Author Archive

Looking for a simple web based app to take notes I discovered http://scrumblr.ca/ and a fork which added markdown tagging and import/export: https://framemo.org/.

Installation on debian stretch using apache2 as proxy allowing password protected access by ssl (described here and here):

  • apt-get install nodejs npm redis-server

  • mkdir -p /opt/nodejs
    cd /opt/nodejs
  • adduser –no-create-home –home /opt/nodejs/scrumblr –disabled-login –gecos “Scrumblr” scrumblr

  • git clone https://github.com/aliasaria/scrumblr.git

  • chown scrumblr: -R /var/www/scrumblr
    cd scrumblr

  • npm install
  • add scrumbler extensions of ldidry and test scrumblr on the console:
    • su scrumblr -s /bin/bash

    • git remote add fork https://github.com/ldidry/scrumblr/ git fetch fork git pull fork master
    • node server.js –port 4242 –baseurl /your_url_dir
      bugfix (“RangeError…”): edit config.js and change the line redis: …
      redis: argv.redis || ‘redis://127.0.0.1:6379’
  • netstat -ant reveals that scrumbler listens on all interfaces; so replace in server.js line server.listen(conf.port);
    server.listen(conf.port, ‘127.0.0.1’);
  • add a service description to /etc/systemd/system/scrumblr.service (reference) and enable scrumblr.service
    (and include startup argument  –baseurl /your_url_dir)
  • configure apache2 as proxy
    • enable modules: a2enmod proxy; a2enmod proxy_http
    • add a location section to virtual host config file in /etc/apache2/sites-available/
      <Location /your_url_dir>
      ProxyPass http://127.0.0.1:4242/your_url_dir
      ProxyPassReverse http://127.0.0.1:4242/your_url_dir
      </Location>
    • apache2ctl configtest; apache2ctl graceful
  • Open http(s)://your_server.tld/your_url_dir/
    • mini bug: the link to demo board is an absolute url and thus ignores proxy url; to fix this remove absolute path in scrumblr/views/home.jade at line p.home!=…
      p.home!= ‘<a href=”demo”>’ + ‘demo</a>’
    • here is a reference for the use of markdown syntax (e.g. insert links and images)
  • Todo: properly support editing on android and ios devices
    • ios recognizes doubleclick but cursor cannot be moved
    • android does not recognize doubleclick
    • scrumblr/client/script.js line card.children(‘.content’).editable…: if event: ‘dblclick’ gets replaced by
      event: ‘click’
      enables editing empty cards on mobile devices at the price that on the desktop dragging of a card activates edit mode
    • differentiate between ‘click’ for touch devices and ‘dblclick’ for other devices: content of diff file is here.

General:

  • install file server role: file management from other machine using \\servername\c$
    Import-Module Servermanager
    get-windowsfeature *
    add-windowsfeature fs-fileserver
  • blue console sconfig.cmd offers only Log Off or Shut Down / Restart.
    But pressing ctrl+alt+del offers Lock to lock the screen
  • install corefig to get some graphical management tools (docs here)
    set powershell to remote signed and unblock corefig ps* files:
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
    Unblock-File -Path path_to_corefig\*.ps*
  • to open ports run powershell command
    New-NetFirewallRule -protocol tcp -localport 3551 -direction inbound -action allow -displayname apcupsd
    (rule is gets removed by Remove-NetFirewallRulle -displayname apcupsd)
  • to forward ports to another host run netsh command
    netsh interface portproxy add v4tov4 listenport=1234 listenaddress=10.0.1.234 connectport=5678 connectaddress=10.0.5.678
    (netsh interface portproxy delete v4tov4 listenport=1234 listenaddress=10.0.1.234)
  • to display id of a vm use powershell (reference):
    get-vm
    $vm=get-vm -name your_vm_name
    $vm.vmid
  • hyperv vm’s can be managed by 5nine Manager (free edition for up to 6(? only seen 2) local vm’s)
    or use ProHVM by probus-it.com (Standard edition is free; key file by email after registration; for multiple servers multiple key files can be obtained; works with local and remote hosts!)
  • this tool runs on hyper v server and includes a vm console
    (which may be put into HKLU/…/Run; fetch cmd args using process explorer)
  • to install drivers from inf files use
    pnputil -i -a path_to_inf_file.inf
  • some server 2012 core specific help for powershell is here

Server 2008r2 sp1 as guest vm:

  • easily moved from hard disk to vhdx by running disk2vhd tool inside physical 2008r2 server
    with a network share as target
  • important, if server 2008r2 includes hyper v role: bluescreen when hyper v 2012 guest tools are installed:
    Boot 2008r2 inside vm; use server manager to uninstall hyper-v role (needs 2 or more reboots); if server manager confirms successful removal of hyper v role, then install 2012 hyper v guest tools; insert hyperv guest iso using hyper v manager (5nine).

