Lindqvist -- a blog about Linux and Science. Mostly.

20 April 2013

393. Solved: XpressConnect on Ubuntu vs Debian. Extra focus on Swinburne university (AU/Melbourne)

Update 4. It's fixed now. There are two fixes:
1. XpressConnect wants ubuntu and checks for it via /etc/lsb-release, a file that doesn't exist on debian. Set it up to pretend that you're using ubuntu, and XpressConnect works.
2. Just configure the network connection manually. This is by far the easiest, as long as you know the settings.

Either way you'll need network-manager, lshw and wireless-tools in order to use XpressConnect. See towards the end of the post for more details.

Presumably this should work on any distro (e.g. arch, centos, rhel, sles), not just debian.

Update 3: Someone at Swinburne managed to connect to the Wifi without using XpressConnect by simply manually configuring the network: http://forums.debian.net/viewtopic.php?f=10&t=103387&p=494412#p494145

Original post:

Until a few days ago I'd never heard of XpressConnect before, but apparently it's a program that sets up your wireless connection automatically, and is used by a number of universities ( http://lmgtfy.com/?q=xpressconnect+site%3A*.edu)

In short, it works on Ubuntu (32 bit 10.04 lts) but not Debian (64 bit wheezy, 32 or 64 bit squeeze). Note that Ubuntu 10.04 has Gnome 2, as does Squeeze. Wheezy has Gnome 3.

Description
You don't need to be anywhere near a uni network to reproduce the issue -- anyone, with or without a wireless card, can test it.

Note: I generated the logs with a copy of XpressConnect downloaded from Swinburne, not the generic version -- hence why it says swinwifi etc.

On debaian, first make sure to install lshw and wireless-tools, and to add /sbin to path in the terminal you're using.

sudo apt-get install lshw wireless-tools
export PATH=$PATH:/sbin

The 'installation' is simple

cd ~/Downloads
wget http://hosted.cloudpath.net/Xavier/Production/tools/XpressConnect-Linux.tar
tar xvf XpressConnect-Linux.tar
./XpressConnect-DoubleClickToRun 

Will download x64 version...
--2013-04-18 21:11:16--  http://hosted.cloudpath.net/Xavier/Production//tools/XpressConnect-x64.tar.bz2
Resolving hosted.cloudpath.net (hosted.cloudpath.net)... 72.18.151.75
Connecting to hosted.cloudpath.net (hosted.cloudpath.net)|72.18.151.75|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6266475 (6.0M) [application/x-bzip2]
Saving to: `/tmp/XpressConnect-x64.tar.bz2'

100%[==============================================================================================================================>] 6,266,475    780K/s   in 10s     

2013-04-18 21:11:27 (600 KB/s) - `/tmp/XpressConnect-x64.tar.bz2' saved [6266475/6266475]

files
files/logo.jpg
network_config.xml
resources.properties
XpressConnect-x64

XpressConnect-DoubleClickToRun is a simple shell script that determines whether system is 32 or 64 bit, downloads a tar file to /tmp, untars it and launches a pre-compiled binary, XpressConnect-x64.
You can also launch XpressConnect-x64 directly by going to /tmp and running it.

Anyway, XpressConnect-x64 then makes sure that you have network-manager running, and tries to determine what your network card is. Based on this, /tmp/netdata.txt is generated. Once this is done, XpressConnect allows you to enter your credentials and sets up your network connection.
Well, that's what happens if you use ubuntu. On Debian (or Arch) you get an error message about 'network configuration' missing.

Delving a bit deeper into it, the binary fails to generate the netdata.txt on debian (and arch), and it seems to have to do with network-manager (or dbus, possibly).

The logs:
XpressConnect-x64 generates a log file (/tmp/xpressconnect.log).

On ubuntu it looks like this:

Looking for id : 266
Looking for id : 259
Setting start page.
Moving to widget 0.
Loading configuration page.
Starting configuration parse thread.
Acquire processing lock.
Building NIC data.
Starting configuration parser.
Validating checksum.
Checking license.
License validation checked out properly.
Today is : 04/19/2013
License expires :
The date validation checked out properly.
Checking for valid networks for this platform.
Only one network configuration found. Auto-selecting it.
Auto-selected network 'swinwifi'.
Interface : /org/freedesktop/NetworkManager/Devices/0 is in state 8
Interface : /org/freedesktop/NetworkManager/Devices/1 is in state 3
There were no interfaces found that could be autodetected for use. Checking that there are interfaces of the correct type available.
Found 1 possible interface(s).
Selected interface with object path of /org/freedesktop/NetworkManager/Devices/1
Int type : 2

Set profile index : 11

Going to page 3
Config parser terminated.
Set 'static' window labels.
---- Gathering Data ----
Parsing OS information...
Checking OS bit depth.
OS bits info : i686

OS is 32 bits.
Checking hardware information.
Looking for extra NIC data.
Found driver name for 'wlan0' from DBus.
- Driver : rtl8187
Couldn't get capabilities from DBus, trying the hard way.
Attempting to release lock.
Release processing lock.
Set welcome banners.
Using DBus UUID for client ID.
Using DBus UUID for client ID.
Client ID : f3af3f95c2229c756e98556050ed0cc4
Session ID : 6980532961366355275
Upload value (1) : 0
Moving to widget 3.

And on Debian:


Looking for id : 266
Looking for id : 259
Setting start page.
Moving to widget 0.
Loading configuration page.
Starting configuration parse thread.
Acquire processing lock.
Building NIC data.
Starting configuration parser.
Validating checksum.
Checking license.
License validation checked out properly.
Today is : 04/22/2013
License expires : 
The date validation checked out properly.
Checking for valid networks for this platform.
No valid networks found in the configuration.
Config parser terminated.
Failed to parse configuration.
Set 'static' window labels.
---- Gathering Data ----
Parsing OS information...
Checking OS bit depth.
OS bits info : x86_64

OS is 64 bits.
Checking hardware information.
Looking for extra NIC data.
Found driver name for 'wlan0' from DBus.
   - Driver : rtl8187
Couldn't get capabilities from DBus, trying the hard way.
Attempting to release lock.
Release processing lock.
Set welcome banners.
Using DBus UUID for client ID.
Using DBus UUID for client ID.
Client ID : fe88ef3cf6716df910e7fa570000000b
Session ID : 13542037211366584788
Moving to widget 9.
User clicked 'Retry' on the bad config widget.
Moving to widget 1.
Selected network 'swinwifi'.
Going to page 9
Adding page 1
Moving to widget 9.

The platform bit bothers me -- is it checking for ubuntu vs other distros?

XpressConnect then generates a file called /tmp/netdata.txt:


*-network
       description: Ethernet interface
       product: 82540EM Gigabit Ethernet Controller
       vendor: Intel Corporation
       physical id: 3
       bus info: pci@0000:00:03.0
       logical name: eth0
       version: 02
       serial: 08:00:27:53:23:4c
       width: 32 bits
       clock: 66MHz
       capabilities: bus_master cap_list ethernet physical
       configuration: broadcast=yes driver=e1000 driverversion=7.3.21-k5-NAPI firmware=N/A ip=10.0.2.15 latency=64 mingnt=255 multicast=yes
       resources: irq:10 memory:f0000000-f001ffff ioport:d010(size=8)
  *-network
       description: Wireless interface
       physical id: 1
       logical name: wlan0
       serial: 00:11:a3:08:12:1d
       capabilities: ethernet physical wireless
       configuration: broadcast=yes multicast=yes wireless=IEEE 802.11bg

I also did a strace on both ubuntu and debian, but strace generates a lot of information. A major difference I observed was the presence of CLOCK_MONOTONIC in the ubuntu log, but this is to synchronize for the CA certificate (or something -- I don't know what I'm talking about). Anyway, it probably just indicates what we already know -- the binary doesn't detect the card on debian but it does on ubuntu.

