Enable ICMP through UFW

I like using Ubuntu’s UFW command, but today I needed to allow outgoing ICMP. I received results as so:

$ ping 4.2.2.2  
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.  
ping: sendmsg: Operation not permitted  
ping: sendmsg: Operation not permitted  
ping: sendmsg: Operation not permitted  

To allow outbound icmp I edited ‘before.rules’ and added the following lines.

$ sudo vi /etc/ufw/before.rules
# allow outbound icmp
-A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT

Ubuntu 10.04, Django and GAE - Part 1

I’ve started to get into Google’s App Engine again, and have started developing a simple product that I had a use for. The initial first draft was a quick 200 lines in webapp, and it worked great. However, I’m starting to find certain things quite cumbersome. I’m a huge fan of Django, and but also about keeping things as simple as possible, which is why I picked webapp to begin with.
I’m now considering making a swap to Django, but there are some development issues; namely, I’m using Ubuntu 10.04, Python 2.6, and Django 1.2. This setup presents several setbacks, as GAE has the requirement of Django 1.1 and Python 2.5. There are two solutions that I found: a) use virtualenv, which I’ve detailed, or b) chroot. This document will hopefully show how to configure a chroot environment of Ubuntu 9.10 and prepare it for Django on GAE. Using a jailed environment should allow you to edit your code with your normal IDE and VCS, but use Django 1.1 and Python 2.5.
First, I installed schroot and debootstrap.

$ sudo apt-get install schroot debootstrap

Second, I edited /etc/schroot/schroot.conf and added the following section to the end.

[karmic]
description=karmic
type=directory
location=/var/chroot/karmic
priority=3
users=kelvinn #your username goes here
groups=admin
root-groups=root
run-setup-scripts=true
run-exec-scripts=true

Third, I created the directories needed for the jailed environment and installed karmic.

$ sudo mkdir -p /var/chroot/karmic
$ sudo debootstrap --arch i386 karmic /var/chroot/karmic

Forth, I logged into the jailed environment and updated packages, installed Python 2.5 / Django 1.1. Make sure to note that I don’t call ‘python’, I call ‘python2.5’.

$ sudo schroot -c karmic
(karmic)root@kelvinn-laptop:~# apt-get update
(karmic)root@kelvinn-laptop:~# apt-get install python2.5
(karmic)root@kelvinn-laptop:~# cd /usr/src
(karmic)root@kelvinn-laptop:~# apt-get install wget
(karmic)root@kelvinn-laptop:/usr/src# wget http://www.djangoproject.com/download/1.1.2/tarball/
(karmic)root@kelvinn-laptop:/usr/src# tar -xpzf Django-1.1.2.tar.gz
(karmic)root@kelvinn-laptop:/usr/src/Django-1.1.2# python2.5 setup install
(karmic)root@kelvinn-laptop:/usr/src/Django-1.1.2# exit

Lastly, I log in as my normal user, and start the app. Let’s say I have a folder called ‘~/gaeapps’ for my GAE stuff, and that’s where I put the SDK.

$ scroot -c karmic
(karmic)kelvinn@kelvinn-laptop:~/gaeapps$ ls
google_appengine  myproject
(karmic)kelvinn@kelvinn-laptop:~/gaeapps$ google_appengine/dev_appserver.py myproject

Ubuntu 10.04, Django and GAE - Part 2

All my Django sites are running 1.2, which poses a conflict with writing apps for Google’s App Engine, as use_library currently only supports < Django 1.1. There are two solutions that I found: a) use virtualenv, or b) chroot, which I’ve already detailed. This document will hopefully show you how to create a virtual environment to use a secondary django version, especially for GAE. Of the two options, I think this one is a bit quicker, but there will likely be tradeoffs that a chroot environment can deal with better, e.g. python imaging (I don’t use it for GAE).
First, install PIP and virtualenv:

kelvinn@kelvinn-laptop:~/workspace$ sudo easy_install -U pip
kelvinn@kelvinn-laptop:~/workspace$ sudo pip install -U virtualenv

Second, configure an environment for any app that will use Django 1.1:

kelvinn@kelvinn-laptop:~/workspace$ virtualenv --python=python2.5 --no-site-packages django-1.1
New python executable in django-1.1/bin/python
Installing setuptools............done.
kelvinn@kelvinn-laptop:~/workspace$ pip install -E django-1.1 yolk
kelvinn@kelvinn-laptop:~/workspace$ pip install -E django-1.1 Django==1.1

