written for my particular configuration. I assume before beginning that you are running a pretty vanilla machine and will not have any strange configurations that would conflict with a standard Ubuntu 10.04 install. Read the rest of this entry »

Posted in Server Administration, Virtualization | 12 Comments »

Nov
01
2009

Ubuntu, Webmin and Samba for Windows and linux clients

Samba can be one of those things that causes a ton of headaches. It always feels like a huge slowdown when I get to the Samba portion of my media server install. This time I decided to check out using Webmin for my samba configuration and I was pleasantly surprised with how easy it made some of the configurations.

I will hit on the major things to be noted here, firstly the idea of separate samba and system users. You can set up synchronization between these so that when a user is created it gets added to the smbpasswd file also. I created my system users earlier and converted them to samba users, so the synchronization didn’t do me any good for my original user set. New users will be created in the smbpasswd file correctly. In any case, the current users I had did not have the password hash information in the smbpasswd file. An example looks like this: Read the rest of this entry »

Posted in Server Administration, Uncategorized | No Comments »

Oct
28
2009

Fuzz Testing for Reliability

In a course on writing secure software here at University we looked into the practice of fuzz testing. That is, generating arbitrary information to be used as inputs for software. Apparently this is a very high cost:benifit practice in secure software development and testing.

Around 1990 the National Science Foundation provided grants for research regarding operating systems reliability testing, one culmination of efforts was presented in a paper written by Barton P. Miller, Lars Fredriksen and Brian So; (Paper). In this work the claim was made that many of the assumed reliable operating system utilities could be broken using the basic technique of fuzzing:

Operating system facilities, such as the kernel and utility programs, are typically assumed to be reliable. In our recent experiments, we have been able to crash 25-33% of the utility programs on any version of UNIX that was tested. This report describes these tests and an analysis of the program bugs that caused the crashes.

For our purposes we created a quick program in C, and used a simple bash scripting test bench to perform many iterations of each test:

fuzz — Source for the fuzzer, used by the following script. Very limited functionality, by no means is this a product for use in any setting other than academic investigation.

Read the rest of this entry »

Posted in Security | No Comments »

Oct
21
2009

Fitting and AOC-USAS-L8i in a PCIe slot (UIO to PCIe)

One of the recent server upgrades called for the purchase of raid controller cards. I use software raid in Linux for its versatility and the L8i controllers can perform in hba (Host Bus Adapter) mode. These cards ship with Supermicro’s IT mode firmware which essentially lets all of the drives show up independently in linux.

Before I could see all that, I needed to get these cards into my case. Don’t be too upset when you first try to slide this card into your case and mobo (I have a Norco 4220 and Gigabyte EP45-UD3P) they will not fit at all. It appears as if the bracket is off on the Y axis by about a quarter inch, this is because these cards are UIO form factor.

Establishing my frame of reference

Establishing my frame of reference

This can easily be resolved with some longer screws and nylon spacers. Be sure to use the original brackets as buying new brackets was really hard to figure out (If anyone knows the exact bracket for this then please let me know).

Using quarter inch nylon spacers for number ten machine screws (need to verify)

Using quarter inch nylon spacers for number ten machine screws (need to verify)

We used two spacers on each of the ‘posts’, it appeared that this resolved the issue as we got a good solid fit for both of the cards.

Posted in RAID | 13 Comments »

Oct
19
2009

Power Monitoring with APCUPSD, Email using SSMTP and Google Apps

Recently I performed a large upgrade to my raid file-server, the information being stored is much more critical at this point in time and I have chosen to step up the game in four ways:

  1. Move from on-board Intel controller to dual LSI L8i 8channel hba controllers
  2. Move from raid5 to raid6
  3. Install an APC UPS and monitor it with apcupsd
  4. System monitoring with email alerts via mdadm and Google SMTP

(Sorry for re-iteration if you are following the feed, trying to establish context)

The apcupsd tool lets you connect to your UPS and control when the machine shuts itself down during a scenario where you loose power. Another really nice thing this will do is allow you to send yourself an email through whatever MTA you set up.

The difficult part of getting email setup is configuring a MTA (Mail Transfer Agent). I searched for quite a while on how to get this setup. My initial impression was that I would have to host my own via postfix or some other alternative. I was happy to find that I could use a much more lightweight solution with ssmtp and an email I created from my google apps account.

Install ssmtp

sudo apt-get install ssmtp

Configure ssmtp via its config file /etc/ssmtp/ssmtp.conf

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=serveremailaddress@yourgoogleappsdomain.tld

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=servername.yourgoogleappsdomain.tld

# Are users allowed to set their own From: address?
# YES – Allow the user to specify their own From: address
# NO – Use the system generated From: address
#FromLineOverride=YES

UseSTARTTLS=YES
UseTLS=YES
AuthUser=serveremailaddress@yourgoogleappsdomain.tld
AuthPass=password

Now for a test of ssmtp, create a test file with some text in it. My test file was called ‘test’:

ssmtp youremail@yourgoogleappsdomain.tld < test

For apcupsd we need to modify two files to set our email address up for alerts. They are both located in the /etc/apcupsd directory and are called ‘onbattery’ and ‘offbattery’. I would suggest to leave these as they are because if you set up ssmtp like I have, when an email comes in for root it will be sent on to the ssmtp root address.

Now unplug your UPS and wait for the emails to come!

Posted in Server Administration | No Comments »

Oct
19
2009

RAID Monitoring with MDADM, Email using SSMTP and Google Apps

Recently I performed a large upgrade to my raid file-server, the information being stored is much more critical at this point in time and I have chosen to step up the game in four ways:

  1. Move from on-board Intel controller to dual LSI L8i 8channel hba controllers
  2. Move from raid5 to raid6
  3. Install an APC UPS and monitor it with apcupsd
  4. System monitoring with email alerts via mdadm and Google SMTP

Software raid tool mdadm has monitoring functionality that is easily configured through the /etc/mdadm/mdadm.conf file. You simply need to specify an email address under the MAILADDR property. I would suggest to leave this as root, because with ssmtp you are going to set the email address for everything routed to root.

The difficult part of getting email setup is configuring a MTA (Mail Transfer Agent). I searched for quite a while on how to get this setup. My initial impression was that I would have to host my own via postfix or some other alternative. I was happy to find that I could use a much more lightweight solution with ssmtp and an email I created from my google apps account.

Install ssmtp

sudo apt-get install ssmtp

Configure ssmtp via its config file /etc/ssmtp/ssmtp.conf

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=serveremailaddress@yourgoogleappsdomain.tld

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=servername.yourgoogleappsdomain.tld

# Are users allowed to set their own From: address?
# YES – Allow the user to specify their own From: address
# NO – Use the system generated From: address
#FromLineOverride=YES

UseSTARTTLS=YES
UseTLS=YES
AuthUser=serveremailaddress@yourgoogleappsdomain.tld
AuthPass=password

Now for a test of ssmtp, create a test file with some text in it. My test file was called ‘test’:

ssmtp youremail@yourgoogleappsdomain.tld < test

Test mdadm

sudo mdadm –monitor –scan –test

Everything should be set to go now, hopefully you wont ever need to be notified of a failure.

Known Issue

Using ssmtp with Google’s smtp is great, however if you use special characters in your email password ssmtp will not be able to authenticate. I ran into this and saw the following error:

ssmtp: Authorization failed (454 4.7.0 Cannot authenticate due to temporary system problem. Try again later. 14sm88672bwz.5)

This was promptly resolved by my choosing a password without special characters.

Posted in RAID, Server Administration | 6 Comments »

« Older Entries