Special note for mainboard with adaptec softraid for onboard ata disks

  • server 2012r2 can be installed on such a raid drive, if sata raid driver is installed from usb during installation (e.g for amd boards with sp5100 chip)
  • adaptec storage manager runs inside hyper v 2012r2; email notifications can be configured; manual.
    (smtp access by ssl/tls via stunnel; stunnel -install configures stunnel as auto starting service; config: client=yes accept=127.0.0.1:25 connect=yourmailserver.tld:465)
  • smartctl of smartmontools seems to be unable to look into physical drives of this adaptec softraid devices (but possible with intel softraid)

 

First install composer.

  • dependencies: curl and git
  • download and verify composer-setup.php as described at composer homepage section download: https://getcomposer.org/download/
  • install as /usr/local/bin/composer: php composer-setup.php –install-dir=/usr/local/bin –filename=composer

Second install yii as described here: http://www.yiiframework.com/doc-2.0/guide-start-installation.html)

  • create an installation directory for the new yii project one level above document root, e.g. mystuff../
  • run composer inside directory mystuff:
    • composer global require “fxp/composer-asset-plugin:^1.3.1”
    • composer create-project –prefer-dist yiisoft/yii2-app-basic ./
    • If document root is defined as public_html ,and should be handled by yii framework, then run:
      ln -s yii/web/ public_html

If a database backend is used, yii code to handle tables can be auto generated using yii component gii.

  • configure config/web.php according to manual: http://www.yiiframework.com/doc-2.0/guide-start-gii.html
  • ensure that the web server has write (at least temporary) access to yii directory (chown -R www-data:www-data yii)
  • create the database table and add comments to each table field (which will become labels for table edit form fields)
  • create Model and CRUD using gii
  • uncomment primary index field id in views/your_table_name/index.php

To create pdf output use plugin yii-mpdf: https://github.com/kartik-v/yii2-mpdf

  • install plugin: composer require kartik-v/yii2-mpdf “1.0.1”
  • add pdf config to components array in config/web.pdf
    (and do not forget to add at the beginning of web.php: use kartik\mpdf\Pdf;)
  • for a view file views/your_table_name/view2.php add to controllers/yourTableNameController.php
    $pdf = Yii::$app->pdf;
    $pdf->content = $this->renderPartial(‘view2’, [‘model’ => $this->findModel($id)]);
    return $pdf->render();
  • to change formatting in dataset detail view
    • reference is source code: vendor/yiisoft/yii2/widgets/DetailView.php (and vendor/yiisoft/yii2/base/Widget.php):
      variables $template = ‘<tr><th{captionOptions}>{label}</th><td{contentOptions}>{value}</td></tr>’
      and $options = [‘class’ => ‘table table-striped table-bordered detail-view’]
    • thus add in file views/your_table_name/view2.php:
      DetailView::widget([ ‘model’ => $model, ‘template’ => ‘your_settings’,  ‘options’ => [your_settings], …

User authentication: http://www.yiiframework.com/doc-2.0/guide-security-authentication.html

(Plugin which allows user registration with email confirmation etc.: https://github.com/dektrium/yii2-user
https://code.tutsplus.com/tutorials/how-to-program-with-yii2-integrating-user-registration–cms-22974)

  • the standard base template of yii includes user authentication with hardcoded passwords in file
    models/User.php
  • some configuration is set in config/web.php: array components, sub array user, e.g. enableAutoLogin might be set to false
  • views/site/login.php defines the login page, e.g. remember me might be removed
  • example code to get name of logged in user:
    use app\models\User;
    if( !(Yii::$app->user->identity===null) ){echo User::findIdentity(Yii::$app->user->id)->username;} else {echo “guest”;}
  • if( !(Yii::$app->user->identity===null) && ‘100’===Yii::$app->user->id){echo “is admin”;}

Configure Mailer

  • set admin email address in config/params.php
  • configure mailer in config/web.php as described in
    https://code.tutsplus.com/tutorials/how-to-program-with-yii2-integrating-user-registration–cms-22974
  • edit contact form views/site/contact.php

Using a scanner often results in large files. OS X preview program allows to export to multiple formats. Choosing filetype pdf enables the option to apply quartz filters (generic export dialog; shortcut export to pdf does not show quartz filters in OS X 10.11.6). The builtin quartz filter reduce file size does create tiny documents but text might get unreadable.

But the builtin tool ColorSync allows to modify and create quartz filters (german howto with screenshots here). If a newly created filter should show up in the export dialog of the preview program it has to be copied from
/Users/your_name/Library/Filters to /Library/PDF Services
(tested in OS X 10.11.6).

