Archive

Posts Tagged ‘linux’

DNS problems with Ubuntu? Disable dnsmasq with NetworkManager

Ubuntu LogoOn Ubuntu, if you suddenly cannot resolve DNS addresses anymore, though your network connection is up, you might just have run into a problem with dnsmasq (a local DNS server) that is used by NetworkManager. This post is about disabling dnsmasq and using the DNS servers advertised by your network directly instead.

Is it a DNS problem?

A good indication that you are facing a DNS problem on your machine is when you are connected to a network (meaning you still have an IP address assigned), but your internet connection suddenly stops working, and you are unable to ping DNS addresses like www.google.com:

ping www.google.com # unknown host

but you are still able to ping IP-addresses like 8.8.8.8:

ping 8.8.8.8 # works fine

This looks like you are not able to resolve DNS addresses any more – but you are still correctly connected to your network and to the internet.

What could cause this problem on Ubuntu?

Ubuntu uses NetworkManager, which in turn uses dnsmasq: a local DNS server running on your machine. As dnsmasq is started locally, redirecting DNS requests to the local address 127.0.0.1 would be fine in such a setup. You can see this being used by looking at your /etc/resolv.conf file: if it shows the following line, a local DNS server is in use:

nameserver 127.0.0.1

However, with certain setups you might run into problem when using this way of resolving DNS addresses. This might be the case e.g. when you are using a different program in parallel to manage your connections, which is not cooperating with dnsmasq well.

What could be the solution?

An easy solution is to try if your machine works fine without using dnsmasq. In this case DNS with be resolved not using a local dnsmasq DNS server but using the DNS server advertised via DHCP. To disable dnsmasq with NetworkManager, comment out the dns=dnsmasq line in /etc/NetworkManager/NetworkManager.conf:

# dns=dnsmasq

This will prevent NetworkManager from starting a dnsmasq instance, hence will prevent it from locally resolving DNS lookups. DNS lookups will then be done using the DNS servers advertised to your machine from DHCP. You can check that this actually worked as follows: after a reboot (clears all possible cached DNS servers info on your machine) and connecting to a network you should see actual DNS servers showing up in /etc/resolv.conf (with actual IP-addresses of course) in the place of the former 127.0.0.1 one:

nameserver x.x.x.x
nameserver y.y.y.y
nameserver z.z.z.z

Reduce pdf file size with GhostScript pdf compression under Linux/Unix

March 19, 2018 Leave a comment

We frequently need to mail pdf files that are too big for regular mail services, such as a 40MB pdf file with a maximum 10MB send restriction. In such situations quick and effective pdf compression comes in handy that does not reduce the quality to a level of the file becoming unusable.

GhostScript

GhostScript LogoUnder Linux and Unix-like systems GhostScript is one of the most powerful tools (probably the most powerful one) to manipulate files like pdf, ps, etc. If you are on a Linux/Unix-like system and need a job with pdf files done check out the “How to use GhostScript” site. It’s not unlikely that GhostScript already has a built in solution to your problem. Consequently it also features a way of effectively compressing pdf files with different options and settings.

GhostScript pdf compression

Effective pdf compression is possible with GhostScript using a single command (adapted from here and here):

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -sOutputFile=outputfile.pdf inputfile.pdf

-dPDFSETTINGS= specifies the quality level of the pdf file. This effects embedded pixel graphics (also adapts embedded color profiles) and is the main option for controlling the compression level, thereby the resulting file size:

  • -dPDFSETTINGS=/screen (72 dpi images)
  • -dPDFSETTINGS=/ebook (150 dpi images)
  • -dPDFSETTINGS=/printer (300 dpi images)
  • -dPDFSETTINGS=/prepress (300 dpi images, color preserving)
  • -dPDFSETTINGS=/default

Other switches: the output is written as pdf (-sDEVICE=pdfwrite), the pdf compatibility level is set to 1.4 (-dCompatibilityLevel=1.4), the process does not require user interaction (-dNOPAUSE and -dQUIET), and GhostScript skips the startup message (-dQUIET).

Categories: Linux, Misc Tags: , , , , , , , ,

Rhythmbox is silent: reset pulseaudio configuration

Rhythmbox is silent?