ldd XpressConnect-x64 gives the following on ubuntu (32 bit):


linux-gate.so.1 =>  (0x006a3000)
 libdbus-1.so.3 => /lib/libdbus-1.so.3 (0x007b3000)
 libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00c8b000)
 libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x008b8000)
 libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00da4000)
 libXext.so.6 => /usr/lib/libXext.so.6 (0x00225000)
 libX11.so.6 => /usr/lib/libX11.so.6 (0x00480000)
 libz.so.1 => /lib/libz.so.1 (0x00110000)
 libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0x00125000)
 librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0x00665000)
 libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0x006f2000)
 libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00ac3000)
 libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0x002d8000)
 libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00129000)
 libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0x002fe000)
 libexpat.so.1 => /lib/libexpat.so.1 (0x00148000)
 libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00a12000)
 /lib/ld-linux.so.2 (0x00637000)
 libXau.so.6 => /usr/lib/libXau.so.6 (0x00c7a000)
 libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x0096f000)

and this on debian (64 bit):


linux-vdso.so.1 =>  (0x00007fff50dfb000)
 libdbus-1.so.3 => /lib/libdbus-1.so.3 (0x00007f2bbb807000)
 libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00007f2bbb5fd000)
 libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f2bbb3c7000)
 libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f2bbb13f000)
 libXext.so.6 => /usr/lib/libXext.so.6 (0x00007f2bbaf2d000)
 libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f2bbabf1000)
 libz.so.1 => /usr/lib/libz.so.1 (0x00007f2bba9da000)
 libdl.so.2 => /lib/libdl.so.2 (0x00007f2bba7d6000)
 librt.so.1 => /lib/librt.so.1 (0x00007f2bba5cd000)
 libpthread.so.0 => /lib/libpthread.so.0 (0x00007f2bba3b1000)
 libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f2bba09d000)
 libm.so.6 => /lib/libm.so.6 (0x00007f2bb9e1a000)
 libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f2bb9c04000)
 libc.so.6 => /lib/libc.so.6 (0x00007f2bb98a2000)
 libexpat.so.1 => /usr/lib/libexpat.so.1 (0x00007f2bb9679000)
 libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f2bb945d000)
 /lib64/ld-linux-x86-64.so.2 (0x00007f2bbba58000)
 libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f2bb9259000)
 libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f2bb9054000)

Evidence of evil and a fix

The evidence
Here's a snippet of the strace output from ubuntu


2200  write(8, "The date validation checked out "..., 42) = 42
2200  write(8, "Checking for valid networks for "..., 47) = 47
2200  open("/etc/lsb-release", O_RDONLY|O_LARGEFILE) = 15
2200  read(15, "DISTRIB_ID=Ubuntu\nDISTRIB_RELEAS"..., 8191) = 104
2200  read(15, "", 8191)                = 0
2200  close(15)

and here's Debian:


3079  write(8, "The date validation checked out "..., 42) = 42
3079  write(8, "Checking for valid networks for "..., 47) = 47
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  open("/etc/lsb-release", O_RDONLY) = -1 ENOENT (No such file or directory)
3079  write(8, "No valid networks found in the c"..., 46) = 46
3079  close(11)

The evil is that it's highly misleading -- it's not checking for valid networks, it's checking whether you've got ubuntu. And it didn't fail to find a valid network -- it failed to find /etc/lsb-release.
Here's /etc/lsb-release from ubuntu


DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.4 LTS"

The fix
Debian doesn't have an lsb-release file, so I simply copied the /etc/lsb-release file from ubuntu to debian. Guess what? XpressConnect now works on debian!

And no, having an empty /etc/lsb-release file doesn't work. Also, editing it (replacing 'ubuntu' with 'debian') also causes XpressConnect to stop working.

Another 'fix' -- manual Configuration:
XpressConnect does not do more than set up your wireless connection i.e. sets the required settings and installs the CA certificate for your particular network. In other words, you can just manually configure your network and you'll probably be fine.

Unfortunately, I haven't found a URL for the CA cert for Swinburne, which is the example that I'm working with (based on a forum post)

I managed to extract most of that by running it in an ubuntu VM. Note that I am nowhere near Swinburne, not staff/a student there and actually can't test this to completion.

ubuntu -- apparently it's no longer brown...

The settings are:


Security: WPA & WPA2 Enterprise
Authentication: Tunneled TLS
Anonymous identity: anonymous
CA certificate: swinwifi.der
Inner authentication: PAP
Username: ***@swinburne.edu
Pasword: ******

You'll need swinwifi.der. Because it is in binary I can't easily post it. However, you can generate it from the .pem file which is in ascii armour:

openssl x509 -in swinwifi.pem -out swinwifi.der -outform DER

Put it in the folder ~/.certificates.

The md5sum should be


11843b7d38bc0b024e8356f11d4d7c42  swinwifi.der

I've also tried that java version of xpress connect.

Finally, do NOT as a rule download certificates from third parties! How can you trust that my intentions are good? At the moment you're choice is between trusting me and Shuttleworth though...

Why bother?
Because an increasing number of university networks have adopted this -- frankly broken -- piece of software, I think it's of some interest to users of other distros to investigate whether there are any simple solutions. This in particular since not all uni networks have instructions for manual configuration anymore. Besides, a challenge is a challenge.

19 April 2013

392. Wheezy release date set

...assuming that nothing happens in between now and then of course. See here:


We now have a target date of the weekend of 4th/5th May for the release. We have checked with core teams, and this seems to be acceptable for everyone.  This means we are able to begin the final preparations for a release of Debian 7.0 - "Wheezy".

While that's interesting, the real cause for excitement will of course be Jessie.

For those following testing instead of wheezy in their /etc/apt/sources.list, now might be a good time to replace all instances of testing with wheezy and installing apt-listbugs in anticipation. Jessie might be a bit wobbly in the beginning...

Links to this post:
http://crunchbang.org/forums/viewtopic.php?id=26012

18 April 2013

391. encfs on debian testing

Truecrypt is nice and all, but the way it's managed is a bit un-linux like. It IS open source though, but because it isn't completely clear who the maintainers are, and while the source code is probably safe to use, most people use pre-built binaries -- just because it's open source doesn't mean that the binaries are built from that source. I'm happy with truecrypt, but if we're going to be paranoid, we might as well go all the way. Also, it would be nice with an encryption tool which can be installed from the repos, and as a binary built by a trusted party (i.e. the debian maintainers).

Note that truecrypt wins hands down on features -- as always, pick the tool that does the job.

encfs is a well-established encryption tool for linux systems and is available in most distro repos -- it does encryption of files, and while it lacks many of the options of truecrypt, it is useful for encrypting directory structures.

Installation

sudo apt-get install encfs

Yes, that's it. If you're having issues, make sure that fuse is installed, and that you belong to the group fuse (too add, do sudo usermod -a -G fuse $USER . To check do cat /etc/group|grep fuse)

Set-up
Set-up is equally easy.

 encfs ~/.secret ~/encrypted
The directory "/home/me/encrypted" does not exist. Should it be created? (y,n) Y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?> 

Standard configuration selected.

Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File holes passed through to ciphertext.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.

New Encfs Password: 
Verify Encfs Password:

At the end of this your encryption folder will be mounted.

How it works:
A (to me) nice way of illustrating how it works is the following:

ls ~/encrypted/ -lah

total 24K
drwxr-xr-x   2 me me 4.0K Apr 18 14:29 .
drwxr-xr-x 212 me me  20K Apr 18 14:29 ..

ls ~/.secret/ -lah

total 32K
drwxr-xr-x   2 me me 4.0K Apr 18 14:29 .
drwxr-xr-x 212 me me  20K Apr 18 14:29 ..
-rw-r--r--   1 me me 1.1K Apr 18 14:29 .encfs6.xml
-rw-r--r--   1 me me  411 Nov 14  2011 .passwd.gpg
touch ~/encrypted/test
ls ~/encrypted/ -lah
total 24K
drwxr-xr-x   2 me me 4.0K Apr 18 14:32 .
drwxr-xr-x 212 me me  20K Apr 18 14:29 ..
-rw-r--r--   1 me me    0 Apr 18 14:32 test

ls ~/.secret/ -lah

total 32K
drwxr-xr-x   2 me me 4.0K Apr 18 14:32 .
drwxr-xr-x 212 me me  20K Apr 18 14:29 ..
-rw-r--r--   1 me me 1.1K Apr 18 14:29 .encfs6.xml
-rw-r--r--   1 me me    0 Apr 18 14:32 IfSGAzSkFsuN2A,SpPmnKSYu
-rw-r--r--   1 me me  411 Nov 14  2011 .passwd.gpg

df -h

encfs                                                   734G  525G  172G  76% /home/me/encrypted

In other words, anything that is put into ~/encrypted ends up as an encrypted file in ~/.secret. It's a little bit different from truecrypt, which uses a filesystem container -- this is more similar to encrypting each file with gpg/pgp, just with a good way of managing it from a filesystem pov.

