Sunday, June 3, 2018

Fix MongoDB incompatibility for Unifi 5.x in Ubuntu 18.04


1. Replace Ubuntu’s MongoDB 3.6 with Community Edition MongoDB 3.4
$ sudo service unifi stop
$ sudo apt uninstall mongodb-server mongo-tools mongodb-clients mongodb-server-core
$
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
$ echo "deb [ arch=amd64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
$ sudo apt update
$ sudo apt install mongodb-org
2. Enable MongoDB migration option. NOTE: since MongoDB is started by Unifi, we need to start Unifi
$ sudo service unifi start
$ sudo mongo --port 27117
> db.adminCommand( { setFeatureCompatibilityVersion: "3.4" } )
> exit
$ sudo service unifi stop
3. Reinstall Ubuntu’s MongoDB 3.6
$ sudo rm /etc/apt/sources.list.d/mongodb-org-3.4.list
$ sudo apt update
$ sudo apt install mongodb-server
4. Fix Unifi’s MongoDB options incompatibility
$ sudo mv /usr/lib/unifi/bin/mongod /usr/lib/unifi/bin/mongod.bin
Create file /usr/lib/unifi/bin/mongod with following contents:
     #!/bin/bash
     cleaned_args=$(echo $* | sed -e 's/--nohttpinterface//')
     exec /usr/lib/unifi/bin/mongod.bin ${cleaned_args}
$ sudo chmod +x /usr/lib/unifi/bin/mongod
5. References


Tuesday, March 27, 2018

Skype For [not doing] Business on Linux

S4B on Linux can be used with Pidgin and Sipe plugin.
  1. Follow build/install instructions or get distro binaries. For example, on xUbuntu distros, install latest & greatest sipe plugin with
    sudo add-apt-repository ppa:sipe-collab/ppa
    sudo apt-get update
    sudo apt-get install pidgin-sipe
    
  2. Configure according to description in this guide. NOTES:
    • avoid using SSO unless you have kerberos with domain login fully set up (ok, just avoid it)
    • use remmina as a remote desktop client (install it if you don't have it in the system)
  3. For User Agent string try to use latest and greatest from this blog

Friday, February 16, 2018

Make Outlook search working again

This is hilarious. Outlook cannot find emails because it uses Windows Search which is totally useless. Here's how to fix this - disable Windows Desktop Search Service for Outlook:
1. Open Registry Editor
2. In "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows" create new key "Windows Search"
3. In the "Windows Search" key create new DWORD value, name it "PreventIndexingOutlook" and set it to 1
4. Exit Registry Editor, and then restart Outlook

Source: https://social.technet.microsoft.com/Forums/office/en-US/8fb64888-8954-4626-ab2e-389b138e73ca/email-search-not-working-in-pst?forum=outlook

Voila!

Tuesday, January 31, 2017

Automate DKMS modules signing in Linux

Some time ago I have managed to sign DKMS Nvidia modules with generated keys and upload those to UEFI. Of course, I had to sign modules every time they've been rebuilt, i.e. when kernel or nvidia driver gets updated. So after few kernel updates I have decided to automate the task via postinst.d hook.

#!/bin/sh

DKMS_DIR=/lib/modules/$1/updates/dkms
KEYS_DIR=/opt/sign
SIGN_CMD=/usr/src/linux-headers-$1/scripts/sign-file

for file in $DKMS_DIR/*.ko
do
    $SIGN_CMD sha256 $KEYS_DIR/MOK.priv $KEYS_DIR/MOK.der "$file" > /dev/null 2>&1
done

exit 0
Not quite sure but looks it will get executed also on kernel uninstall :) Now, need to address Nvidia packages updates.

Thursday, January 12, 2017

Just in case if you are writing some communications protocol in C/C++...

... and need to document it in details in your source headers. There you go, a brilliant tool!
################################################################################
#                    ____            _                  _                      #
#                   |  _ \ _ __ ___ | |_ ___   ___ ___ | |                     #
#                   | |_) | '__/ _ \| __/ _ \ / __/ _ \| |                     #
#                   |  __/| | | (_) | || (_) | (_| (_) | |                     #
#                   |_|   |_|  \___/ \__\___/ \___\___/|_|                     #
#                                                                              #
#           == A Simple ASCII Header Generator for Network Protocols ==        #
#                                                                              #
################################################################################
#                                                                              #
#  Written by:                                                                 #
#                                                                              #
#     Luis MartinGarcia.                                                       #
#       -> E-Mail: luis.mgarc@gmail.com                                        #
#       -> WWWW:   http://www.luismg.com                                       #
#       -> GitHub: https://github.com/luismartingarcia                         #
#                                                                              #
################################################################################
Here's an example of generated TCP headers description

   $ protocol tcp
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          Source Port          |        Destination Port       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Sequence Number                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Acknowledgment Number                     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Offset|  Res. |     Flags     |             Window            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |            Checksum           |         Urgent Pointer        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    Options                    |    Padding    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Get it here: https://github.com/luismartingarcia/protocol Thanks andr2000 for the hint.

