Lindqvist -- a blog about Linux and Science. Mostly.

03 May 2012

133. Compiling Openbabel 2.3.1 and CMake on ROCKS/centos

Open Babel is a convenient tool for converting between chemistry-related file formats. Sadly, it's not included in ROCKS 5.4.3 from what I can see and I could only install a severely outdated rpm package which doesn't support gaussian 09 and nwchem well.

The easiest way to compile openbabel is by using cmake.

Cmake:
wget http://www.cmake.org/files/v2.8/cmake-2.8.8.tar.gz
tar -xvf cmake-2.8.8.tar.gz
cd cmake-2.8.8.8/
./configure --prefix=/home/me/.cmake
make
make install

Add the following to your ~/.bashrc and source it:
export PATH=$PATH:/home/me/.cmake/bin

Note: this works in Scientific Linux (Boron) 5.4 as well

Openbabel
wget http://downloads.sourceforge.net/project/openbabel/openbabel/2.3.1/openbabel-2.3.1.tar.gz?r=http%3A%2F%2Fopenbabel.org%2Fwiki%2FGet_Open_Babel&ts=1336048328&use_mirror=aarnet
tar -xvf openbabel-2.3.1.tar.gz
cd openbabel-2.3.1/
cmake -DCMAKE_INSTALL_PREFIX:PATH=/home/me/.babel
make
make install

Add the following to your ~/.bashrc and source it:
export PATH=$PATH:/home/me/.babel/bin

Note: this works in Scientific Linux (Boron) 5.4 as well

Do
babel -L formats
to get a list of formats.

132. Ecce v 6.2 -- minor bug: nosymm in g09 input

Ecce 6.2 doesn't officially support Gaussian 09 as far as I know. However, they are compatible enough for a wide range of tasks.

However, if you use nosymm you will not be able to see orbital occupancy:

#P rb3lyp/6-31++g** 5D 7F Opt=() Freq=() Punch=(MO) Pop=() scrf=(pcm, solvent=dichloromethane)

vs

#P rB3LYP/6-31++g** 5D 7F Opt=() Freq=() Punch=(MO) Pop=() scrf=(pcm, solvent=Dichloromethane) nosymm

131. Sort of Fixed: Gnome-screenshot (3.4.1) broken in debian testing -- how to fix it

UPDATE 9/6/2012: It's becoming incrasingly difficult to revert back to the old version of gnome-screenshot, hence the changed title of the post. I can't believe the gnome-screenshot hasn't been reverted back to a more sane behaviour -- any behaviour that leads to a score of bug reports (remember that there's a lot of self-censorship as few people submit bug reports even if they encounter a bug) is highly undesirable. I would not include screenshot in my posts if I hadn't already put a hold on my gnome-screenshot package. Anyway, keep an eye on this one for (a lack of) updates: https://bugzilla.gnome.org/show_bug.cgi?id=669629

Original post
Something weird happened after the updates today (http://verahill.blogspot.com.au/2012/05/todays-3rd-of-may-2012-debian.html). When taking screenshots I didn't get a save dialogue.

I naturally presumed this to be a crippling bug:

gnome-screenshot

** (gnome-screenshot:8520): WARNING **: Unable to use GNOME Shell's builtin screenshot interface, resorting to fallback X11. Error: GDBus.Error:org.freedesktop.DBus.Error.Failed: Error: Expected type utf8 for Argument 'filename' but got type 'boolean' (nil)

After reading bug reports I noticed that a new screenshot shows up in the ~/Pictures folder -- but you get no dialogue re saving and name etc, so I might be forgiven for thinking that it didn't work at all. Yet, something was clearly out of whack.

A bit of googling led me here https://bugs.launchpad.net/ubuntu/+source/gnome-screenshot/+bug/929536

which pointed me to this: https://bugs.launchpad.net/ubuntu/+source/gnome-screenshot/+bug/927952 and this: https://bugzilla.gnome.org/show_bug.cgi?id=669629

Here's the source of it all: http://git.gnome.org/browse/gnome-screenshot/commit/?id=3bbc1e158fd58ec7f4f984f6d3c15ec95e65a035

Yes. The broken behaviour is a design feature. It's idiotic.

I like gnome-shell now that I've customized it. But seriously, what the gnome devs want as default behaviour can only be considered as broken behaviour by any long term desktop user. This new behaviour is idiotic and will only benefit those who don't use screenshot very often -- those who do will definitely want control over where screenshots are saved and under what names.

The worst, intended 'solution':

If I would guess at the intentions of the gnome dev/s, they'd suggest you map your print scrn key to gnome-screenshot -i. This brings up a dialogue. Asking you to select full screen, window or area. You can then click on take screen shot, and you then get the save dialogue. Suddenly it got a lot less convenient. Something that was quick and easy now has become clunky.

The better solution:

I used the snapshot archive:

http://snapshot.debian.org/package/gnome-utils/3.2.1-3/#gnome-screenshot_3.2.1-3

1. Download the previous version, e.g.

wget http://snapshot.debian.org/archive/debian/20120313T034114Z/pool/main/g/gnome-utils/gnome-screenshot_3.2.1-3_amd64.deb

2. And install

sudo dpkg -i gnome-screenshot_3.2.1-3_amd64.deb

dpkg: warning: downgrading gnome-screenshot from 3.4.1-1 to 3.2.1-3.

3. Prevent the package from being upgraded again:

sudo su

echo "gnome-screenshot hold"|dpkg --set-selections

The behaviour should now be back to usable.

This post contained no screenshots. For obvious reasons.

Links to this post:
http://qfox.nl/notes/153

130. Today's (3rd of May 2012) debian wheezy/testing updates -- Confused

You may want to be careful if you do dist-upgrade today.