Also, this means that you don't have to dedicate a certain amount of space to the encrypted file system as you would have to with truecrypt.

Anyway, unmount ~/encrypted and no-one will have access to the decrypted forms of the files.

sudo umount ~/encrypted

To mount it again, just do

encfs ~/.secret ~/encrypted

You can change the name of the directory you want to mount it in.

It is also possible to mount automatically on boot, but this would defeat most purposes of encrypting in the first place.

17 April 2013

390. NWChem: "Fix collapse/expand in xc_nucder_gen" when using actlist and frequency calc

I ended up with the error in the title when running a job today -- the job does a calc on a complex system, where I'm only interested in optimising and doing normal mode analysis on part of the system. I (am supposed to) achieve this using actlist.

Googling shows the following two posts:
Question: http://www.emsl.pnl.gov/docs/nwchem/nwchem-support/2004/03/0010.Problem_with_Vibrational_frequencies
Answer: http://www.emsl.pnl.gov/docs/nwchem/nwchem-support/2004/03/0012.RE:_Problem_with_Vibrational_frequencies

There doesn't seem to be a follow up between then and now (nine years later).

Note that this is completely different from this post which seems to be due to the OP not putting the actlist in deck A2 (i.e. s/he computes the frequencies for different systems in A and B)

The issue:
The smallest job I can use to trigger this is the following:


scratch_dir /scratch
Title "trigger"

Start  trigger

echo

charge 0
geometry autosym units angstrom
 O     -1.79757     -0.236404     0.264744
 H     -2.77094     -0.198938     0.271156
 H     -1.44498     0.380299     -0.412669
 O     -0.0458786     1.77247     -0.0605460
 H     -0.317322     1.32556     0.781197
 H     0.894700     1.49387     -0.199468
end

ecce_print ecce.out

basis "ao basis" cartesian print
  H library "6-31G"
  O library "6-31G"
END

dft
  mult 1
  direct
  XC b3lyp
  grid fine
  iterations 999 
  mulliken
end

task dft energy
set geometry:actlist 1:3 
task dft freq

Here's the error message:


HESSIAN: the one electron contributions are done in       0.1s

 Fix collapse/expand in xc_nucder_gen        0
 ------------------------------------------------------------------------
 ------------------------------------------------------------------------
  current input line : 
     0:   
 ------------------------------------------------------------------------
 ------------------------------------------------------------------------
 This error has not yet been assigned to a category
 ------------------------------------------------------------------------
 For more information see the NWChem manual at http://www.nwchem-sw.org/index.php/NWChem_Documentation

I can't trigger it with just one water and using an actlist of 1:3 -- seems like I need inactive atoms. However, I've run similar calcs in the past without issue.

The solution:
Do a numerical instead of analytical frequency calculation.

This works:


scratch_dir /scratch
Title "trigger"

Start  trigger

echo

charge 0
geometry autosym units angstrom
 O     -1.79757     -0.236404     0.264744
 H     -2.77094     -0.198938     0.271156
 H     -1.44498     0.380299     -0.412669
 O     -0.0458786     1.77247     -0.0605460
 H     -0.317322     1.32556     0.781197
 H     0.894700     1.49387     -0.199468
end

ecce_print ecce.out

basis "ao basis" cartesian print
  H library "6-31G"
  O library "6-31G"
END

dft
  mult 1
  direct
  XC b3lyp
  grid fine
  iterations 999 
  mulliken
end

task dft energy
set geometry:actlist 1:3 
task dft freq numerical

15 April 2013

389. Patches for NWChem 6.1.1 on Debian Wheezy/Testing

There are a couple of issues with the current version of NWChem (27th of June 2012):
* PSPW is broken when NWChem is compiled with/run on systems with gcc 4.7 (here)
* Python support requires patching to include -lz -lssl (here)
* for GabEdit to work more detail needs to be printed (here)

To fix all those issues in one go, do the following:

1. Copy the text at the end of the post, and paste it into a file, e.g. diff.patch.

2. Put the patch file in NWCHEM_TOP (i.e. the root of the source code) e.g. /opt/nwchem/nwchem-6.1.1
If you are patching a previously compiled version of nwchem then do

patch -p0 < diff.patch
export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=`pwd`
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all python"
export PYTHONVERSION=2.7
export PYTHONHOME=/usr
export BLASOPT="-L/opt/openblas/lib -lopenblas"
export USE_MPI=y
export USE_MPIF=y
export USE_MPIF4=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH=$LIBRARY_PATH:/usr/lib/openmpi/lib:/opt/openblas/lib
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"
export FC=gfortran
cd $NWCHEM_TOP/src/ddscf
make
cd $NWCHEM_TOP/src/nwdft/scf_dft
make
cd $NWCHEM_TOP/src/mcscf
make
cd $NWCHEM_TOP/src
make link
cd $NWCHEM_TOP/contrib
./getmem.nwchem

If it's a freshly extracted source, otherwise look at http://verahill.blogspot.com.au/2012/09/briefly-compiling-nwchem-611-with.html

Patch:


diff -rupN src.original/config/makefile.h src/config/makefile.h
--- src.original/config/makefile.h 2013-04-15 12:41:45.016853322 +1000
+++ src/config/makefile.h 2013-04-15 12:38:44.933319544 +1000
@@ -1169,7 +1169,7 @@ endif
         FOPTIONS   = -Wextra #-Wunused #-ffast-math
         FOPTIMIZE  = -O2 -ffast-math -Wuninitialized 
         DEFINES  += -DGFORTRAN
-        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6./ {print "Y";exit};/4.7./ {print "Y";exit};{print "N"}')
+        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6/ {print "Y";exit};/4.7/ {print "Y";exit};{print "N"}')
         ifeq ($(_GCC46),Y) 
         DEFINES  += -DGCC46
     endif
@@ -1298,7 +1298,7 @@ endif
          FVECTORIZE=-O3 -ffast-math -mtune=native -mfpmath=sse -msse3 -ftree-vectorize -ftree-vectorizer-verbose=1   -fprefetch-loop-arrays  -funroll-all-loops 
 #         FOPTIMIZE=-O1
 #         FVECTORIZE=-O1
-       _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6./ {print "Y";exit};/4.7./ {print "Y";exit};{print "N"}')
+       _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6/ {print "Y";exit};/4.7/ {print "Y";exit};{print "N"}')
        ifeq ($(_GCC46),Y) 
          DEFINES  += -DGCC46
        endif
@@ -1890,7 +1890,7 @@ endif
           FOPTIONS +=  -ff2c -fno-second-underscore
         endif
         DEFINES  += -DCHKUNDFLW -DGCC4
-        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6./ {print "Y";exit};/4.7./ {print "Y";exit};{print "N"}')
+        _GCC46= $(shell gfortran -dumpversion  2>&1|awk ' /4.6/ {print "Y";exit};/4.7/ {print "Y";exit};{print "N"}')
         ifeq ($(_GCC46),Y) 
           DEFINES  += -DGCC46
         endif
@@ -1954,7 +1954,7 @@ endif
 