Now, download the python GAE sdk and put it in the django-1.1 folder. I also just dump any project directory requiring Django 1.1 into this django-1.1 folder, although I guess you could create a virtualenv for each project. The last thing to do is start the virtual environment, and run the GAE app.

kelvinn@kelvinn-laptop:~/workspace$ source django-1.1/bin/activate
(django-1.1)kelvinn@kelvinn-laptop:~/workspace$ yolk -l
(django-1.1)kelvinn@kelvinn-laptop:~/workspace$ cd django-1.1
(django-1.1)kelvinn@kelvinn-laptop:~/workspace/django-1.1$ ls
bin  google_appengine  include  lib  myproject1 myproject2
(django-1.1)kelvinn@kelvinn-laptop:~/workspace/django-1.1$ google_appengine/dev_appserver.py myproject1

When you’re all finished, you can jump out of virtualenv:

(django-1.1)kelvinn@kelvinn-laptop:~/workspace/django-1.1$ deactivate

Update: You’ll find this article especially interesting if you get an error such as the following:

UnacceptableVersionError: django 1.1 was requested, but 1.2.0.beta.1 is already in use

Lenny on Ebox 3310A

As a preface, I take absolutely no credit for the below instructions. Stefan L kindly sent these through these instructions on installing Debian on the 3310A. I need to send a special thanks to Stefan, as I receive a lot of emails about the 3310 - but I don’t have one, so I can’t really do much:

The only edit I’ve done is change out the links to my files on S3. If you find these helpful, or want to suggest an alteration, please leave a comment.

Download these files first:

EDIT 16-03-2025: I have since removed these files.

The steps to install Lenny to CF in brief is:

  1. Install i386 version of Lenny to CF on another computer
  2. Add the revised kernel deb with dpkg -i *.deb
  3. Change fstab from hda1 to sdb1 (sda1 if there is no micro sd card) - uuids may be better
  4. Change /boot/grub/menu.lst to:
title           Debian GNU/Linux, kernel 2.6.31.5-vortex86-sl3
root            (hd0,0)
kernel          /boot/vmlinuz-2.6.31.5-vortex86-sl3 root=/dev/sdb1 ro verbose
  1. Probably need to change /boot/grub/device.map
(hd1)   /dev/sda
(hd0)   /dev/sdb

With no micro sd it would be:

(hd0) /dev/sda
  1. delete the section below “# PCI device ….” in /etc/udev/rules.d/70-persistent-net.rules (Otherwise the eBox network gets remapped to eth1 and may not appear if only eth0 is specified in the network settings)
  2. Reboot & pray The next one is a revised initrd for the current Ubuntu 9.10: http://staff.washington.edu/lombaard/initrd.img-2.6.31-14-generic-pata_rdc. (EDIT 12-03-2025: Lost my image that was linked from here). The two changes are: blacklist dm_raid45 & add pata-rdc.ko “blacklist dm_raid45” needs to be added to /etc/modprobe.d/blacklist.conf I managed to boot into gnome desktop without any further problems. I have enabled PCI IDE Bus Mastering, plug&play and IDE native mode in the bios. Hope this saves someone else a few hours of frustration.

New Atheros Module and Ubuntu

I’ve been using Atheros for quite some time, and I’ve always liked the madwifi drivers. They allowed really easy switching into monitor mode, and decent levels of packet injection. However, since I’m mostly in an office now, instead of writing web apps in cafes and trying to score free internet, I don’t really need anything fancy. My gentoo stage 1 (3?) days are over. I use Ubuntu, because I’m lazy, and it mostly works.

My new laptop (well, 1.5 year old laptop now, but still new in my eyes) gave me the option between an Intel card and a Atheros wifi card. I chose the Atheros card; then the ath5k module came out, and life has been turbulent ever since.

In summary: the ath5k driver in the 2.6.28 kernel, which is what Ubuntu 9.04 uses, isn’t as up-to-date as the drivers in compat-wireless. Fancy that… This presents me with the option of compiling a new kernel specifically with it, or just installing compat-wireless. I’m lazy, so…

I’ll get a few basic troubleshooting commands out of the way first. After updating the kernel I kept getting disconnected - it appeared I was associate/disassociating frequently.