Today
sudo apt-get dist-upgrade
gave

The following packages will be REMOVED:
gnome gnome-desktop-environmentThe following NEW packages will be installed:
gir1.2-gdesktopenums-3.0 iputils-tracepath
The following packages have been kept back:
libboost-date-time-dev libboost-dev libboost-regex-dev libboost-signals-dev libgl1-nvidia-glx libmono-winforms2.0-cil nvidia-alternative nvidia-glx nvidia-kernel-dkms nvidia-vdpau-driver python-pyatspi2 xserver-xorg-video-nvidia
The following packages will be upgraded:
gnome-core gnome-nettool gsettings-desktop-schemas gsettings-desktop-schemas-dev

No worries there, so I continued.

However, having seen the removal of gnome, gnome-core etc. cause issues before (http://verahill.blogspot.com.au/2012/04/fixed-no-internet-on-old-dell-after.html) I did
apt-get -s autoremove
afterwards.

The following packages will be REMOVED:
abiword abiword-common abiword-plugin-grammar abiword-plugin-mathview aisleriot cheese ekiga file-roller gdebi gedit gedit-common gedit-plugins gir1.2-gdata-0.0 gir1.2-goa-1.0 gir1.2-gucharmap-2.90 gir1.2-javascriptcoregtk-3.0 gir1.2-rb-3.0 gir1.2-tracker-0.14 gir1.2-webkit-3.0 glchess glines gnect gnibbles gnobots2 gnome-cards-data gnome-documents gnome-games gnome-games-data gnome-games-extra-data gnome-nettool gnome-sudoku gnome-video-effects gnomine gnotravex gnotski gnuchess gnuchess-book gnumeric gnumeric-common grilo-plugins-0.1 gtali hamster-applet iagno iputils-tracepath libabiword-2.9 libatk-adaptor-schemas libboost-date-time1.49.0 libboost-serialization1.49.0 libboost-signals1.49.0 libcec1 libdmapsharing-3.0-2 libgdome2-0 libgdome2-cpp-smart0c2a libgexiv2-0 libgpod-common libgpod4 libgrilo-0.1-0 libgtkmathview0c2a libgupnp-av-1.0-2 libhal-storage1 liblink-grammar4 libmagick++4 libmagickcore4 libmagickcore4-extra libmagickwand4 libminiupnpc5 libnatpmp1 libnet1 libnfs1 libopal3.10.4 libots0 libpt2.10.4 librhythmbox-core5 libwv-1.2-4 liferea liferea-data link-grammar-dictionaries-en mahjongg media-player-info minissdpd python-evolution python-wnck quadrapassel rhythmbox rhythmbox-data rhythmbox-plugin-cdrecorder rhythmbox-plugins seahorse shotwell simple-scan sound-juicer tcptraceroute telepathy-idle transmission-common transmission-gtk unoconv xdg-user-dirs-gtk
... 97 to remove and 12 not upgraded.

Yeah, that doesn't sound good - I use seahorse, ekiga etc.

If the package version is given (libboost-date-time1.49.0) it's often ok to remove. But removing un-versioned packages is a better indication of something major being underway.

Anyway, taking a quick gander at gnome-desktop-enviroment which got removed:

Package: gnome-desktop-environment
State: not installed
Version: 1:3.0+8
Priority: optional
Section: gnome
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Architecture: all
Uncompressed Size: 43.0 k
Depends: gnome (>= 1:3.0+8)
Description: The GNOME Desktop Environment - transitional package
This is the GNOME Desktop environment, an intuitive and attractive desktop.

This meta-package is obsolete and has been replaced by “gnome”.

Then checking gnome (which also got removed):

Package: gnome
State: not installed
Version: 1:3.0+8
Priority: optional
Section: gnome

Seems like gnome got marked for removal although it shouldn't have been.

sudo apt-get install gnome
followed by
sudo apt-get -s autoremove

The following packages will be REMOVED:
dasher dasher-data gnome-accessibility-themes libboost-date-time1.49.0 libboost-serialization1.49.0 libboost-signals1.49.0 libcec1 libgail-gnome-module libhal-storage1 libmagick++4 libmagickcore4 libmagickcore4-extra libmagickwand4
libnet1 libnfs1 tcptraceroute
0 upgraded, 0 newly installed, 16 to remove and 12 not upgraded.

Which makes a lot more sense.

Ergo, be careful when you use autoremove -- sometimes it will kill your desktop. Keep an eye at what dist-upgrade does.

02 May 2012

129. Thunderbird 12.01 on debian

First build thunderbird
wget ftp://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/12.0.1/source/thunderbird-12.0.1.source.tar.bz2

Install dependencies
sudo apt-get install libdbus-glib-1-dev gir1.2-notify-0.7 libnotify-dev yasm checkinstall libzip-dev zip

Remove the previous version and make sure that there's no existing comm-release directory
rm comm-release/ -rf
tar -xvf thunderbird-12.0.1.source.tar.bz2
cd comm-release/
./configure --disable-necko-wifi

The next step will take a little while (30-60 minutes on a slow computer)
make

And then install
sudo make install

Then install add-ons:
Lightning 1.4 (Sunbird is being discontinued)
Provider for Google Calendar 0.9 (otherwise you won't be able to dismiss calendar reminders)
Engimail 1.4.1 (see http://verahill.blogspot.com.au/2012/05/encrypting-your-email-chat-and-phone-in.html)

128. Encrypting your email, chat and VOIP in linux (Debian Wheezy)

I'll show how to use GnuPG with Gajim, mcabber, Evolution, Thunderbird and Mutt below
.
I'll also show SRTP/ZRTP using Twinkle with iinet for encrypted VOIP calls -- this solution should work computer-to-computer, but not from computer to phone and vice versa.

You may also want to look at truecrypt (http://verahill.blogspot.com.au/2012/04/using-truecrypt-with-dropbox.html) to secure your files and/or devices, in particular portable storage media like USB sticks. Truecrypt is a good way of backing up or managing your pgp/gpg keys.

I do recognise that there's a lot of info on this page, so don't feel shy about using 'search' to get to where you want to be.

Why?
If you have nothing to hide, why worry?