      ifeq ($(BUILDING_PYTHON),python)
 #   EXTRA_LIBS += -ltk -ltcl -L/usr/X11R6/lib -lX11 -ldl
-     EXTRA_LIBS +=    -lnwcutil  -lpthread -lutil -ldl
+     EXTRA_LIBS +=    -lnwcutil  -lpthread -lutil -ldl -lssl -lz
   LDOPTIONS = -Wl,--export-dynamic 
      endif
 ifeq ($(NWCHEM_TARGET),CATAMOUNT)
diff -rupN src.original/ddscf/movecs_pr_anal.F src/ddscf/movecs_pr_anal.F
--- src.original/ddscf/movecs_pr_anal.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/movecs_pr_anal.F 2013-04-15 12:23:28.100409225 +1000
@@ -195,7 +195,7 @@ c
  22         format(1x,2('  Bfn.  Coefficient  Atom+Function  ',5x))
             write(LuOut,23)
  23         format(1x,2(' ----- ------------  ---------------',5x))
-            do klo = 0, min(n-1,9), 2
+            do klo = 0, min(n-1,199), 2
                khi = min(klo+1,n-1)
                write(LuOut,2) (
      $              int_mb(k_list+k)+1, 
diff -rupN src.original/ddscf/rohf.F src/ddscf/rohf.F
--- src.original/ddscf/rohf.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/rohf.F 2013-04-15 12:23:28.100409225 +1000
@@ -153,7 +153,7 @@ c
             ilo = 1
             ihi = nmo
          endif
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs, 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs, 
      $        'ROHF Final Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      $        .true., dbl_mb(k_occ))
diff -rupN src.original/ddscf/scf_vec_guess.F src/ddscf/scf_vec_guess.F
--- src.original/ddscf/scf_vec_guess.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/scf_vec_guess.F 2013-04-15 12:23:28.100409225 +1000
@@ -505,19 +505,19 @@ c
          nprint = min(nclosed+nopen+30,nmo)
          if (scftype.eq.'RHF' .or. scftype.eq.'ROHF') then
             call movecs_print_anal(basis, 1,
-     &           nprint, 0.15d0, g_movecs, 
+     &           nprint, 0.01d0, g_movecs, 
      &           'ROHF Initial Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      &           .true., dbl_mb(k_occ))
          else
             nprint = min(nalpha+20,nmo)
             call movecs_print_anal(basis, max(1,nbeta-20),
-     &           nprint, 0.15d0, g_movecs, 
+     &           nprint, 0.01d0, g_movecs, 
      &           'UHF Initial Alpha Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      &           .true., dbl_mb(k_occ))
             call movecs_print_anal(basis, max(1,nbeta-20),
-     &           nprint, 0.15d0, g_movecs(2), 
+     &           nprint, 0.01d0, g_movecs(2), 
      &           'UHF Initial Beta Molecular Orbital Analysis', 
      &           .true., dbl_mb(k_eval+nbf), oadapt, int_mb(k_irs+nmo),
      &           .true., dbl_mb(k_occ+nbf))
diff -rupN src.original/ddscf/uhf.F src/ddscf/uhf.F
--- src.original/ddscf/uhf.F 2013-04-15 12:41:45.036852381 +1000
+++ src/ddscf/uhf.F 2013-04-15 12:23:28.096409414 +1000
@@ -144,11 +144,11 @@ C
          enddo
          ihi = max(ihi-1,1)
  9611    continue
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs, 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs, 
      $        'UHF Final Alpha Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval), oadapt, int_mb(k_irs),
      $        .true., dbl_mb(k_occ))
-         call movecs_print_anal(basis, ilo, ihi, 0.15d0, g_movecs(2), 
+         call movecs_print_anal(basis, ilo, ihi, 0.01d0, g_movecs(2), 
      $        'UHF Final Beta Molecular Orbital Analysis', 
      $        .true., dbl_mb(k_eval+nbf), oadapt, int_mb(k_irs+nmo),
      $        .true., dbl_mb(k_occ+nbf))
diff -rupN src.original/mcscf/mcscf.F src/mcscf/mcscf.F
--- src.original/mcscf/mcscf.F 2013-04-15 12:41:45.000854073 +1000
+++ src/mcscf/mcscf.F 2013-04-15 12:23:23.748613695 +1000
@@ -680,7 +680,7 @@ c
       if (util_print('final vectors analysis', print_default))
      $     call movecs_print_anal(basis, 
      $     max(1,nclosed-10), min(nbf,nclosed+nact+10),
-     $     0.15d0, g_movecs, 'Analysis of MCSCF natural orbitals',
+     $     0.01d0, g_movecs, 'Analysis of MCSCF natural orbitals',
      $     .true., dbl_mb(k_evals), .true., int_mb(k_sym), 
      $     .true., dbl_mb(k_occ))
 c     
diff -rupN src.original/nwdft/scf_dft/dft_mxspin_ovlp.F src/nwdft/scf_dft/dft_mxspin_ovlp.F
--- src.original/nwdft/scf_dft/dft_mxspin_ovlp.F 2013-04-15 12:41:45.604825677 +1000
+++ src/nwdft/scf_dft/dft_mxspin_ovlp.F 2013-04-15 12:23:28.228403211 +1000
@@ -184,14 +184,14 @@ c
       call ga_sync()
 c
       call movecs_print_anal(basis,int_mb(k_non),int_mb(k_non)
-     & ,0.15d0,g_alpha,'Alpha Orbitals without Beta Partners',
+     & ,0.01d0,g_alpha,'Alpha Orbitals without Beta Partners',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
 c
       if (nct.GE.2) then
       do i = 2,nct
       ind = int_mb(k_non+i-1)
       call movecs_print_anal(basis,ind,ind
-     & ,0.15d0,g_alpha,' ',
+     & ,0.01d0,g_alpha,' ',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
       enddo
       endif
@@ -350,7 +350,7 @@ c      endif
 c      endif
 c 9990 format(/,18x,'THERE ARE',i3,1x,'UN-PARTNERED ALPHA ORBITALS')
 c
-       call movecs_print_anal(basis, 1, nalp, 0.15d0, g_ualpha,
+       call movecs_print_anal(basis, 1, nalp, 0.01d0, g_ualpha,
      & 'Alpha Orb. w/o Beta Partners (after maxim. alpha/beta overlap)',
      &   .false., 0.0 ,.false., 0 , .false., 0 )
 c
diff -rupN src.original/nwdft/scf_dft/dft_scf.F src/nwdft/scf_dft/dft_scf.F
--- src.original/nwdft/scf_dft/dft_scf.F 2013-04-15 12:41:45.608825490 +1000
+++ src/nwdft/scf_dft/dft_scf.F 2013-04-15 12:23:28.228403211 +1000
@@ -1733,7 +1733,7 @@ c
             else
                blob='DFT Final Beta Molecular Orbital Analysis' 
             endif
-            call movecs_print_anal(ao_bas_han, ilo, ihi, 0.15d0, 
+            call movecs_print_anal(ao_bas_han, ilo, ihi, 0.01d0, 
      &           g_movecs(ispin), 
      &           blob, 
      &           .true., dbl_mb(k_eval(ispin)), oadapt, 
diff -rupN src.original/nwdft/scf_dft_cg/dft_cg_solve.F src/nwdft/scf_dft_cg/dft_cg_solve.F
--- src.original/nwdft/scf_dft_cg/dft_cg_solve.F 2013-04-15 12:41:45.612825303 +1000
+++ src/nwdft/scf_dft_cg/dft_cg_solve.F 2013-04-15 12:23:28.220403588 +1000
@@ -164,7 +164,7 @@ c
             blob = 'DFT Final Beta Molecular Orbital Analysis'
           endif
           call movecs_fix_phase(g_movecs(ispin))
-          call movecs_print_anal(basis, ilo, ihi, 0.15d0,
+          call movecs_print_anal(basis, ilo, ihi, 0.01d0,
      &         g_movecs(ispin),blob,
      &         .true., dbl_mb(k_eval+(ispin-1)*nbf),
      &         oadapt, int_mb(k_irs+(ispin-1)*nbf),

388. NWChem, PSPW and Fortran runtime error

I'm following this post: http://www.emsl.pnl.gov/docs/nwchem/nwchem-support/2012/12/0024.Re:_NWCHEM_errors_in_running_nwchem-6.1.

The issue:
If, on debian testing/wheezy 64 bit with gcc 4.7, you run the following using NWChem 6.1.1


Title "boric acid"
Start  boric

echo

charge 0

geometry autosym units angstrom
 B     0.00000     0.00000     0.00000
 O     -4.93432e-17     1.55000     0.00000
 H     1.06537     1.92667     0.00000
 O     1.34234     -0.775000     0.00000
 H     1.13586     -1.88597     0.00000
 O     -1.34234     -0.775000     0.00000
 H     -2.20123     -0.0406974     0.00000
end

ecce_print ecce.out

nwpw
  mult 1
  xc pbe96
  cutoff 90.0
  np_dimensions -1  -1  
  tolerances 1e-7  1e-7
  car-parrinello
    nose-hoover 1.000000e+03 2.981500e+02 1.000000e+03 2.981500e+02
    time_step 0.500000e+00
    fake_mass 1.000000e+02
    loop 10 100 
    scaling 1.000000e+00 1.000000e+00
  end 
end

task pspw energy
task pspw car-parrinello

You'll end up with


****************************************************
          *                                                  *
          *               NWPW PSPW Calculation              *
          *                                                  *
          *  [ (Grassman/Stiefel manifold implementation) ]  *
          *                                                  *
          *      [ NorthWest Chemistry implementation ]      *
          *                                                  *
          *            version #5.10   06/12/02              *
          *                                                  *
          *    This code was developed by Eric J. Bylaska,   *
          *    and was based upon algorithms and code        *
          *    developed by the group of Prof. John H. Weare *
          *                                                  *
          ****************************************************
     >>>  JOB STARTED       AT Mon Apr 15 10:05:42 2013  <<<
          ================ input data ========================
  library name resolved from: compiled reference
  NWCHEM_NWPW_LIBRARY set to: 
Generating 1d pseudopotential for B
At line 649 of file psp_generator_input.F (unit = 99, file = './junk.inp')
Fortran runtime error: Sequential READ or WRITE not allowed after EOF marker, possibly use REWIND or BACKSPACE
--------------------------------------------------------------------------
mpirun has exited due to process rank 0 with PID 28100 on
node neon exiting without calling "finalize". This may
have caused other processes in the application to be
terminated by signals sent by mpirun (as reported here).
-------------------------------------------------------------------------

