Monday, October 24, 2011

Shorewall rules for blocking intra-zone traffic

According to the manual of shorewall-rules, when all is used either in the SOURCE or DEST column intra-zone traffic is not affected. When all+ is used, intra-zone traffic is affected. Therefore, the following rule blocks access from IP 192.168.1.150 of loc zone to all other zones (including the network interface of the firewall running shorewall on the loc zone)
DROP    loc:192.168.1.150       all+

Saturday, October 22, 2011

Webdoctor on my HP TouchPad

Today is 10/22/2011 and I learned a lesson after installing an updated version of Advanced reset options (and the 5 packages it depends on) patch through preware,  which wiped all my installed apps out of my TouchPad (TP). I finally decided to doctor back to WebOS 3.0.2. Since the my palm account only allows me to restore 3.0.4 with webdoctor, I did the following instead.
  • Backup my data from Settings -> Backup (Important)
  • Put my TP into USB update mode
  • Run Webdoctor 3.0.2 downloaded from here with the following command
    java -jar "path of doctor-file"
  • Webdoctor actually failed at the first time I ran it and gave me an error says "Failed to reset the device"
  • Run webdoctor again and now it starts to flash
  • See the message "Reset Complete" from webdoctor and TP reboots
  • My TP is back in WebOS 3.0.2 and click on the "Done" button of the webdoctor.

    Now the TP had updated itself to 3.0.4 through OTA, I updated the kernel through preware. And I had to remove the Advanced reset options first.

Free XLS/XLSX to CSV/TEXT file converter

I found the utility bundled in the perl module Spreadsheet::Read is pretty good. It actually uses Spreadsheet::ParseExcel or Spreadsheet::XLSX to read Microsoft Excel files. Its main utility is xlscat and a wrapper xls2csv. It can read both XLS (excel 2003 and before) and XLSX (excel 2007 and beyond) files but not XLSM (macro enabled excel workbook) files yet. It can output in different text file formats

usage: xlscat [-s ] [-L] [-n] [-A] [-u] [ Selection ] file.xls
              [-c | -m]                 [-u] [ Selection ] file.xls
               -i                            [ -S sheets ] file.xls
    Generic options:
       -v[#]       Set verbose level (xlscat)
       -d[#]       Set debug   level (Spreadsheet::Read)
       -u          Use unformatted values
       --noclip    Do not strip empty sheets and
                   trailing empty rows and columns
        -e     Set encoding for input and output
        -b     Set encoding for input
        -a     Set encoding for output
    Input CSV:
       --in-sep=c  Set input sep_char for CSV
    Input XLS:
       --dtfmt=fmt Specify the default date format to replace 'm-d-yy'
                   the default replacement is 'yyyy-mm-dd'

    Output Text (default):
       -s     Use separator . Default is TAB \t, \n allowed
       -L          Line up the columns
       -n          Number lines (prefix with column number)
       -A          Show field attributes in ANSI escapes
    Output Index only:
       -i          Show sheet names and size only
    Output CSV:
       -c          Output CSV, separator = ','
       -m          Output CSV, separator = ';'

    Output HTML:
       -H          Output HTML
    Selection:
       -S Only print sheets . 'all' is a valid set
                   Default only prints the first sheet
       -R    Only print rows    . Default is 'all'
       -C    Only print columns . Default is 'all'
       -F    Only fields e.g. -FA3,B16

Therefore to read rows 5-100 in first worksheet of file in.xlsx and output as semi-colon delimited file out.csv
xlscat -m -R 5-100 in.xlsx > out.csv
When there isn't a output format option, xlscat defaults to use "|" as delimiter and I found it's more convenient to use TAB (\t) as the delimiter. Therefore I changed the program of /usr/local/bin/xlscat at line 129 to
defined $opt_s or $opt_s = "\t";
After the above change, I can use the following command to read rows 50-100 in first worksheet of file in.xlsx and output as TAB (\t) delimited file out.csv
xlscat -R 50-100 in.xlsx > out.csv

PBO loses settings when power cycled

Starting from this week, I noticed that my Patriot Box Office (PBO) asked me to select language and time and network settings every time when it came out of the stand-by mode or power cycle. I tried downgrading the firmware back to P02 then flashed back to P70R2(BCN) but that didn't fix the problem.