University and company email systems get hacked. What you do and say can come back to haunt you in unintended way. A lot of employers in the US are scared of submitting honest letters of recommendation because they fear getting sued if they are not favourable enough. Politicians are, often illegally, using private email for official business.

On the one hand, if something doesn't pass the 'newspaper test' (how would you feel if this was the headline on today's newspaper?) maybe you shouldn't be doing/writing/saying that.

On the other hand, in particular in academia, it is important that discourse can be direct and honest.

For these reasons I favour using PGP/GPG encryption as much as possible, since I feel that it strikes a good balance between the need for privacy and unfettered discourse, and the need for a paper trail. PGP/GPG encrypts the content of your conversation, but still leaves it open with whom you converse, thus providing a trail ensuring that you don't get involved in something which you shouldn't.

In some jurisdictions this means that you can be ordered to decrypt your conversation, while, to my understanding, in e.g. the US the content and relevance of the conversation needs to be known to some extent for this to happen. The bottom line is that you will be involved in the release of the material, and that it will take a court order for that to happen.

As with everything else, encryption is just a tool, and it can be used responsibly for good purposes, or irresponsibly with bad intent.

And if even you truly don't have anything to hide, you may support the right for each citizen to decide for themselves whether they want to use encryption or not. The view of law enforcement in many countries seems to be that only criminals have reasons to use encrypted communication, while at the same time security/intelligence agencies believe that their job becomes more difficult to do if they can't sniff all traffic (e.g. ECHELON). These are legitimate opinions, but as with everything you have to make a choice between how much liberty you are willing to sacrifice for a little bit of security. You have to decide for yourself where you draw that line.

Enough meaningless banter, time to get configured.

1. IMPORTANT

The key KEY principle is that:
1. the PUBLIC key ENCRYPTS
2. the PRIVATE key DECRYPTS.

You can encrypt with a private key (e.g. signing), but then anyone with your public key can decrypt it.

I'll write this in bold because it is central to encryption with public and private keys:
use the recipients PUBLIC key to encrypt correspondence to them, and they should use your public key to encrypt correspondence to you. If a private key is used to encrypt, everyone can read the correspondence.

IF, on receiving an encrypted email from someone else, you have to go online to download their key to decrypt, then they used their private key and not your public key to encrypt. That is wrong and INSECURE.

A side effect is that,UNLESS you cc and encrypt to yourself using your public keys when emailing, you WILL NOT BE ABLE TO READ SENT EMAILS which have been encrypted using someone else's public key.

In a more formal setting you will probably want to use expiring keys. For personal use, keys that don't expire are probably fine.

2. How?

2a. Keys and key-management

First install seahorse, gnupg, and gnupg2.

Regardless of how you create your key, it will be found in ~/.gnupg

ls ~/.gnupg/

gpg.conf pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg

This means that anyone with root/sudo access on that system can access your private key and decrypt all your correspondence unless you password protect it. In general, don't store your key on a shared computer.

Creating a key

using gpg (terminal)

gpg --gen-key

gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
[..]
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) Y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: I Lindqvist
Email address: i.lindqvist@email.net
Comment: fake address
You selected this USER-ID:
"I Lindqvist (fake address) <i.lindqvist@email.net>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

You'll get asked for a passphrase twice. Then:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 283 more bytes)

..+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 109 more bytes)
.....................+++++
gpg: key 2B4C5636 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/2B4C5636 2012-05-02
Key fingerprint = 5B71 C3F1 0C2D E008 B299 21A8 019F 907E 2B4C 5636
uid I Lindqvist (fake address) <i.lindqvist@email.net>
sub 2048R/78F9B6C1 2012-05-02

gpg --list-key

/home/me/.gnupg/pubring.gpg
-----------------------------
pub 2048R/2B4C5636 2012-05-02
uid I Lindqvist (fake address) <i.lindqvist@email.net>
sub 2048R/78F9B6C1 2012-05-02

To add more email address, do
gpg --edit-key 2B4C5636
>adduid
and follow the prompts. You do not want to add subkeys.

Do
>trust
to set the trust level. Ultimate for your own key, full for your pals.

using seahorse:
if it isn't already installed, then
sudo apt-get install seahorse

and start it by typing seahorse in the terminal, or selecting Passwords and Keys in gnome. Select New

PGP key

Add details

You can add additional addresses later by selecting your key and right-click, then select Properties

Publish your PUBLIC key:
You can either do this directly using seahorse (very easy), or, if you prefer a more manual approach:

gpg --export -a

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQENBE+gt4IBCADPY9CyEr1aqU1uqOKquwFOUgsiLNV7pYRLKkTa3hki/8Zz0Ssr
16DIvuO5dGQVsDu712E2FaW3FSzThzPBW9R9z1WNHjZUWtRu78WVNyJJ3WwjJFWV
hmA9kmWzFn14pcqzeD6RAkpK7YrKENu05A2vWB47mWFxlysCxo8VdPoj/uEG0Cvw
BHNrI8raVarwWOPPZiVTp7nbbHySQxZjJTpdR5bEFH+L1AqA3T0YG5FdXryGFXG0
DMLPD3mCSZHoT27WRH4l8mH7K25m6ONUV8u6JDLtSy/WAi9J2nGo5K5r/OetDqe7
zTOaQk7u+WyTxK41nzNk/NRVAUlcc7aM7WXFABEBAAG0MkkgTGluZHF2aXN0IChm
YWtlIGFkZHJlc3MpIDxpLmxpbmRxdmlzdEBlbWFpbC5uZXQ+iQE4BBMBAgAiBQJP
oLeCAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRABn5B+K0xWNtxlB/9K
GAq9Q8YlZjKOnOx2jZWRqE6dHZ5BjNX24SmsVWf0jpEIP1Bj699QiWxxEYeIc2S7
E0vm3G323oEHfiGUlTpqi4piCnrEgm63JKNGWKamKBkYBTvygRFRC7DUWhB6kwP3
FmOU8SMR9+8lSei6IJoRlJUThdF3gWLiNnQtDDowjQL2gIHvh+Ht/geC+fDtN0i5
R7yGUOyIicYDa04dSsX5LZJneouIavNYulTpJc0wth6GOrzAbitVsfdQ84O/Q/Ld
lyI6HSzz/QNDuY2YkAPiejapHBtBP9LukBvFChfkiwNv+RPG9VE8zm0vIg9ylmaf
Fbe1CrawAsjQDM8f1KEtuQENBE+gt4IBCADK5PJMH0I8CB1RoMLo13Ewd8tFoIYu
bXIuV2RpUCTwxOA1nbKiJUrZP0Dxe0aK6GXspEzRtYjpT2QdIvdYsHrr85V4+AsJ
BFQ3ehp6XW2NtyECQyzYlUm4Yo06EU128E0whfeK42b+egWazOrdnt9QKlZCP5lz
UU8L9zJiDI64old79AkbRm7mKdH6uIAwkPG3Eft+2H312MkRGfmiJ/Eq/HQO8ygo
pcg93kqU9RrI8xwfO5plqF9yc9iNzrgDu8iuOPSxYuJtG3cj0W4CzuwLRzMnWFXO
CQpcCWF38/a2HTrXCxA5QAf0Td3P7zc7eZd6JhpzNTTJ7zQeeQreKjhfABEBAAGJ
AR8EGAECAAkFAk+gt4ICGwwACgkQAZ+QfitMVjbn2Af/SURRS72DJ66F0Gpt9bIe
p2zr98c+W4bPru7fVg4uOAxz95H1vK65kX7jZ+9M5yqHGqLNxmVcUcVhbXS+Fkik
LoBxLezU7s1bC40HSFPu00IQQxiH5jv9Dd/kqP16oel+JVGDwmRXFWXqByaWaaNm
6JYHYcCH6B4UwSpSRiwJScbTWsvxq9+WVAUO730FwGy3BYnZAXNeibV2/bbtZbz6
P23zyitFqOizuafvwFIS9pGvbL3pmUkQne0dF1OGhfhsdczZi+LVhnKy6iOy7lTx
6saK149HMndyLNOlS8pmJez2ULXF/fijLlrXAi3zr8a2UFkpYPEIj+emkeFpAGiE
mQ==
=VnnT
-----END PGP PUBLIC KEY BLOCK-----

Then copy/paste it into the front page at pgp.mit.edu

2b. Chat

Gajim
Gajim is seven kinds of awesome, but is primarily used for jabber-compatible protocols. This means gmail gmx, etc.

To set up encryption for an address, go to Edit, Accounts, select the address and go to the Personal tab.

GPG Agent is broken on Debian, so don't use that.

Before you use gajim to encrypt chat you may need to rightlick on the recipient and assign the correct key:

Once all that is done, encryption is easy.

mcabber
Mcabber is a terminal chat client and that makes configuration very easy.
Edit ~/.mcabber/mcabberrc and add (or uncomment):

set pgp = 1
set pgp_private_key = "06403515C1XXXX6B"
set pgp_passphrase_retries = 3

The private key ID is much longer than what you may be used to -- you can look it up using seahorse. pgp.mit.edu will also report it if you've uploaded your public key:

Anyway, start mcabber, select the contact you presumably already have a key for and type:
/info

05-02 16:02 *** jid: <xxx.xxxxx@xxxx.xxx>
05-02 16:02 *** Name: xxxxx at xxxx
05-02 16:02 *** Type: user
05-02 16:02 *** Subscription: both
05-02 16:02 *** Resource: [o] (50) Gajim76E72461
Status timestamp: 2012-05-02 16:02:09
PGP key id: 06403515C1XXXX6B
Last PGP signature: good

The contact is recognised and you have their key. So, you should be able to simply start chatting.

Switch encryption on and off using
/pgp enable
and
/pgp disable

So how can you tell whether it's encrypted or not?

05-02 16:02 -~> This is encrypted

05-02 16:09 --> This is not encrypted

Yup. A ~ makes the difference.

Received encrypted messaged look like this:
05-02 16:12 <~= encryption the other way

2c. E-mail

Evolution
Evolution supports integration with gnupg out of the box, but each email address needs to be configured separately. Start evolution, click on Edit, select Preferences, Mail Accounts, highlight the email address you want to configure, click on Edit. Select the Security tab in the Account Editor and type in the key ID.

When you're composing, this is what meets you:

You will have problems encrypting to people who's keys haven't been associated properly with the email address you're composing to.

Thunderbird
Thunderbird isn't as well-supported for PGP/GPG as evolution but there's an add-on, Enigmail 1.4.1 (you might have to download it manually from http://enigmail.mozdev.org/download/index.php.html), which is compatible with Earlybird/Thunderbird 11. The downside on using an add-on is that compatibility sometimes breaks.

The key here is the 'GnuPG was found...' bit. To gain access the tabs below you can click on Display Expert Settings.

Once you've installed enigmail via the add-on menu and restarted, you can set the preferences:

Most options are straight-forward

You may need to set the key manually if the email address isn't explicitly associated with an address.

Go to Edit, Account Settings, and uncheck use html under Composition and Addressing for each address. Partly because signing will work better, but mainly because you have no reason to use html. Ever.

And this is how it looks when you are composing emails:

You can choose to sign and/or encrypt emails from simple menu.

Mutt

The key ID is C1XXXX6B. Edit your .mutt/muttrc file and add (the field which need to be edited are given in red below):

# GPG stuff - autosign
set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"
set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xC1XXXX6B -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xC1XXXX6B -- -r %r -- %f"
set pgp_import_command="gpg --no-verbose --import -v %f"
set pgp_export_command="gpg --no-verbose --export --armor %r"
set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r"
set pgp_autosign=yes
set pgp_sign_as=0xC1XXXX6Bset pgp_replyencrypt=yes
set pgp_timeout=1800
set pgp_good_sign="^gpg: Good signature from"

In mutt, p is associated with gpg/pgp:

In mutt, write your email in vim or nano, then exit the editor and hit p. Select e to encrypt:

And it now shows 'Security: Encrypt', and you can send.