Tuesday, June 21, 2016

Module signing in Linux

Got xUbuntu 16.04 installed alongside with Windows 10 on UEFI with Secure Boot enabled and had to get 3rd party GPU drivers running so found this nice answer here.



Since kernel version 4.4.0-20, it was enforced that unsigned kernel modules will not be allowed to run with Secure Boot enabled. If you'd want to keep Secure Boot and also run these modules, then the next logical step is to sign those modules.

So let's try it.
  1. Create signing keys
    openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=descriptive name/"
  2. Sign the module
    sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der /path/to/module
  3. Register the keys to Secure Boot
    sudo mokutil --import MOK.der
    Supply a password for later use after reboot
  4. Reboot and follow instructions to Enroll MOK (Machine Owner Key). Here's a sample with pictures. The system will reboot one more time.
Please let me know if your modules would run this way on Ubuntu 16.04 (on kernel 4.4.0-21, I believe).

Resources: Detailed website article for Fedora and Ubuntu implementation of module signing.

One addition for the security-conscious: the private key MOK.priv generated by openssl -nodes as above is not protected by a password. Thus in principle, a rogue program could use it to sign a compromised module or even taint the bootloader, as your signing key now sits in hardware storage as a trusted key. A more secure solution is to omit the -nodes option. In step 1 openssl will then ask for a password to protect the private key. Before step 2, when signing, set the KBUILD_SIGN_PIN environment variable to the password you specified in step 1.

Wednesday, January 14, 2015

Enabling A2DP Bluetooth speakers for PulseAudio in xUbuntu 14.04

A little bit of masochism Linux-style

1. change settings in audio.conf:
SCORouting=PCMDisabled=Socket
2. enable Bluetooth in PulseAudio
sudo apt-get install pulseaudio-module-bluetooth
pulseaudio -k
pactl load-module module-bluetooth-device
pactl load-module module-switch-on-connect
3. PROFIT!

https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1181106
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725610

Friday, November 14, 2014

Moving to Xubuntu

I've decided to completely move to Xubuntu 14.04 LTS as my main OS. My Windows 7 Home Premium is almost crushed under the weight of its own security updates, though I must admit it survided 3 years without reinstall, which is sort of a record to me, so cudos to M$ :)

Issues I have met so far:
  1. There is no good replacement for the MS Office. I desparately need Excel, Word, Powerpoint, Project and Visio for my work, so I'll go with corporate Windows 7 running on a VirtualBox VM
  2. Not sure if my 3G Huawei modem will work. Linux has detected it correctly, but still I have not succeeded to connect
  3. I have managed to connect to my company's VPN with AnyConnect client, but would like to migrate to the OpenConnnect integrated with NetworkManager. OpenConnect does not work correctly so far due to some issues with host scanning
  4. Evernote desktop client is not supported on Linux. I have to stick to the web version and use the desktop in the corporate Windows 7 running on a VM
  5. Google Drive desktop client is not supported on Linux. There are some replacements available, I'd like to stick to the one which integrates with Fuse but not yet succeeded
  6. Ubuntu 14.04 has a bug with 802.1x which is a bit annoying but possible to overcome
  7. I'd like to run a VM with interface to the corporate network trough VPN running on Linux. I have no idea yet how to configure it (IP tunnel? not sure)
  8. Connecting Bluetooth input devices required some hacking in HID autoconnect scripts
  9. Opera browser is available for Linux only in beta stage

Saturday, June 15, 2013

X10 is alive!

Just before my another trip to US I've decided to restore my ol' pal - SE Xperia X10, now with AOSP JB 4.2.2. After purchasing a brand new battery, here's what I got to install:
I have not installed any apps on top of that so I have it only as a 'data pipe' for my Galaxy Nexus (on UA SIM) and ... well ... as a phone, just to make calls :)