# dmesg
...
2577.134060] wlan0: associated
[ 2580.984838] wlan0: disassociating by local choice (reason=3)
...
# lspci | grep Atheros
03:00.0 Ethernet controller: Atheros Communications Inc. AR5212 802.11abg NIC (rev 01)
# ping 192.168.1.1
...
64 bytes from 192.168.1.1: icmp_seq=2409 ttl=64 time=1.13 ms
64 bytes from 192.168.1.1: icmp_seq=2410 ttl=64 time=2236.61 ms
64 bytes from 192.168.1.1: icmp_seq=2411 ttl=64 time=4562.40 ms
64 bytes from 192.168.1.1: icmp_seq=2412 ttl=64 time=6521.868 ms
...

The steps to resolve are as follows:

  1. Make sure you have headers for your current kernel.
  2. Make sure you have ability to compile programs.
  3. Download and install compat-wireless
  4. Unload and load the module.

So, first, use Synapitc to get the latest kernel headers and the ‘build-essential’ packages.

Next, download the compat-wireless package. I needed to use one from a few weeks ago because I received the following error:

make -C /lib/modules/2.6.28-15-generic/build M=/usr/src/compat-wireless-2009-09-22 modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.28-15-generic'
CC [M]  /usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.o
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c: In function 'b43_do_interrupt':
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c:1888: error: 'IRQ_WAKE_THREAD' undeclared (first use in this function)
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c:1888: error: (Each undeclared identifier is reported only once
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c:1888: error: for each function it appears in.)
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c: In function 'b43_request_firmware':
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c:2218: warning: format not a string literal and no format arguments
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c: In function 'b43_wireless_core_start':
/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.c:3867: error: implicit declaration of function 'request_threaded_irq'
make[4]: *** [/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43/main.o] Error 1
make[3]: *** [/usr/src/compat-wireless-2009-09-22/drivers/net/wireless/b43] Error 2
make[2]: *** [/usr/src/compat-wireless-2009-09-22/drivers/net/wireless] Error 2
make[1]: *** [_module_/usr/src/compat-wireless-2009-09-22] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.28-15-generic'
make: *** [modules] Error 2

You can download a working 2009-09-05 set from orbit-lab.org

# tar -xpjf compat-wireless-2009-09-05.tar.bz2
# cd compat-wireless-2009-09-05
# make
# make install
# make unload
# modprobe ath5k

All done. My variable ping times and random disconnections seem to have been mitigated. Thanks wireless guys!

ISO Code Error

I’ve received this error a few times when working with pytz:

Error reading file '/usr/share/xml/iso-codes/iso_3166.xml'

In short, install the ‘iso-codes’ package in Ubuntu/Debian. I’m sure this is covered in the manual that I didn’t read, but I’m sure others didn’t read it too.

apt-get install iso-codes

Fixing locale errors in Ubuntu 8.04

I’ve hit this problem a few times, and figured I’d leave a note for myself how to fix it. Ubuntu 8.04 seems to hiccup sometimes (on a VPS) for generating the correct locales. In particular, I get this error, a lot:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Normally I just do ‘dpkg-reconfigure locales’, but with 8.04, this doesn’t seem to do squat. The solution is to edit the /var/lib/locales/supported.d/local file, and insert the correct locales (it will normally not exist, so create it):

# cat /var/lib/locales/supported.d/local
zh_TW.UTF-8 UTF-8
zh_TW BIG5
zh_TW.EUC-TW EUC-TW
en_US.UTF-8 UTF-8
en_US ISO-8859-1
en_US.ISO-8859-15 ISO-8859-15

You can then do a ‘dpkg-reconfigure locales’ and they will be generated correctly. For a list of supported locales, try this:

cat /usr/share/i18n/SUPPORTED | grep US

Fixing mysql warning message

After restoring databases from one server to another I sometimes get this error on Ubuntu or Debian:

error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'

This makes a lot of sense, and the solution is pretty simple. If you look in:

cat /etc/mysql/debian.cnf

You’ll see the defaults for your system. Copy the password listed there, and open a connection to MySQL as root (or some other user). Next, enter this (lets say your password specified in debian.cnf was ‘abracadabra’:

mysql> select PASSWORD('abracadabra');
+-------------------------------------------+
| PASSWORD('abracadabra')                   |
+-------------------------------------------+
| *38794E19D534EBA4F0F78903FA00F1DA2989DCA2 | 
+-------------------------------------------+
1 row in set (0.00 sec)

Next, since we already have the prompt open, do this command:

mysql> USE mysql;
mysql> UPDATE user SET password='*38794E19D534EBA4F0F78903FA00F1DA2989DCA2' where user='debian-sys-maint';
mysql> FLUSH privileges;

Restart MySQL, and the error should have gone away.