The fix
/opt/nwchem/nwchem-6.1.1-src is the NWCHEM_TOP of my particular nwchem source. See e.g. here for build instructions in general and not that e.g. BLASOPT settings etc. correspond to what I need on my system. Modify as necessary.

cd /opt/nwchem/nwchem-6.1.1-src/
wget http://www.nwchem-sw.org/images/Makefile.h.gcc46.patch.gz
gunzip Makefile.h.gcc46.patch.gz
patch -p0 < Makefile.h.gcc46.patch
cd src/nwpw/
touch `egrep -l GCC46 */*/*F`

export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=/opt/nwchem/nwchem-6.1.1-src
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all"
export PYTHONHOME=/usr
export BLASOPT="-L/opt/acml/acml5.2.0/gfortran64_fma4_int64/lib -lacml"
export USE_MPI=y
export USE_MPIF=y
export USE_MPIF4=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH="$LIBRARY_PATH:/usr/lib/openmpi/lib:/opt/acml/acml5.2.0/gfortran64_fma4_int64/lib"
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"
export FC=gfortran
make 
cd ../
make link
./getmem.nwchem

Because we just relink instead of recompiling from scratch, recompiling is fairly quick (2-3 minutes in total)

Testing

It now continues as it should:


================ input data ========================
  library name resolved from: compiled reference
  NWCHEM_NWPW_LIBRARY set to: 
Generating 1d pseudopotential for B

and everything is good from there-on.

NOTE: you need to delete the output files from any previous run, or you might end up with errors during the Car-Parrinello portion (e.g.

At line 170 of file MOTION.F (unit = 19, file = './boric.ion_motion')
Fortran runtime error: Sequential READ or WRITE not allowed after EOF marker, possibly use REWIND or BACKSPACE

)

Stay tuned...
What remains for me is to start collecting the patches that are needed for nwchem to work properly (from my perspective -- I only have to support myself and my debian boxes, not a heterogeneous set of users with equally heterogeneous hardware, so my job is easier than that of the nwchem devs) so that installing and upgrading nwchem becomes less painful (yes, I've been patching by hand up till now...).

The issues that need to be patched are:
* including libz and libssl on debian when building with python support (e.g. step 1 in this post)
* changing the details in the output to support gabEdit (e.g. this post)
* patching for GCC 4.7 (i.e. what you've just read)

Update: The post is here now: http://verahill.blogspot.com.au/2013/04/389-patches-for-nwchem-611-on-debian.html

387. Compiling Wine 1.5.28 in a i386 chroot on Debian Wheezy amd64

UPDATE 16 May 2013: See here for Wine 1.5.30: http://verahill.blogspot.com.au/2013/05/416-wine-1530-in-chroot.html

UPDATE: for those who don't want to compile and are willing to take a minor risk* there are pre-built debs for mepis here: http://main.mepis-deb.org/mepiscr/testrepo/pool/test/w/wine/
They are provided by Steve Pusser, who is an active member at the debian forums.

* I presume, but don't actually know, that they are compatible with debian due to 1) Steve being active on the debian forums and 2) Mepis being based on debian stable (currently Squeeze)

Original post

New version of wine out now: 1.5.28.

Not much to get excited about from what I can tell, but wine now relies on GnuTLS instead of openssl.

Here's how to build it -- a lot of it is shamelessly recycled from earlier posts on this blog.

Getting started:
If you set up a chroot to build 1.5.27 before, you don't need to set up a new chroot to build 1.5.28. In that case, skip the set-up step below and instead re-enter your existing chroot like this:

sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32
su sandbox

Setting up the Chroot

mkdir $HOME/tmp/architectures/wine32
cd $HOME/tmp/architectures
sudo debootstrap --arch i386 wheezy $HOME/tmp/architectures/wine32 http://ftp.au.debian.org/debian/
sudo mount -o bind /proc wine32/proc
sudo cp /etc/resolv.conf wine32/etc/resolv.conf
sudo chroot wine32

You're now in the chroot:

apt-get update
apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo '127.0.0.1 localhost beryllium' >> /etc/hosts
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
su sandbox
cd ~/

Building Wine
While still in the chroot, continue (the i386 is ok; don't worry about it -- you don't actually need it):

sudo apt-get install libx11-dev:i386 libfreetype6-dev:i386 libxcursor-dev:i386 libxi-dev:i386 libxxf86vm-dev:i386 libxrandr-dev:i386 libxinerama-dev:i386 libxcomposite-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libglu-dev:i386 libosmesa-dev:i386 libdbus-1-dev:i386 libgnutls-dev:i386 libncurses-dev:i386 libsane-dev:i386 libv4l-dev:i386 libgphoto2-2-dev:i386 liblcms-dev:i386 libgstreamer-plugins-base0.10-dev:i386 libcapi20-dev:i386 libcups2-dev:i386 libfontconfig-dev:i386 libgsm1-dev:i386 libtiff-dev:i386 libpng-dev:i386 libjpeg-dev:i386 libmpg123-dev:i386 libopenal-dev:i386 libldap-dev:i386 libxrender-dev:i386 libxml2-dev:i386 libxslt-dev:i386 libhal-dev:i386 gettext:i386 prelink:i386 bzip2:i386 bison:i386 flex:i386 oss4-dev:i386 checkinstall:i386 ocl-icd-libopencl1:i386 opencl-headers:i386 libasound2-dev:i386 build-essential

mkdir ~/tmp
cd ~/tmp
wget http://prdownloads.sourceforge.net/wine/wine-1.5.28.tar.bz2
tar xvf wine-1.5.28.tar.bz2
cd wine-1.5.28/
./configure
time make -j2
sudo checkinstall --install=no

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran
           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: 

Preparing package documentation...OK

Please write a description for the package.
End your description with an empty line or EOF.
>> wine 1.5.28
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@beryllium ]
1 -  Summary: [ wine 1.5.28 ]
2 -  Name:    [ wine ]
3 -  Version: [ 1.5.28 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ wine-1.5.28 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ wine ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Compilation took ca 19 minutes. Checkinstall takes a little while (In particular this step: 'Copying files to the temporary directory...').

Installing Wine
Exit the chroot

sandbox@beryllium:~/tmp/wine-1.5.28$ exit
exit
root@beryllium:/# exit
exit
me@beryllium:~/tmp/architectures$

On your host system
Enable multiarch and install ia32-libs, since you've built a proper 32 bit binary:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs

Copy the .deb package and install it

sudo cp wine32/home/sandbox/tmp/wine-1.5.28/wine_1.5.28-1_i386.deb .
sudo chown $USER wine_1.5.28-1_i386.deb
sudo dpkg -i wine_1.5.28-1_i386.deb

Links to this post:
http://forum.winehq.org/viewtopic.php?f=8&t=18924

12 April 2013

386. Briefly: Lenovo Thinkpad SL410 mute volume key

I'm a bit tired of the mute button on my keyboard not working (anymore?) on Debian Testing/Wheezy, so it was time to have a look at what could be done.

The issue
On an SL410 there are four buttons to the left of the keyboard: mute mic, volume up, volume down and mute.

Neither of them show up when using xev or showkey. The Volume Up and Down keys work, but not the mute mic or mute volume ones.

You can get the keycodes by monitoring dmesg -- pushing Mute volume three times I get

[ 2392.912282] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000
[ 2393.447050] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000
[ 2393.930206] hda-intel: spurious response 0x0:0x0, last cmd=0x1439000

The problem is that the keycode keeps changing -- the mute key has a different value depending on what the volume is.

mute mic    ?????
vol up/down 0x1439080,0x339080,00,09,13,1b,21,25,29,2d,30,33
mut vol     0x1439000, 339029

Anyway.