After playing around with different Linux Shells/UIs/window managers (including i3, Gnome Shell, etc) and some frequent restarts, I noticed that for some reason my music player Rhythmbox had stopped playing any sounds. Though it was still “playing” songs, no sounds were actually made by speakers, headphones, etc. In contrast, all other sounds were OK, including OS sounds like info/error messages, or other players like VLC. Changing sound setting, volumes, as well as changing audio devices did not have any effect on this.

Resetting pulseaudio configuration

Turns out that the pulseaudio configuration was messed up. The solution to this problem is to move/delete the old configuration, then let it be recreated (the original problem description and solution to this is here):

mv ~/.config/pulse/ ~/.config/pulse_old/ # move/delete the old config
pulseaudio -k # restart pulseaudio

After doing this and restarting Rhythmbox its sound should be back to normal, – though you might need to restart the OS if you run into problems with external speakers/headphones.

SSH Proxy: Server and Client Side of Using an SSH User Without Shell as Proxy Server

April 30, 2016 Leave a comment

Accessing services on an internal network over a proxy reachable from the Internet.

Imagine you want one of your machines to become a proxy for external users to be able to access local resources or the internet as if they were on that machine. You could run a dedicated proxy server for that, but if the machine provides SSH and you want an easy solution, you can use SSH as well – without risking any shell-related issues (like this user also having access to the local file system).

Why would you want stuff like that in the first place? That’s what proxy servers (and most frequently VPNs) are made for: to access country-, company-, or university-internal resources from outside of that network just as you would from the inside.

Server side

The server side is rather easy. Let’s assume we call that user “sshproxy”. The important thing is to not give your proxy user a shell, which we do here during creation of the user:

sudo useradd -m -d /home/sshproxy -s /bin/false sshproxy # create user and home directory, disable shell

The user’s password is disabled by default (you can check that there’s a ! in /etc/shadow for the sshproxy user). If you don’t want to use passwords but private-public keys (which I would recommend): in /home/sshproxy create the .ssh/ folder and the .ssh/authorized_keys file and ensure they’re readable for the sshproxy user. There you need to add the ssh public keys of people that should be allowed to use the ssh proxy. The cool thing about it is that different real life users can make use of the same sshproxy user: you just need to add to manage the keys of real life users for the sshproxy user. Further, you likely don’t want the sshproxy user to be able to change the authorized keys, therefore make the file read only for that user (e.g. root owned + writeable by owner only). If you have an AllowUsers section in your /etc/ssh/sshd_config, you need to add the sshproxy user there and restart ssh. That’s it on the server side.

User side

If you’re one of the users that need to generate their ssh keypair, you can have a look at:

https://help.ubuntu.com/community/SSH/OpenSSH/Keys#Generating_RSA_Keys
(very easy to understand)

https://stribika.github.io/2015/01/04/secure-secure-shell.html
(details that are good to know if you want to have more secure keys = not so easy to crack)

If you use RSA then use at least 2048 bit key length (4096 can’t hurt…), e.g. with ssh-keygen with the “-b 4096” parameter. If you’re on a Windows machine: you can do the same using e.g. Putty. Don’t forget to use a good password to protect your private key file (usually the “id_rsa” file) and never disclose it – servers only need your public key (usually “id_rsa.pub”).

Using the proxy via Linux shell

Everything’s built in, just use the following command.

ssh -D 8080 -N sshproxy@YOUR-IP-OR-URL -p YOUR-PORT

This command opens the local port 8080 (on the client machine) for proxy tasks. YOUR-PORT-URL and YOUR-PORT correspond to the SSH server running on the server machine. If everything worked fine you won’t get any response in the shell – just leave the terminal open. Make sure your private key file is in ~/.ssh/id_rsa or provide it explicitly with “-i”. If you can’t access the server try removing the “-N”. Then you should see that the server logs you in and out immediately (this means everything works fine from the SSH, proxy and tunnel side – if you add -N again, you should be fine therefore). You can check your local opened ports with nmap (“nmap localhost”). If port 8080 is not in the list before login and opened after login your tunnel works.