Configure Timevault to Remote Server

Using TimeVault with a shared drive as a backend is actually quite easy, but it does require a few special things setup. Note: this is gonna be a brief summary.

Install samba-tools, smbfs…

sudo apt-get install samba-tools smbfs

A lot more other stuff may install as well.

Create a script that mounts your samba share. You could also do this in fstab, but I tend to suspend my laptop when I come home, and I like clicking buttons.

#!/bin/bash

mount -t cifs //192.168.44.2/kelvin /mnt/backups -o netbiosname=KELVIN-PC,iocharset=utf8,credentials=/home/kelvin/Apps/.smb-details.txt

smb-details.txt includes:

username=DOMAIN\\kelvin
password=mypassword

Finally, create a folder called ’timevault’ or something inside your mapped share, then launch TimeVault and configure it to use the above mentioned /mnt/backups/timevault folder. Configure Timevault as normal.

Ubuntu 8.04 64-Bit and VMware Server 2

I now have successful installation of VMware Server 2 (Beta RC1) on top of Ubuntu 8.04 64-bit. I have been using various virtualization technologies for years, and VMware is usually the easiest to install and configure. So far, VMware Server 2 RC1, has proven to be the exception to the rule.

That said, I am very excited by the direction VMware is taking – this new server version looks to have great potential.

The ‘server’ this is on is a mATX motherboard from Gigabyte (GA-G33M-DS2R), with 4GB (2x2GB) of Transcend DDR2-800 memory, topped off with the E8200. I have been nothing but impressed with this combination of hardware.

However, although I was thinking VMware Server 2 would install seamlessly over Ubuntu, I was wrong. There were a few things I had to tweak to get everything working correctly.

The first thing I had major issues with was VMware choking on the parallel port. Normally the parport is the first thing I would turn off, but in this instance, I guess excitement overtook me. My tip is to first remove the lp module from inside /etc/modules, and then disable the parallel port inside the BIOS. The symptoms I was having involved VMware halting/freezing on either startup or shutdown. This occurred for both RC1 as well as 1.0.6.

My second tip, if VMware freezes half way through starting up or shutting down, is to go through the vmware startup script, /etc/init.d/vmware, and comment out anything refering to the parport_pc. In particular, I looked for this line and made sure to comment it out:

/sbin/modprobe -r parport_pc >/dev/null 2>&1

I commented out lines 974 and 1076. After doing this, VMware loaded perfectly.

The second major issue I had occurred after actually installing VMware. I opened Firefox and went to the IP of my virtual server, logged in just fine, and loaded up my first virtual machine. However, after booting the virtual machine, I was unable to open up the remote console. It turns out I had just upgraded to Firefox 3.0.1, and the Remote Console is set to fail on anything above 3.0.0.1. The fix is quite easy.

First click where it says “click anywhere to open the virtual machine”. Copy the address of the XPI and use something like wget to download the file. This is an example:

wget --no-check-certificate https://192.168.50.10/ui/plugin/vmware-vmrc-linux-x86.xpi

If you are using Gnome, right click the file you just downloaded and say Open With then Archive Manager. Do the same for the ‘install.rdf’ file inside, specifying gedit as the application if need be. Next, edit line 20 so it reads as follows:

3.0.*

Save the file, open the XPI with Firefox, and you should be good to go.

I’ve seen a lot of other suggestions on the ’net on how to fix VMware RC1 when booting – including disabling ipv6, checking the hosts file, and running the any-any patches. None of these approaches helped me at all, but maybe it is exactly what you need. My biggest tip is that if VMware isn’t starting up or stopping correctly, open up /etc/init.d/vmware and find out exactly where it is faulting (add things like ’echo “fail”’ inside the IF statements).