Extracting DVD tracks

To extract DVD tracks identify the actual tracks first:

HandBrakeCLI -Z "Very Fast 1080p30" -i DVD.ISO -o test.mp4 -t 0 |& grep -e title -e "+ duration"

After that run the following command with the wanted title number:

HandBrakeCLI -Z "Super HQ 720p30 Surround" --audio-lang-list deu -i DVD.iso -o filename.mp4 -t <track#>

Brother ADS-1100W FTP-Scanning setup

This document scanner can send documents directly to an FTP-Server. Install vsftp via aptitude install vsftpd and set /etc/vsftpd.conf as following:

listen=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
write_enable=YES
anonymous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_root=/data/ftp

This enables anonymous uploading for everyone! Create /data/ftp/incoming and chown it to ftp.ftp. Add the following section in /etc/samba/smb.conf to enable easy access to Windows clients:

[scans]
   comment = Scans
   path = /data/ftp/incoming
   force user = ftp
   force group = ftp
   read only = No

Server Setup with Debian 10 (Buster)

Note: Basic networking is done via a Fritzbox, which provides IP-Address assignment and routing.

Run Debian setup with following choices:

  • Graphical Install
  • Language Settings
  • User with sudo to root
  • Guided crypted partioning with separated /home , /var & /tmp
  • Software selection: Basic system tools & SSH server

After the first reboot adapt sources.lst to include contrib and non-free repositories and install firmware for the usually built-in Realtek network chip:

sudo aptitude install firmware-realtek

Dynamic DNS is required to make the server available to the outside under a memorable name:

 @hourly wget -O - http://freedns.afraid.org/dynamic/update.php?<id> >/dev/null 2>&1 

Setup services:

Additional things to do

Prevent console clearing after boot up

Add/edit /etc/systemd/system/getty@.service.d/noclear.conf

[Service]
 TTYVTDisallocate=no

Run systemctl daemon-reload to let the changes becoming active.

Setup Eclipse on Linux and WSL with GTK2

The packaged version of Eclipse 3.8 does not work anymore on Ubuntu 18.04, thus a manual install of a newer version is required. Requirements: C++, Python, Git, SVN. I prefer the GTK2 version here as it is much more responsive than the current GTK3 version (Eclipse IDE 2019-09 R).

Basic Installation

  1. Install a JDK: sudo aptitude install default-jdk
  2. Install basic C++ development tooling: sudo aptitude install gcc g++ make
  3. Install GTK2 libraries: sudo aptitude install libgtk2.0-0
  4. Get one of the last GTK2 versions of “Eclipse IDE for C/C++ Developers”
    1. Eclipse IDE Photon R (4.8)
    2. Eclipse IDE 2018-09 R (4.9)
  5. Extract to /usr/local: sudo tar -C /usr/local/ -xf eclipse-cpp-2018-12-R-linux-gtk-x86_64.tar.gz
  6. Link executable to a known search path: sudo ln -s /usr/local/eclipse/eclipse /usr/local/bin/eclipse
  7. Set default GTK version via eclipse.ini by adding the following lines before the vmargs section (otherwise GTK3 will be used by default if libgtk3 is installed):
--launcher.GTK_version
2
  1. Install libwebkitgtk to display markdown documents correctly: aptitude -R install libwebkitgtk-1.0-0

Python

  1. Install python interpreter: sudo aptitude install python python3
  2. Install PyDev plugin: sudo unzip -d /usr/local/eclipse/dropins/pydev-7.4.0 “PyDev 7.4.0.zip”
  3. For XML processing install lxml: sudo aptitude install python-lxml python3-lxml

Git + SVN

  1. Install versioning tools and required libraries: sudo aptitude install subversion git
  2. Install EGIT and Subclipse plugins (4.2.4 is the last with SVN 1.9 support):
    1. sudo unzip -d /usr/local/eclipse/dropins/egit-5.5.1 org.eclipse.egit.repository-5.5.1.201910021850-r.zip
    2. sudo rm -v /usr/local/eclipse/dropins/egit-5.5.1/*.*
    3. sudo unzip -d /usr/local/eclipse/dropins/subclipse-4.2.4 subclipse-4.2.4.zip
    4. sudo rm -v /usr/local/eclipse/dropins/subclipse-4.2.4/*.*
    5. sudo aptitude install libsvnkit-java
  3. set GIT_SSH to local ssh binary to make it use the authentication agent in .basrc: export GIT_SSH=/usr/bin/ssh

Shell scripts

Install the dynamic languages toolkit (dltk) 5.10 for shell syntax highlighting: sudo unzip -d /usr/local/eclipse/dropins/dltk-R-5.10 dltk-R-5.10-201808292040.zip

Eclipse 4.13 + GTK3

Install GTK3 libs (sudo aptitude install libgtk-3-0), rest as above.