Solution

You'll probably find that thinkpad_acpi is loaded:

lsmod|grep thinkpad_acpi

Unload it:

sudo rmmod thinkpad_acpi

Now press the mute button -- did an orange light show under it? That means it's working.

I think the issue is that SL410 isn't a true thinkpad -- it's really an ideapad and the firmware doesn't match.

To make the change permanent,

edit /etc/modprobe.d/thinkpad-blacklist.conf

blacklist thinkpad_acpi

thinkpad_acpi shouldn't load on boot anymore.

Mute mic still doesn't work.

11 April 2013

385. OTPW -- connecting from an insecure computer using one-time passwords

I got inspired to look into this by this post: http://www.linuxjournal.com/content/configuring-one-time-password-authentication-otpw

The idea of one time passwords is fairly simple -- even if someone manages to keylog your password (or see you type it in) it will be useless to them, as it can only be used once.

The implementation is also fairly simple: if you divide a password in half, and only let one half be static (the prefix) and the other half come from a pre-agreed list (the suffix), you can have a secure way of changing your password in a practical way.

Let's say that I decide that the static, prefix part should be 'ice' and that we make a pre-agreed list of suffices that we can use to make passwords:
001. box
002. flower
003. icle
004. skating
005. fishing

You should print this list and keep it reasonably safe. Without the prefix it is not useful. Likewise, any keylogger on a compromised computer will find out the prefix, but it will be useless without the suffix list. So keep that it in mind -- make sure that no-one gets hold of both.

You then try to log in via ssh from a remote client, and you get prompted for password 004 -- this means that the password you need to use is iceskating.

In real-world applications the suffixes are random, and not at all related to the prefix. Also, once the list has been generated it is not stored (so you better print it) -- only the hashes or the complete passwords are.

Note that the choice isn't really between OTPW and regular static password -- you can use both, just like you can use SSH with both key and password.

Set up
http://www.linuxjournal.com/content/configuring-one-time-password-authentication-otpw?page=0,2 deals with a number of different use scenarios. I'm only interested in enabling OTPW for remote SSH at this stage i.e. local login is using static passwords by default.

(if you're travelling with a laptop you may consider using OTPW for everything)

You need libpam-otpw. In addition, otpw-bin is useful for generating the suffix/hash list.

sudo apt-get install libpam-otpw otpw-bin

Generate a list of hashes and suffices:

otpw-gen|tee otpw.list

Print the list and delete it afterwards.

You now have a ~/.otpw file filled with hashes.

Create /etc/pam.d/ssh-otpw.


auth           sufficient      pam_otpw.so
session        optional        pam_otpw.so

and edit /etc/pam.d/sshd -- include the ssh-otpw file immediately before common-auth to set the order of log in methods.


auth       required     pam_env.so # [1]
auth       required     pam_env.so envfile=/etc/default/locale

@include ssh-otpw
@include common-auth

account    required     pam_nologin.so

@include common-account
@include common-session

session    optional     pam_motd.so  motd=/run/motd.dynamic noupdate
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so
@include common-password

This way, if there's a ~/.otpw file you'll first be prompted for a one-time password. Otherwise that option will be skipped, so users with and without OTPW can co-exist happily.
In /etc/ssh/sshd_config, set


ChallengeResponseAuthentication yes

and make sure that UsePrivilegeSeparation and UsePAM are also set to yes (should be on Debian Wheezy).

sudo service ssh restart

and that's it!

Testing
To test, use a different computer and try to log in. I've got all my local computers set up to use keys to log in, so I had to to

ssh -o PubKeyAuthentication=no me@beryllium

Password 267:

In my list, 267 was given as

dfuF XE+L

so (pretending that my prefix was ice) my password was icedfuFXE+L.
If you answer that challenge wrong, you'll be asked for your static password instead. If you want to keep that secret, then interrupt the connection and retry.

Easy!

Once you start running out of password, run otpw-gen again for a new list.

384. Another (vaguely) TeX-related headache

The error
ps2pdf wasn't working on one of my .ps files (generated from a .tex file by texmaker). When I try to print the .ps file, it also shows up as having 197 pages, instead of 85 pages, which is what is has and what is seen in e.g. evince.

ps2pdf gives

Error: /syntaxerror in -file-
Operand stack:

Execution stack:
   %interp_exit   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push   --nostringval--   --nostringval--   --nostringval--   false   1   %stopped_push   1910   1   3   %oparray_pop   1909   1   3   %oparray_pop   1893   1   3   %oparray_pop   1787   1   3   %oparray_pop   --nostringval--   %errorexec_pop   .runexec2   --nostringval--   --nostringval--   --nostringval--   2   %stopped_push
Dictionary stack:
   --dict:1164/1684(ro)(G)--   --dict:4/20(G)--   --dict:101/200(L)--   --dict:215/300(L)--   --dict:90/200(L)--   --dict:57/75(L)--   --dict:211/313(L)--   --dict:72/140(L)--   --dict:0/10(G)--   --dict:0/10(L)--   --dict:6/50(ro)(G)--   --dict:56/71(L)--
Current allocation mode is local
Last OS error: No such file or directory
Current file position is 86139456
GPL Ghostscript 9.05: Unrecoverable error, exit code 1

And I have no idea where to start troubleshooting...the file position error is not terribly helpful given that the file only has 2010146 lines. So I commented everything, then slowly uncommented everything.

And it was a bit more complex than I thought -- this is the smallest section of code I could use to reproduce the error (note that the two frames are about 30 pages apart in the original):

[preamble]

\begin{document}

\begin{frame}{A frame}
\begin{table}
 \begin{tabular}{l r}
 \includegraphics[width=4cm]{images/figure_1.eps} & \pause
 \includegraphics[width=3.5cm]{img/folder_1/figure_2.eps} 
 \end{tabular}
\end{table}
\small{
\begin{itemize}
\item Blah blah blah
\item Blah Blah?
\end{itemize}
}
\end{frame}

\begin{frame}{Another frame}
 \small{Blah blahdi blah}\\
 \begin{center}
 \begin{table}
 \begin{tabular}{c c}
 \includegraphics[width=5cm]{img/folder_1/figure_3.eps} &
 \includegraphics[width=5cm]{img/folder_1/figure_4.eps} \\
 {\sc Caption} & Caption
 \end{tabular}
 \end{table}
 \end{center}
\end{frame}

\end{document}

The error was only apparent if both figure_2.eps and figure_3.eps were requested -- somehow those two files didn't like each other. I had made figure_2.eps myself (povray -> png -> eps), but a collaborator had sent me figure_3.eps, which was made using Bruker Topspin (a stacked plot of NMR spectra)

The fix:
I fixed it by opening figure_3.eps in inkscape and saving it again

bad.eps is figure_3 before re-saving it, good.eps is figure_3 after re-saving it:

me@beryllium:~/work/manuscripts/Talks/Australie/img/folder_1$ head -n 20 bad.eps 
���� X�+x�+ ��%!PS-Adobe-3.1 EPSF-3.0
%ADO_DSC_Encoding: Windows Roman
%%Title: 72_tempbw.eps
%%Creator: Adobe Illustrator(R) 15.1
%%For: Collaborator
%%CreationDate: 9/12/2012
%%BoundingBox: 0 0 633 359
%%HiResBoundingBox: 0 0 632.8331 358.5000
%%CropBox: 0 0 632.8331 358.5000
%%LanguageLevel: 2
%%DocumentData: Clean7Bit
%ADOBeginClientInjection: DocumentHeader "AI11EPS"
%ADO_ContainsXMP: MainFirstustrator(R) 15.1.0 x39 R agm 4.5189 ct 5.1875
%ADOEndClientInjection: DocumentHeader "AI11EPS"
%%Pages: 1
%%DocumentNeededResources: 
%%DocumentSuppliedResources: procset Adobe_AGM_Image 1.0 0
%%+ procset Adobe_CoolType_Utility_T42 1.0 0
%%+ procset Adobe_CoolType_Utility_MAKEOCF 1.23 0
%%+ procset Adobe_CoolType_Core 2.31 0
me@beryllium:~/work/manuscripts/Talks/Australia/img/folder_1$ head -n 20 good.eps 
%!PS-Adobe-3.0 EPSF-3.0
%%Creator: cairo 1.12.2 (http://cairographics.org)
%%CreationDate: Thu Apr 11 11:36:28 2013
%%Pages: 1
%%DocumentData: Clean7Bit
%%LanguageLevel: 2
%%BoundingBox: 0 -1 633 359
%%EndComments
%%BeginProlog
save
50 dict begin
/q { gsave } bind def
/Q { grestore } bind def
/cm { 6 array astore concat } bind def
/w { setlinewidth } bind def
/J { setlinecap } bind def
/j { setlinejoin } bind def
/M { setmiterlimit } bind def
/d { setdash } bind def
/m { moveto } bind def

I had another couple of files which caused the same issue -- all of which originally came from Bruker Topspin (XWinNMR). Re-saving them in inkscape solved the issues.