Using the proxy via Putty

  • address: YOUR-IP-OR-URL (where SSH server is running)
  • port: YOUR-PORT (where SSH server is running)
  • user: sshproxy
  • Enable the check box “Don’t start a shell or command at all” in “Connection-SSH”
  • Specify your private key in “Auth”
  • Tunnels: add a “dynamic tunnel” on “local port 8080”, leave destination open (should state “D8080” in Putty after you apply)

Sending data to your local port

As you now have a tunnel on port 8080 on your local machine open, you need to send request to this port, instead of your standard gateway. E.g. for your browser you can achieve that configuring the browser to use a proxy (e.g. Firefox: FoxyProxy AddOn: set address “localhost” and port “8080”).

Btw: you can do other cool things with that proxy as well, such as reverse port tunnelling, circumventing firewalls etc. But you should ensure that this is allowed in the company/country you’re in before you get yourself into troubles.

Repair PDFLaTeX generated pdf using GhostScript (Adobe Acrobat Reader error 131)

February 28, 2016 Leave a comment

I tend to do presentations using LaTeX and Beamer, while working on Linux and using TeXLive as LaTeX distribution – which all work fine. But sometimes I need to share these PDFLaTeX compiled presentations with people using Windows and Adobe Acrobat Reader as their pdf viewer. The feedback I usually get back: your pdf is broken, error 131. And frankly, that seems to be true.

Opening PDFLaTeX generated pdf files with Windows Adobe Acrobat Reader results in error 131 – more precisely in the displayed error message “There was a problem reading this document (131)”. Other pdf viewers don’t complain about the pdf, just Adobe Acrobat Reader. A quick solution to repair the pdf file is by using GhostScript:

gs -dSAFER -dBATCH -dNOPAUSE  -sDEVICE=pdfwrite -sOutputFile=output.pdf input.pdf</code></pre>

Voilà, the pdf file can be opened using Adobe Acrobat Reader – although, the source of the problem still exists of course (generating a pdf file not adhering the standard in the first place).

Git security: enabe fsckobjects in ~/.gitconfig:

February 3, 2016 Leave a comment

In order to prevent possible tampering with code in git repositories you work with (e.g. malicious manipulation of objects during clone, fetch, push…), check if these lines exist in your ~/.gitconfig and add them, if they don’t:

[transfer]
fsckobjects = true
[fetch]
fsckobjects = true
[receive]
fsckObjects = true

These enable git checking transferred objects for their integrity using their computed hashes.

Original idea from here: https://groups.google.com/forum/#!topic/binary-transparency/f-BI4o8HZW0
(and the corresponding bug on Debian here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157)

latexdiff-git: highlight changes between revisions of latex files managed in git

July 31, 2014 1 comment

latexdiff is a useful tool to determine changes between different versions of latex files and highlight them in a pdf (similar to MS word does with tracking changes). latexdiff-git is a wrapper around latexdiff optimized for git (and mercurial, but we’ll only look into git here). With it you can specify a latex document file (which is in a git repository) and a commit hash from that repository to look for changes between the file and its version from the specified commit. Same is possible with e.g. specifying two different commit hashes.

Installation (Linux)

  1. Clone latexdiff-git
    git clone git@gitorious.org:git-latexdiff/git-latexdiff.git
    
  2. All further steps are stated in the README file inside the repository you just cloned:
    1. Ensure you have a ~/.gitconfig file and that it’s accessible for your user.
    2. Add the following lines to .git/config
      [difftool.latex]
       cmd = latexdiff "$LOCAL" "$REMOTE"
      [difftool]
       prompt = false
      [alias]
       ldiff = difftool -t latex
      
    3. Change the checked out script file latexbatchdiff.sh: search for revlatexdiffcmd='please define' and replace it with revlatexdiffcmd='git ldiff'
  3. Place latexbatchdiff.sh somewhere in your path (I tend to place it in ~/bin) and make it executable: chmod +x latexbatchdiff.sh

Usage

You can generate a tex file from differences between a latex file and a revision checked into git with (replace GITHASH and FILE with your git commit hash and latex file)

latexdiff-git -r GITHASH FILE

Alternatively you can generate the tex file from changes between two specific commits of a latex file:

latexdiff-git -r GITHASH1 -r GITHASH2 FILE

To view changes hightlighted in a pdf:

pdflatex *diff*tex # create pdf highlighting diff
evince *diff*pdf # replace evince with your preferred pdf-viewer
Categories: Misc Tags: , , , , , ,