Raspberry + BME280

Setup

Make the script executable and run it. If the BME280 is wired up correctly, following output should appear:

Chip ID     : 96
Version     : 0
Temperature :  23.18 C
Pressure :  994.415458604 hPa
Humidity :  33.6359104061 %

Raspberry Zero + Raspbian Stretch Lite + I2C

Setup

Write new image to SD-Card (replace ‘?’ with actual drive) and configure WLAN and SSH:

cp 2018-11-13-raspbian-stretch-lite.img /dev/sd?
mount dev/sd?1 /mnt
touch /mnt/ssh # starts ssh without further ado
echo "country=DE
ctrl_interface=/var/run/wpa_supplicant
update_config=1
network={
       ssid=\"your_ssid_here\"
       psk=\"password\"
}" > /mnt/wpa_supplicant.conf
umount /mnt

Put the card now into the Raspberry Pi and boot it up. It should appear now in your DHCP-Server leases where you can get the IP address of it.

Configuration

Log into it and change its hostname to something suitable, reboot afterwards.

ssh pi@<ip-address> # default password is 'raspberry'
sudo vi /etc/hostname
sudo reboot

Add the following lines to the respective files to enable i2c:

/etc/modules:
  i2c-bcm2708
  i2c-dev

/boot/config.txt
  dtparam=i2c_arm=on

Afterwards install necessary tools to check if i2c is working

sudo apt-get install i2c-tools

.

Running i2cdetect -y 0 shows that a device on address 0x76 was detected (in this case a BME280 sensor):

pi@raspberry0-0:~ $ sudo i2cdetect -y 1
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
00:          -- -- -- -- -- -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
70: -- -- -- -- -- -- 76 --

APC Back-UPS XS 650CI & apcupsd

Installation

aptitude install apcupsd

Configuration

In the default /etc/apcupsd/apcupsd.conf disable the DEVICE entry in line 90:

# DEVICE /dev/ttyS0

Restart daemon systemctl restart apcupsd and check working connection with apcaccess status.

Usage

  • Reset battery date with apctest (stop apcupsd before) with View/Change battery date
  • Change alarm behaviour with apctest (stop apcupsd before) with View/Change alarm behavior
  • Replacement battery type: APCRBC110

Compaq Evo N800v & Debian 8 (Jessie)

How to get Debian 8 (Jessie) running properly on an ancient Compaq Evo N800v machine

Installing required packages:

aptitude install firmware-amd-graphics

Touchpad works out of the box: Enable clicking and scrolling on the touchpad via mouse settings. (Mate-Desktop)

Unresolved issued

  • Standby may freeze cursors occasionally
  • Hibernation results in graphic glitches

Windows 10 Security Settings

Unwanted Application Protection

Set-MpPreference -PUAProtection 1

Disable connection to suspicious hosts

Set-MpPreference -EnableNetworkProtection Enabled

Backup with rsnapshot

Backup concept

A backup server which can be woken via wake-on-lan will pull data from live servers via rsnapshot . Waking, creating a backup, and shutting down will be done from a specific live server.

Key generation and automated login

First create an SSH key which will authorize the backup server against the live servers: On the backup server run ssh-keygen -b 4096 -f backup_auth. The generated file backup_auth.pub has to be appended to /root/.ssh/authorized_keys to enable automated login. Later we will limit commands availabe to rsync only for safety reasons. Check that the clients /etc/ssh/sshd_config sets PermitRootLogin without-password so that a first connection test from the backup server can succeed. Do this vice-versa for the live server which will later control the backup server.

Rsnapshot

Run aptitude install rsnapshot and modify /etc/rsnapshot.conf to at least (see comments in config file for explanations):

snapshot_root <path>
no_create_root 1
cmd_ssh /usr/bin/ssh
retain ...
ssh_args -i /root/.ssh/backup_auth

# live server directories
backup root@server.local:/etc/ ./
backup root@server.local:/home/ ./
[...]

Limiting rights of automated login

Extract (Debian 8/9) or copy (Debian 10) rrsync (restricted rsync) from /usr/share/doc/rsync/scripts to /usr/local/bin/rrsync and make it executable. The backup auth key can now be restricted in /root/.ssh/authorized_keys. Prepend the entry with command="/usr/local/bin/rrsync -ro /" which limits access with this key to just this command. Additionally limiting measures can be implemented by adding further restrictions after command:

command="/usr/local/bin/rrsync -ro /",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa ...

Additionally change PermitRootLogin in /etc/ssh/sshd_config to forced-commands-only.

Automation

Waking the backup server

wakeonlan [...]

Creating backups

ssh -i <keyfile> rsnapshot [...]

Keyfile should authenticate the live server against the backup server.

Shutting the backup server down

ssh -i <keyfile> /sbin/ethtool -s eth0 wol g
ssh -i <keyfile> /sbin/shutdown -h -t 1