I still don't understand why figure_1 had to be present though.

09 April 2013

382. Briefly: fixing pdfstudio's leftover crud

I didn't like pdfstudio (http://verahill.blogspot.com.au/2013/02/338-annotating-pdfs-in-linux-revisited.html), not least because it's stuck in a microsoft world of 'basic' and 'pro' versions i.e. artificial crippling. I promptly got rid of it, but it has been lingering on my system like a bad relationship:


dpkg: warning: parsing file '/var/lib/dpkg/available' near line 94935 package 'pdfstudio':
 missing description

The simplest, most radical fix is to do

sudo dpkg --clear-avail
sudo apt-get update

08 April 2013

381. Encrypting chat, voice, video-- revisited

About a year ago I published this post:
128. Encrypting your email, chat and VOIP in linux (Debian Wheezy)

While I'm using gajim for encrypted chatting on a daily basis, always sign my emails with PGP/GPG in thunderbird and evolution, and keep a truecrypt container in my dropbox account, I've noticed that I don't ever use twinkle, which was the voice encryption solution I looked at in post 128.

The time is thus ripe to explore alternatives. Also, seahorse and evolution have changed enough that updated screenshots may be warranted. So here's Encryption for 2013. You will find that the most difficult thing about encryption is to convince other people to use it as well.

The tl;dr version is: use gajim. It's awesome.

--- Beginning of the boring bits ---

Why?
I'm not actually paranoid, but what about

*'If you don't have anything to hide, then what are you worrying about?' ? The issue with that kind of reasoning is that it can twisted into meaning that if you do worry, then you do have something to hide, and mere possession of will imply guilt. Presumably, if people in general are using e.g. PGP, the risk of it being banned or restricted (or being enforceable) is smaller. See e.g. this if you're living in the US.

* What happens if you gmail account gets hacked? Could someone glean enough information from your conversations and email to steal your identity?

* Do you need to send someone your PIN, bank card info or SSN but don't necessarily feel

* Do you need to discuss something but keep it confidential?

* It's fun! Being able to encrypt gives you a bit of a power trip.

What does annoy me are people who think that they aren't targets because 'why would anyone want to hack me'? Low-profile individuals are rarely targets in their own right, but what about the company you are working for? What about friends of yours? What about the possibility of opportunistic drive-by hacking where targets aren't selected by who they are, but by lapses in security?

In my case, I work for a large university -- gaining access to the intranet for an outsider would only be the first step in potentially compromising thousands of computers or accessing the personal information of tens of thousands of people (has happened at every uni I've worked). I manage servers at two universities -- if they get compromised their access to high speed internet could be used for spam routing (has also happened).

I have friends who work with classified projects presumably involving nuclear weapons (nat'l lab in the US) -- I might be an intermediary target.

I have a credit card, and a credit history. What if someone steals my identity and takes out a loan in my name? (has happened)

Or what if I have confidential data on a USB stick and I lose it -- if it's encrypted damage control is a lot easier (has happened at my uni).

Again, I'm not really paranoid, but there is always a tiny risk that someone, for whatever reason, is targeting you.

OTR and GPG/PGP
Note that I am NOT an expert on this. I've used PGP a lot, but have only recently been introduced to OTR. Also, merely being a user of something doesn't make an expert at it. What I write might be wrong.

PGP (pretty good privacy)/GPG (it's open sourced implementation) is a proven encryption method which uses asymmetric encryption with a private and a public key. You use someone else's public key to encrypt messages to them, and only their private key can decrypt it. Likewise, you give your public key to someone who wants to email you -- they use that to encrypt messages to you, and you -- and only you -- can decrypt it with your private key. PGP also supports signing to verify authorship -- you can sign (not encrypt) a message using your private key, and then anyone with your public key can decrypt it.

It's worth emphasizing this: if you encrypt with your private key, anyone in the world can decrypt it.

Whenever you generate a new key pair, you can publish the public key on a range of online repositories, such as http://pgp.mit.edu/ I think seahorse (gnome, evolution) and enigmail (thunderbird) can automatically search public key servers for public keys.

PGP is in principle a very strong encryption method using a 2048 byte (or larger) key. However, it suffers from a major drawback: anyone who can get their hands on your private key can decrypt everything. That basically means that anyone who gets access to your unencrypted harddrive can copy your key and eavesdrop. The longer you use the same key, the more likely it is that this will already have happened, especially if you have traveled through the US and been forced to give them access to your laptop. Leaving your laptop in your hotel room -- especially in a place like China (although it goes for anywhere) -- is probably also not advisable. Since you can't keep an eye on your hardware 24/7, this is a serious issue.

Another potential issue is that if you sign conversation with a key, then that conversation can be attributed to you i.e. a third, eavesdropping party may be able to ascertain who the conversing parties are.

Again, emphasis: your conversation may be safe now, but if in three months your key is lost all your conversations for years will be decrypted.

You can deal with this to some extent by either encrypting your entire harddrive, or by keeping your private key on an encrypted USB stick (be mindful of the increased risk of misplacing your usb stick and other people gaining access to it -- any encryption can generally be broken, given enough time and resources).

My main use of PGP/GPG is to have candid discussions via chat, and to sign my email.

OTR (Off the Record) is a 'new' (since 2004) alternative and is described in (accessible) detail here: http://www.cypherpunks.ca/otr/otr-wpes.pdf

It aims to solve a lot of the issues with PGP by doing away with a long-lived key. It also aims to make it impossible for a third party to identify the conversing parties. From what I understand it works more or less like this:

If we decide to chat, I generate a key,and you generate a key. Once we're done talking, we dispose of the keys. No-one --- not even the conversing parties -- can decrypt the conversation, which also ensures that nothing will surface by accident at a later date. PGP can obviously be used in the same manner, but it's the implementation of it which has to be convenient. Obviously, in practice this works a whole lot better for chat than email.

Anyway, from my reading of it OTR works pretty much the same as PGP (using large primes and public/private keys) -- it's just the actual implementation which differs. On starting the chat you click on a button to generate your key pair, and the public key gets sent to your chat partner and vice versa. Exit the chat session and your keys are gone. OTR also uses authentication of messages to ensure authorship i.e. even though a man in the middle can encrypt messages to you using your public key and pretend that they are written by your conversation partner, the lack of the correct authentication signature will alert you to the fact that someone is spoofing the messages. PGP does the same by signing with the private key. There's no way to prove authorship based on the authentication signature though -- all you can do is determine that a series of messages came from the same author, but there's nothing which intrinsically proves who that person is. With PGP, on the other hand, if the assumption is that the private keys of the conversing parties have not been compromised, then they both are who they claim they are (of course you might've been duped into using someone else's public key and then all bets are off).

Anyway, OTR improves on PGP and works well for chat. PGP is probably still the easier solution for email.

SRTP (secure real-time transport protocol)
I don't know much about this, and am heavily relying on the Wikipedia page.
SRTP is an encryption method for streamed data, which I read to include voice and video. It needs a key management protocol, such as ZRTP. The way keys are managed depend on the protocol. As far as I understand ZRTP uses temporary asymmetric keys which are exchanged at the beginning of the encryption part of the conversation, similar to OTR, but includes one major difference: a call begins with a verbal exchange of a specific value displayed in the clients of the two parties conversing. This is to avoid that there's a man in the middle attack -- you will presumably recognise the voice of the person you're talking to and be able to verify the identity that way.

I won't cover data encryption using e.g. Truecrypt, in particular, since I've covered it in detail before, e.g. here: http://verahill.blogspot.com.au/2012/04/using-truecrypt-with-dropbox.html

Solutions that I won't consider:
While e.g. skype uses encryption, you're not in control. Also, it's not open source, so who knows how it works

While you using https and google talk in a browser encrypts you video/voice calls and chat, you're not in control -- google can decrypt your conversation any time.