Encrypted VOIP
While skype encrypts by default, skype isn't 'open', and you are not in control.

For twinkle (below), you need a sip address. You sometimes have one via your ISP, but you can also get one for free from e.g. https://www.ekiga.net/index.php?page=register

Twinkle and ccRTPp are available in the debian repos.
sudo apt-get install twinkle
pulls in everything you need

Next, start twinkle and configure it:

The only interesting step is this one:

Select ZRTP/SRTP

Next log in:

My guess is that you need to include the country code. Don't forget to drop any leading 0s off the area code (the scatter brained cause of the failed call listed in the log below)

127. It's that time again...

Linux is dead on the desktop, only 1%, barely a blip etc. etc.

Well, 1% is still a truck-load of people. In fact, it's quite a number of truck-loads, with it being in the 10s of millions of people.

Anyway, every time a website needs to boost their visitor numbers (Why? If no-one cared and there were no linux users, how could this possibly boost the number of visitors? Shouldn't it go the other way) you get one of those Linux + Desktop = dead/lost/flop stories.

I don't want to include links more than absolutely necessary.

Most of those types of stories are ill-informed -- someone discovers that Linux != Windows. Usually they include something along the lines of you needing to be a programmer to use linux (Why programmer? SysAdmin would make a lot more sense. I don't think linux is the preferred dev env for e.g. C# or cocoa). But once in a while you come across something that is not just ill-informed, but ill-willed.

Like this:
https://www.networkworld.com/news/2012/043012-linux-desktop-258724.html?page=1

Yes, I really shouldn't link to it.

In this article which reminds me more of a thinly veiled press release, someone from this company is given the opportunity to belt out some remarkable statements. That company has a long history of doing lobbying on behalf of Microsoft. Why the 'journalist' at networkworld.com played along puzzles me though. Other people are interview too however, and it's not particularly impressive.

Some snippets:

A very minor one is

But, as the old saying goes, it's "free as in puppy, not free as in beer.

What about free as in speech?

A very major one:

You have to switch to the new version of Linux every year," he says. "Microsoft supports each version of Windows for ten years."

Really? REALLY? And he then goes on to say that at least Microsoft supports free security fixes without you having to pay for support.

This one gives a good idea of the purpose of the article
... is a myth, he adds, one of many myths surrounding Linux deployment.

Approaching a tautology:
Plus, most professionals tend to be familiar with the leading commercial software products for the work that they do

1. That something is 'leading' doesn't mean anything in terms of quality or it being the best tool for the job.

2. The main drawback of e.g. Libreoffice vs Microsoft Office is the moving goal-post of file compatibility, and that is entirely artificial. The products are, as far as I can tell (I use latex), identical. But since more people use office (see the introduction of .docx as an example of microsoft breaking backward compatibility on purpose to get the upgrades going) it forces everyone else to use the same exact tool. Document standards and adherence to them (MS has a way of ignoring their own standards to prevent full compatibility) would erase this hurdle.

3. What's the real cost of training? It's always presumed to be high, but is it? This is of course something that will depend on a lot of factors, and I do not have an answer. But I suspect that in the case of Libreoffice vs MS Office it is negligible.

And more:

"The problem is that things like custom billing apps, SAP, desktop productivity apps from Adobe and industry-specific apps are developed solely for the Windows desktop,"

This is true. And it is why companies are waking up to find themselves locked in -- it's a great argument in favour of not repeating the same mistake, but to use open source tools instead.

This extrapolation I find very difficult to believe:

According to Gartner's Silver, a typical organization will have one application for every 10 users, and, today, about half of those applications require the Windows operating system.
"That percentage has been declining, but still, it's pretty high," Silver says. "So if I have 10,000 users, and 1,000 applications, 500 of those applications will need Windows to run."

Also, what about equivalent, rather than identical, pieces of software?

And then another stinker:

"A typical thing in a Windows setting is to establish some usage policies, and set up some limitations on the systems to keep them stable. Linux doesn't have those types of standards out of the box."

Really? Even the default file systems in linux have user management built in -- and on top of that you have group, group membership and incredibly fine-grained control over rights and device access. Windows is a PITA for this.

Well, at least they didn't use the word 'hobbyist' even once in the piece...

30 April 2012

126. linux ssh examples: rsync across portforwarded ssh and helping remotely via ssh behind firewalls

Even bog-standard ssh is pretty neat, since there's little that can't be done in the terminal. However, firewalls can be annoying and if you set somebody up with linux you will have to be prepared to support them for years to come -- at least with debian wheezy the odd breakage happen, and people tend to be less forgiving with linux problems than with windows problems.

Anyway.

1. rsync across a server
A can connect to B, B can connect to C. A can't connect directly to C. B and C can't connect directly to A. B and C can connect to each other either direction. An example is when B is your home router and C sits on your local network, while A has a public IP but sits behind a corporate firewall.

You want to rsync from A to C

On A, do
ssh user_at_B@B_ip_address -L 5555:C_ip_address:22
then in another terminal
rsync -avz --progress --stats -e "ssh -p 5555" /home/user_a/work user_c@localhost:/home/user_c/Documents

2. Helping someone in the terminal across a server
A and C can't connect to each-other. A and C can both connect to B. B can't connect to A or C. A wants to connect to C to start e.g a screen session to help out. An example is when both users A and C can connect to a lab router from their respective home, but their ISPs are preventing direct ssh access between them.