I telnet to the BOX and found the file for the above settings is located at
/usr/local/etc/dvdplayer/Setup
and every time  when the PBO is turned on, this file is recreated upon user selections. I found the reason is most likely that the partition /usr/local/etc/ is full and the Setup file can't be saved to disk when powered off. Below is the result from df showing exactly that.
# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                78.6M     71.0M   7.6M  90% /
/dev/mtdblock/2          69.1M     69.1M      0 100% /usr/local/etc
/dev/rd/0                40.0k     40.0k      0 100% /mnt/rd


I deleted some RSS files I added and then did a du on the disk usage of partition /usr/local/etc

/usr/local/etc # du -d 1
54      ./playlist
874     ./dvdplayer
14      ./hdd.old
36660   ./linked
23827   ./mos
11      ./ppp
1962    ./srjg
2       ./lost+found
63419   .


The two biggest subfolders are linked (>30MB) and mos (>20MB). I found there are some redundant executables in

/usr/local/etc/linked/opt/bin
/usr/local/etc/mos/rssex

So I deleted those files and replace them with symbolic links to files in /usr/local/etc/mos/rssex2/bin/ After doing this, I now have roughly 7.5MB space in /usr/local/etc again.

 # df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                78.6M     71.0M      7.6M  90% /
/dev/mtdblock/2          69.1M     61.6M      7.5M  89% /usr/local/etc
/dev/rd/0                40.0k     40.0k         0 100% /mnt/rd


And PBO can save the Setup file correctly and no longer asks me to do initial setups.

Friday, October 21, 2011

use Urpmi to upgrade perl

Perform the following in the specified order to prevent breaking urpmi
  •  Always upgrade urpmi first
    urpmi urpmi
  • Use rpm to query all installed perl packages and display only package names (without distributions)
    rpm -qa --qf '%{name}\n' | grep -i perl
  • Feed the results of the above query to urpmi (to upgrade all perl related packages)
    urpmi `rpm -qa --qf '%{name}\n' | grep -i perl`

Tuesday, October 11, 2011

NT ACL on Samba


  • Enable ACL support in the file system by remounting it with acl option. ACL must be enabled in a file system before Samba can use it.
    mount -o remount,acl /home
  • Enable acl support during boot time with the following in the /etc/fstab
    LABEL=/home /home ext4 noatime,acl 1 2
  • Enable acl support in Samba on a per share basis with the following in /etc/samba/smb.conf (typically already enabled by default)
    nt acl support = yes
    acl map full control = yes
  • Set the setgid bit for the directory
    chmod g+s /home
  • Have the following in /etc/samba/smb.conf
    inherit acls = Yes
    delete readonly = Yes
  • Check the ACL of current directory
    getfacl .
  • Set a default group (manager) ACL for files created in /home
    setfacl -m d:g::---,d:g:manager:r-x /home
  • Copy the ACL from a template folder to /home
    getfacl /template | setfacl -M - /home
    There's a warning of "getfacl: Removing leading '/' from absolute path names" from the above command, which can be safely ignored.

Reference

Monday, October 10, 2011

Shorewall rule for a particular time period

I found from the manual for /etc/shorewall/rules that Shorewall can have rules active on a particular time period of each day or particular days of the week or month, or a range defined by dates and times if supported by the kernel and iptables. The following can be checked:
#shorewall show capabilities | grep Time
   Time Match: Available
#rpm -qa | grep shorewall

shorewall-4.4.19.1-2-mdv2011.0.noarch
#uname -r 
2.6.38.7-server-1mnb2

The TIME field should be the 12th field in the rules file (after the CONNLIMIT field and before the HEADERS field). The following creates a rule blocking a local IP address of 192.168.1.100 from accessing internet at 18:45-21:00 every day in my local time (instead of UTC).
#ACTION SOURCE DEST PROTO DEST_PORT SOURCE_PORT ORIGINAL_DEST RATE USER/GROUP MARK CONNLIMIT TIME HEADERS    
DROP loc:192.168.1.100 all all - - - - - - - timestart=18:45&timestop=21:00&localtz
#service shorewall reload 
#iptables -L | grep TIME 
DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00
DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00
DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00
DROP all -- 192.168.1.100 anywhere TIME from 18:45:00 to 21:00:00

Thursday, October 6, 2011

Notes on xmgrace

  • Hotkeys:
    • Ctrl L: Move current graph legend
    • Ctrl M: Move an object
    • Ctrl T: Place timestamp
  • Set font color for plot legend
    • Click on the plot and prefix the legend string by \R{red} (for red color)
  • Transform axis tick label from length to angle in degree (acceptable expressions)
    atan($t/100)*180/PI
  • Set the number of decimal digits to N on the transformed axis tick labels
    I had to multiply the result by 10^N and round it to an integer then divide by 10^N. For e.g. the following will set the number of decimal digits to to 2
    rint(atan($t/100)*180/PI*100)/100