--- End of the boring bits ---

PGP/GPG keypair
The easiest way to do it is probably via the seahorse GUI.

sudo apt-get install gnupg seahorse

Start seahorse (known as Passwords and Keys in Gnome 3).

Once you've made a key pair, synchronise it with a server so that other people can get your public key, e.g.

Alternatively, you can do everything on the command line:

gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
[..]
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) Y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) "
Real name: I Lindqvist
Email address: i.lindqvist@email.net
Comment: fake address
You selected this USER-ID:
    "I Lindqvist (fake address) "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

You'll get asked for a passphrase twice. Then:


We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 283 more bytes)
..+++++
...+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 109 more bytes)
.....................+++++
gpg: key 2B4C5636 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/2B4C5636 2012-05-02
      Key fingerprint = 5B71 C3F1 0C2D E008 B299  21A8 019F 907E 2B4C 5636
uid                  I Lindqvist (fake address) 
sub   2048R/78F9B6C1 2012-05-02
gpg --list-key

/home/me/.gnupg/pubring.gpg
-----------------------------
pub   2048R/2B4C5636 2012-05-02
uid                  I Lindqvist (fake address) 
sub   2048R/78F9B6C1 2012-05-02

To add more email addresses, do

gpg --edit-key 2B4C5636
>adduid

and follow the prompts. You do not want to add subkeys. Do

>trust

to set the trust level. Ultimate for your own key, full for your pals.

Implementation

Chat:

Gajim
Gajim supports both PGP (natively) and OTR (via a plug in). It's also easy to use and written in python, which is a plus.

To enable PGP/GPG, go to Edit, Accounts, Personal Information, Choose Key:

You need to assign the public key to the contacts you want to chat with. First get the public key -- either from an online repo or by email from your contact. In e.g. seahorse, go to Remote, Find Remote Keys and search:

Then, in gajim, do

To enable OTR, go to Edit, Plugins, click on the Available tab and wait a little while for the list to populate:

To use OTR, do the following:

Start chat, click on the settings icon, select off-the-record, and start

It's now encrypted

To verify the identity of the other party, click on Authenticate contact

Ask a question

And the other person answers

Authentication achieved

Alternatives
mcabber also support PGP/GPG, and is a curses based program. See here for configuration.

pidgin and jitsi both support OTR, but not PGP.

Pidgin and mcabber are in the debian repos.

Email:

Evolution:
Enabling PGP/GPG is very easy -- edit your account, and go to the Security tab:

To encrypt, start a new message and click on Options. You might want to have html turned off.

Thunderbird:
You'll need to install enigmail.

You can select your key etc. under key management.

Alternatives
Mutt does PGP/GPG and is a neat curses-based program.

Z/SRTP in Voice

There are a couple of solutions for 'secure' voice and video. I looked at Twinkle before, and while it's a capable SIP program, the downside is that it requires access to a SIP service (e.g. Ekiga, or via your ISP). What is really needed are clients which can encrypt communication going via e.g. google talk/jabber and the likes. Jitsi does that, and is open source.

I won't consider Skype for the usual reasons -- it's not free, open or transparent.

Jitsi
Get jitsi by doing

wget https://download.jitsi.org/jitsi/debian/jitsi_1.0-latest_amd64.deb
sudo dpkg -i jitsi_2.0-latest_amd64.deb

Start Jitsi and set up an account. You can add more accounts later by going to Options and clicking the Accounts tab.

Anyway, start Jitsi, and go to Options, Security to get an overview. Here's the ZRTP tab. Basically you CAN change the parameters, but you're advised not to:

Jitsi also does OTR chat:

And you can set a master password, so that people can't start jitsi if you leave your desktop unprotected.

You don't need to do anything to enable ZRTP as it will automatically be used if both your and your partner's clients support it, so here's OTR in Jitsi:

380. Modifying NWChem code without a full recompile

This isn't a secret trick or anything, but may still not be immediately obvious to most people.

A full compilation of NWChem can easily take 20-40 minutes, depending on your build machine.

Sometimes you need to make changes to the source code, e.g. if you want to use GabEdit to analyse output -- ECCE is a fantastic piece of software and is great for managing computations, but GabEdit has implemented some pretty interesting routines for orbital analyses. In order for you to be able to reliably import NWChem output into GabEdit you need to modify a handful of fortran files.

See e.g. http://verahill.blogspot.com.au/2013/02/3xx-modifying-nwchem-611-to-work-with.html for patching NWChem, and http://verahill.blogspot.com.au/2012/11/visualising-nwchem-output-with-gabedit.html for how to run your nwchem jobs and how to visualize them in gabEdit (you need to explicitly define your basis sets).

Angelo Rossi made this comment:

Hello:

Thank you so much for this valuable information.

But under the heading of "Compilation" above, the directions lead to a pointer to compile the entire NWChem source. But only one or two subroutines are modified. Shouldn't there be a more surgical way of proceeding after making the suggested changes? Actually this would make a great separate post. That is, provide a procedure to recompile and link when small changes to NWChem are made. I've done this, but I can't remember.

Kind regards,

Angelo

The answer was on this page: http://xray.isc.kharkov.com/ext_docs/NWChem/prog/node12.html
So here we go:

Partial recompile/relinking of NWChem

1. Environmental variables
Define your environmental variable like you would during a normal compile


export LARGE_FILES=TRUE
export TCGRSH=/usr/bin/ssh
export NWCHEM_TOP=`pwd`
export NWCHEM_TARGET=LINUX64
export NWCHEM_MODULES="all python"
export PYTHONVERSION=2.7
export PYTHONHOME=/usr
export BLASOPT="-L/opt/openblas/lib -lopenblas"
export USE_MPI=y
export USE_MPIF=y
export USE_MPIF4=y
export MPI_LOC=/usr/lib/openmpi/lib
export MPI_INCLUDE=/usr/lib/openmpi/include
export LIBRARY_PATH=$LIBRARY_PATH:/usr/lib/openmpi/lib:/opt/acml/acml5.2.0/gfortran64_int64/lib:/opt/openblas/lib
export LIBMPI="-lmpi -lopen-rte -lopen-pal -ldl -lmpi_f77 -lpthread"
export FC=gfortran

2. Run make in modified directories
In the GabEdit example we made changes to files in src/ddscf, src/nwdft/scf_dft, and src/mcscf

cd $NWCHEM_TOP/src/ddscf
make
cd $NWCHEM_TOP/src/nwdft/scf_dft
make
cd $NWCHEM_TOP/src/mcscf
make

3. Run make link in the src directory

cd $NWCHEM_TOP/src
make link

4. Do your usual post-compilation memory magic

cd $NWCHEM_TOP/contrib
./getmem.nwchem

Done!

This all in all took around 6 seconds instead of 30-odd minutes.

06 April 2013

379. [Solved] Debian Wheezy -- Thinkpad SL410: reboot instead of shutdown when on battery

Solved: it was down to laptop-mode-tools, which I installed as part of this post two weeks ago. I uninstalled that package and my laptop is shutting down properly again.

Original post:
Since today[*], with Debian Wheezy stock kernel (3.2), my Thinkpad SL410 reboots instead of shutting down when it's running on battery. Works fine when on mains power. During shutdown it says 'Will now halt', then reboots.

Similar to what's seen in this thread: http://forums.debian.net/viewtopic.php?f=7&t=86316&start=15, but shutting down X seems to have no effect. Googling seems to yield a lot of hits for thinkpads and ideapads.

Annoying and no idea why.

The support for SL410 under Debian Wheezy has actually gotten worse during the past year -- now 'mute' doesn't work anymore, and from today it doesn't shutdown on issuing e.g. sudo shutdown -h now.Finally, recently the behaviour of the kernel (3.8) has lead to slowdowns on computer with i915 (intel) graphics, which would include a majority of laptops (a fix is on the way though).

Looking at /var/log/apt/history.log my kernel was updated (not a new version, so a bit confused), two days ago. Nothing else looks important enough.

[*] Given that removing laptop-mode-tools solved it, and that I installed that on the 23rd of March, I must've been running my laptop off of mains power for the past two weeks...alternatively, newer kernels fix this (supposed to be due to the combination of laptop-mode-tools and an apci bug in the kernel) since I've been running 3.7.10 for the past two weeks, and only switched back to 3.2 yesterday.

Pages