Setting up reverse ssh, on C, do
autossh -R 19998:localhost:22 user_B@B_ip_address

Connecting from A to C, do
ssh user_B@B_ip_address -L 19999:localhost:19998
then in another terminal
ssh user_C@localhost -p 19999

You can then set up a screen session to both help and teach.
http://verahill.blogspot.com.au/2012/02/debian-testing-wheezy-64-attach-to.html
http://verahill.blogspot.com.au/2012/03/fun-with-gnu-screen-setting-up-screenrc.html

28 April 2012

125. Fixed: No internet on old Dell after debian testing upgrade

The situation:
I remotely dist-upgraded someone's old Dell laptop (Inspiron 6000). They were running Wheezy, but had not done a full apt-get upgrade/dist-upgrade since January. After a reboot, the laptop would not connect to the internet via either the wired or wireless interfaces.

ip addr and ifconfig showed three ifs:
lo
eth0
eth1

NOTE: A simple reason why you don't have wireless is because you'll need firmware-iwlwifi -- make sure you've enabled non-free and contrib in your repos.

The solution:
Adding

auto eth0
iface eth0 inet dhcp

to /etc/network/interfaces and commenting out

allow-hotplug eth0

followed by executing
sudo service networking restart && sudo service network-manager restart

brought up the wired interface, allowing for installation of packages and remote help. These instructions are simple enough for most to follow and can get you back in the driver's seat.

Next, I installed the wicd packages (wicd-curses, wicd-cli etc.)
sudo apt-get install wicd-cli wicd-curses wicd-daemon python-wicd

-- at this point about 70 other packages got pulled in. Suspicious. I had seen that apt wanted me to autoremove a lengthy list of programs:

The following packages were automatically installed and are no longer required: python-crypto mono-2.0-gac python-tagpy libgnomekbd4 seahorse-daemon libboost-python1.46.1 python-pyasn1 libswscale0 libjs-jquery-ui python-twisted-core ekiga python-opengl rpm2cpio xsltproc pnm2ppa libavutil50 gnuchess-book gnome-nettool gnome-games-extra-data gnome-desktop-data libgnomepanel2.24-cil aisleriot gtali libglade2.0-cil libsushi-1.0-0 python-mako glchess libbabl-0.0-0 gir1.2-javascriptcoregtk-3.0 libgegl-0.0-0 ttf-sil-gentium libicu44 libraw2 libx264-116 libx264-118 tcptraceroute gir1.2-sushi-1.0 gnome-video-effects libcamel-1.2-23 python-clientform gnome-games gnome-session-canberra gdebi anthy-common anthy quadrapassel python-twisted-web libedataserverui1.2-11 update-manager-core gnobots2 libgnome-media0 libqtmultimediakit1 gnome-cards-data liferea-data libgraphite3 libmagickcore4-extra libglew1.6 rhythmbox bsh-gcj python-gdata gedit libnm-util1 xdg-user-dirs-gtk libgexiv2-0 python-gtksourceview2 gnome-office update-manager-gnome libwebkit-1.0-2 python-gtkglext1 xulrunner-5.0 libart2.0-cil libboost-program-options1.46.1 libminiupnpc5 libcamel1.2-19 librpmio2 update-notifier-common libpostproc51 librpm2 seahorse rpm-common libgnome2-perl libaccess-bridge-java-jni xulrunner-8.0 xulrunner-9.0 libnotify1 libaccess-bridge-java update-notifier python-mechanize libwebp0 libgnome2.24-cil libndesk-dbus1.0-cil gnome-media-common libgpod4 gnibbles libavformat52 rhythmbox-data libmono-cairo2.0-cil gedit-plugins libgrilo-0.1-0 zeitgeist-core system-tools-backends libboost-thread1.46.1 libgweather1 libgnome-bluetooth7 dasher python-configobj guile-1.8-libs shotwell libpolkit-gtk-1-0 libdmapsharing-3.0-2 python-serial gedit-common libboost-serialization1.46.1 libboost-date-time1.46.1 libgmime2.4-cil python-gnomedesktop software-center libopal3.6.8 python-pam python-openssl libhwloc3 libmono-i18n-west2.0-cil libgssdp-1.0-2 simple-scan gir1.2-webkit-3.0 libebook1.2-10 libqtlocation1 python-markupsafe libgck0 python-webkit libmono-posix2.0-cil bsh libedataserverui-3.0-0 rhythmbox-plugin-cdrecorder libgdata11 libhunspell-1.2-0 librhythmbox-core4 librhythmbox-core5 libgtksourceview2.0-common libmono-security2.0-cil libgtksourceview2.0-0 libgnome2-vfs-perl gnotski dasher-data libegroupwise1.2-13 libvpx0 libedata-cal-1.2-11 libnm-glib2 gnome-doc-utils libecal1.2-8 python-twisted-conch libgmime-2.4-2 python-louie libunique-1.0-0 libedataserver1.2-14 libpython2.6 libimobiledevice1 libedata-book-1.2-9 python-nevow gnome-games-data iagno glines media-player-info python-pysqlite2 libcupsdriver1 python-gnomeapplet libclutter-gtk-0.10-0 gnome-sudoku libslab0a libmagickcore4 tcl gir1.2-gucharmap-2.90 libmono-sharpzip2.84-cil libmagick++4 libmono-corlib2.0-cil python-epsilon libgnome-window-settings1 libgpod-common rhythmbox-plugins libv8-3.5.10.24 libv8-3.6.6.14 libcryptui0a ntfsprogs python-axiom libmozjs2d libquvi0 python-bugbuddy libmozjs5d gir1.2-rb-3.0 libtracker-client-0.10-0 liferea libpt2.6.7 libmozjs8d libmozjs9d python-coherence libmagickwand4 libchamplain-0.8-1 libgupnp-1.0-3 python-gdbm libchamplain-gtk-0.8-1 gnotravex gnome-netstatus-applet libnl1 libnl3 gnect libavcodec52 python-evolution libanthy0 libyajl1 liboobs-1-4 libgucharmap7 liboobs-1-5 mahjongg libndesk-dbus-glib1.0-cil libid3tag0 libraptor1 gnome-system-tools python-wnck libtracker-sparql-0.10-0 libgnome-desktop-2-17 libtracker-sparql-0.12-0 hamster-applet gnuchess libfreerdp0 libgnome-vfs2.0-cil min12xxw libwebkit-1.0-common minissdpd transmission-common libgtkglext1 libnatpmp1 libnet1 python-twisted-bin libmatroska4 libgupnp-igd-1.0-3 libmono-system2.0-cil libgnome2-canvas-perl file-roller libxalan2-java-gcj transmission-gtk python-rdflib sound-juicer gnomine

and suddenly it made sense:

aptitude search gnome-core

pB gnome-core - The GNOME Desktop Environment -- essential components

Basically, it seems that gnome got 'uninstalled' (technically just the meta package) -- most of the files related to it won't get removed until you do apt-get autoremove, but it's crippled enough to reduce functionality.
At least that was my thesis.

sudo service network-manager stop
sudo wicd-curses eth1

showed no wireless networks. Something not right.

Make sure the system is really up to date, then reboot, and have another go at it:
sudo apt-get update && sudo apt-get upgrade
which pulled in some glib-networking-* packages.
sudo apt-get install gnome gnome-core
sudo shutdown -r now

After boot
sudo service network-manager stop
sudo wicd-curses eth1

et voilá -- I do get a list over the local wireless networks. There's still a worrying list over stuff when you look at what would be autoremoved (e.g. apt-get -s autoremove)

Rebooted and the wireless interface seems to be handled ok by network-manager.
There is still a number of packages marked for autoremove, so...
sudo apt-get autoremove

System seems to work ok still.
sudo apt-get install update-manager-gnome update-notifier

And my job is done.

Here's the final /etc/network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth1
#NetworkManager#iface eth0 inet dhcp
#allow-hotplug eth1
auto eth1
#iface eth1 inet dhcp
auto eth0
iface eth0 inet dhcp

23 April 2012

124. gnome-activity-journal and zeitgeist

It may not be advertised widely, but zeitgeist + journal might help save your behind when you're in a hurry and can't find a file.

aptitude show zeitgeist
" Zeitgeist is a service which logs the user's activities and events (files opened, websites visited, conversations held with other people, etc.) and makes the relevant information available to other applications."

And that it does. A service without an interface isn't terribly useful -- so you will want to install gnome-activity-journal as well.

Chances are that zeitgeist is already running on your system, so that you only need to install gnome-activity-journal, which is present in the repos, and then you'll get access to all the old data you've been accumulating.

22 April 2012

123. Adding python support to nwchem under debian

I've posted the general build instructions for nwchem 6.0 with mpi support here: http://verahill.blogspot.com.au/2012/03/nwchem-60-with-openmpi-support-on.html

However, those instructions don't include python support.

0. Download, extract nwchem and install blas etc. as shown in http://verahill.blogspot.com.au/2012/03/nwchem-60-with-openmpi-support-on.html

1. Edit nwchem-6.0/src/config/makefile.h
Change line 1962 from

EXTRA_LIBS += -lnwcutil -lpthread -lutil -ldl

EXTRA_LIBS += -lnwcutil -lpthread -lutil -ldl -lz -lssl

2. Install python headers
sudo apt-get install python2.7-dev

3. Execute the following commands (one by one or by putting them in a shell script)

export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=`pwd`
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all python"
export PYTHONHOME=/usr
export PYTHONVERSION=2.7
export USE_MPI=y
export USE_MPIF=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH=$LIBRARY_PATH:/usr/lib/openmpi/lib
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"
cd $NWCHEM_TOP/src
make clean
make nwchem_config
make FC=gfortran

It should work fine and after a long build you'll have python enabled binaries.

4. Testing
You can test whether there's python support by creating test.nw with

python
for n in range(1,6):
print n, n*2,n**2
end
task python

and running it with

mpirun -n 1 nwchem test.nw

which gives

NWChem Input Module
-------------------

NWChem Python program
---------------------
for n in range(1,6):
print n, n*2,n**2
1 2 1
2 4 4
3 6 9
4 8 16
5 10 25
1 2 1
2 4 4
3 6 9
4 8 16
5 10 25
Task times cpu: 0.0s wall: 0.0s

Done.

Note:
for ROCKS/CENTOS it was not necessary to edit src/config/makefile.h

The relevant parts in the the build configuration are

export NWCHEM_MODULES="all python"
export PYTHONHOME=/opt/rocks
export PYTHONVERSION=2.4

Other than that, just follow http://verahill.blogspot.com.au/2012/03/building-nwchem-60-on-rocks-543centos.html

Error:
gfortran: error: /usr/include/python2.7/lib/python2.7/config/libpython2.7.a: No such file or directory

make: *** [all] Error 1

locate libpython2.7.a

/usr/lib/libpython2.7.a

/usr/lib/python2.7/config/libpython2.7.a

Reason:
export PYTHONHOME=/usr/include/python2.7

Solution:
export PYTHONHOME=/usr

Error:

In function `PyZlib_compress':

(.text+0x1540): undefined reference to `deflateEnd'

Solution:
http://www.emsl.pnl.gov/docs/nwchem/nwchem-support/2012/02/0065.Re:_NWCHEM_undocumented_compilation_flag

Edit nwchem-6.0/src/config/makefile.h
For LINUX64 look at lines 1960-1964

1960 ifeq ($(BUILDING_PYTHON),python)
1961 # EXTRA_LIBS += -ltk -ltcl -L/usr/X11R6/lib -lX11 -ldl
1962 EXTRA_LIBS += -lnwcutil -lpthread -lutil -ldl
1963 LDOPTIONS = -Wl,--export-dynamic
1964 endif

Change line 1962 to
EXTRA_LIBS += -lnwcutil -lpthread -lutil -ldl -lz -lssl

20 April 2012

122. DVB-T in VLC on Debian Wheezy

For some reason me-tv has stopped working properly today (20/4/2012)-- I can't change the channels, screen size or drop down the menus. In order to quit, you have to kill the application. Something's clearly amiss. (Edit 22/5/2012: seems to be this bug https://bugs.launchpad.net/ubuntu/+source/me-tv/+bug/958751 -- 09/01/2013: it's been fixed now ) kaffeine, although a KDE app, also works well, and is very simple to set up -- the EPG also works better than vlc.

This is Kaffeine, not VLC

This is me-tv, not VLC

Oh well.

Given that it's Friday night I had to come up with a quick fix.

I've got a Leadtek 1000 DTS, which lspci makes show up as
01:06.0 Multimedia controller: Philips Semiconductors SAA7130 Video Broadcast Decoder (rev 01)

See item 7 in http://verahill.blogspot.com.au/2012/01/debian-testing-64-wheezy-small-fixes.html if your card isn't recognised (Hint: enable PnP in the bios)

So, where's what I did:
1. Install gnome-dvb-*
sudo apt-get install gnome-dvb-daemon gnome-dvb-client vlc

2. Set up your tv card:
gnome-dvb-setup

This bit's easy. Just click your way through. Eventually you'll realize that while gnome-dvb sets up channels ok, it only support recording -- not tv watching. And the whole totem + gnome-dvb-daemon? Not working yet it seems.

3. Start vlc
vlc ~/.config/gnome-dvb-daemon/channels_DVB-T.conf

If all went well you are now watching TV!
You should have a list over channels in your playlist (ctrl+L).
The EPG support could perhaps be better (me-tv is awesome) but you'll find rudimentary listings by going to Tools/Program Guide.

As for me-tv...it might be the same as this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667731

Looking at /var/cache/apt/archives I don't see anything obvious:

-rw-r--r-- 1 root root 23232372 Apr 16 05:18 linux-image-3.2.0-2-amd64_3.2.15-1_amd64.deb
-rw-r--r-- 1 root root 3505210 Apr 16 05:18 linux-headers-3.2.0-2-common_3.2.15-1_amd64.deb
-rw-r--r-- 1 root root 572064 Apr 16 05:18 linux-headers-3.2.0-2-amd64_3.2.15-1_amd64.deb
-rw-r--r-- 1 root root 244210 Apr 17 07:32 libtag1-vanilla_1.7.1-2_amd64.deb
-rw-r--r-- 1 root root 9132 Apr 17 07:32 libtag1c2a_1.7.1-2_amd64.deb
-rw-r--r-- 1 root root 195492 Apr 18 03:33 libservlet2.5-java_6.0.35-3_all.deb
-rw-r--r-- 1 root root 1348610 Apr 18 08:18 netpbm_2%3a10.0-15+b1_amd64.deb
-rw-r--r-- 1 root root 94438 Apr 18 08:18 libnetpbm10_2%3a10.0-15+b1_amd64.deb

(I use my own kernel and not the debian one)

Here's my current channel_DVB-T.conf list (Melbourne, Victoria, Australia):

ABC News 24:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:2314:0:560
ABC1:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:512:650:563
ABC2 / ABC4:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:2307:2308:562
ABC3:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:2311:2312:564
ABC Jazz:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:0:2318:567
ABC Dig Music:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:0:2317:566
ABC1:226500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:512:650:561
GO!:191625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:517:700:1074
GEM:191625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:512:0:1073
Nine Digital:191625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:519:720:1072
EXTRA:191625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:520:730:1075
ONE:219500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:514:0:1585
TEN Digital:219500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:512:650:1589
ONE:219500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:514:0:1591
ELEVEN:219500000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_3_4:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_16:HIERARCHY_NONE:516:681:1592
SBS ONE:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:161:81:785
SBS HD:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:102:103:789
SBS TWO:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:162:83:786
SBS 3:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:161:81:787
SBS 4:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:161:81:788
SBS Radio 1:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:0:201:798
SBS Radio 2:536625000:INVERSION_AUTO:BANDWIDTH_7_MHZ:FEC_2_3:FEC_NONE:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:0:202:799

7:177500000:INVERSION_OFF:BANDWIDTH_7_MHZ:FEC_2_3:FEC_2_3:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:769:770:1328
7 Two:177500000:INVERSION_OFF:BANDWIDTH_7_MHZ:FEC_2_3:FEC_2_3:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:769:770:1330
7 Mate:177500000:INVERSION_OFF:BANDWIDTH_7_MHZ:FEC_2_3:FEC_2_3:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:769:770:1331

121. Connection to remote server via an intermediary server

We have three computers: A, B and C

A is our desktop. C is a remote computer we want to connect to. B is a server in the middle.

For various reasons we want to first connect from A to B, then from B to C. A scenario is where C is behind a firewall bridged by B.

A specific scenario is this:
I have a linksys router, e.g. Terbium.internet.com, which manages the network in a lab. There are several computers on the network in the lab behind Terbium: Sulfur, Phosphorous, Oxygen (192.168.1.106) etc.
My home computer is Niobium.

Terbium is a linksys router (W54G) running tomato and you have to log in as root using a keyfile.
Oxygen is a debian box where I have a personal account as user verahill.

The ugly method:
In the same terminal on computer Niobium do
ssh root@terbium.internet.com
ssh verahill@192.168.1.106

This works fine for working remotely on oxygen (192.168.1.106). However, file transfer is a pain

The pretty method:
In one terminal on Niobium, do

ssh root@terbium.internet.com -L 9999:192.168.1.106:22

In another terminal on Niobium, do

ssh verahill@localhost -p 9999

Basically, all traffic to port 9999 on niobium is forwarded to port 22 on Oxygen -- not terbium.

The cool thing? File transfer is a breeze (via sftp using e.g. filezilla)!

It really is that simple

Web tunnel
to browse the internet via a tunnel it's still easier to do
ssh -C -D 9889 root@terbium.internet.com
and set your browser to use a SOCKS proxy -- point it to localhost, port 9889.

Pages