Example of settings for small but (rather) readable pdf files:

  • Image: pixel per inch = 100; quality = high; all other settings empty
  • Image (gray): pixel per inch = 100; quality = high; all other settings empty
  • Image compression: jpeg; quality = slider one tick below medium position

To shrink multiple pdf files the custom quartz filter can be used from the command line:

  • Open Tools / Automator and create a new workflow
  • add action pdf / apply quartz filter
  • do not add other actions
  • save this workflow, e.g. as /yourpath/pdfreduce
  • copy all pdf files which should be converted to a new folder
  • open a terminal and cd to the folder with pdf files which should be shrinked
  • to convert one file run: automator -i yourdoc.pdf /yourpath/pdfreduce.workflow
  • multiple files: for f in *.pdf; do echo “$f”; automator -i “$f” pdfreduce.workflow; done

Nagios is a perfect server monitoring tool and a NAS runs 24 hours a day. ndo2db grapher displays realtime graphics.nagios_graph

Resources:

ndo2db grapher on exchange.nagios.org (Version 0.3.2) with a minor patch: ndographer.diff (background); installation as described on exchange.nagios.org

nagios 4.2.1 from github

nagios plugins 2.1.2 from nagios.org

ndoutils 2.1.1 from github (made by the makers of nagios): ndomod.o and ndo2db to transfer nagios data to  a mysql database.

jpgraph 3.0.7 from sourceforge

Hardware: qnap TS-119P II with Optware-IPKG app installed (gcc, automake, make, … installed); apache, php and mysql are part of qnap firmware (currently 4.2.2).

Installation notes:

Nagios:
configure options:
--prefix=/opt/nagios --enable-nanosleep --with-init-dir=/opt/etc/init.d
edit Makefile and replace

-o root -g root by -o admin -g administrators
run make all; make install; make install-init; make install-config; make install-commandmode
symlink /opt/nagios/share to /share/Web/nagios
edit /etc/config/apache/apache.conf and set Options +ExecCGI for directory /share/Web/nagios/cgi-bin
and add group nagios to qnap apache user: usermod -a -G nagios httpdusr

Nagios plugins:
configure options:
--prefix=/opt/nagios
run make all; make install (installs to /opt/nagios/sbin)
symlink /opt/nagios/sbin to /share/Web/nagios/cgi-bin

Ndoutils:
configure options:
--prefix=/opt --with-ndo2db-user=nagios --with-ndo2db-group=nagios --enable-mysql
copy ndomod-4x.o and ndo2db-4x to /opt/nagios/bin/ndomod.o and ndo2db
use phpmyadmin (installed as qnap app) to create the database and to import db/mysql.sql
(ipkg install mysql5 installs the mysql library and headers required to compile ndoutils with mysql support)
set the broker module in /opt/nagios/etc/nagios.cfg:
broker_module=/opt/nagios/bin/ndomod.o config_file=/opt/nagios/etc/ndomod.cfg
set
output=/opt/var/ndo.sock in ndomod.cfg and enter database name/user/password in ndo2db.cfg
and set lock_file=/opt/var/ndo2db.pid
run /opt/nagios/bin/ndo2db -c /opt/nagios/etc/ndo2db.cfg

Ndo2db grapher and jpgraph:
copy the tar archive content to /opt/nagios/share and create directory /opt/nagios/share/ndographer/jpgraph
patch choose_nagios.php and display_nagios_info.php using the patch file
copy the folder src contained in jgraph-3.0.7 archive  to /opt/nagios/share/ndographer/jpgraph/src
edit ndographer/nagios_graph_conf.inc.php (database name, user, password and
$cache_directory = “/opt/nagios/share$cache_htdocs”;
$pre_generated_image_path = “/opt/nagios/share/nagios-cache”;
create directory /opt/nagios/share/nagios-cache/cache and set owner to httpdusr
(and symlink /opt/nagios/share/nagios-cache to /share/Web/nagios-cache)

System configuration:

Configuration of nagios:
Either set http(s) authentication (see below) or disable authentication in /opt/nagios/etc/cgi.cfg
use_authentication=0 (warning: only if access to your_ip_adress/nagios is otherwise restricted!)
Add a notes_url line to every service which should display a graph
notes_url   /nagios/ndographer/display_nagios_info.php?name1[]=$HOSTNAME$&name2[]=$SERVICEDESC$
(displays in “service status details for a host a white icon (“view extra service notes) which opens the graphic; add other variables to set options like &max_value=20; first define settings by webinterface and check which variables are used in resulting url); to submit the changes to nagios run
/opt/etc/init.d/nagios reload

Start and stop nagios automatically:
1) enable optware start/stop scripts in /opt/etc/init.d (already described here; /dev/mtdblock5 instead of /dev/mtd5 with qnap firmware 4.2.2)
mkdir /tmp/config
mount /dev/mtdblock5 /tmp/config
– copy K010optstartstop.sh to /tmp/config (with extension ‘.sh’, not with extension.txt; partly found here and here)
chmod +x /tmp/config/K010optstartstop.sh
umount /tmp/config
2) nagios make install-init has created /opt/etc/init.d/nagios (=file daemon-init in nagios source folder)
3) create script file /opt/etc/init.d/S61nagios, make it executable and edit it:
#!/bin/sh
if [ -f /opt/etc/init.d/nagios ] ; then
[ -f /opt/nagios/etc/ssmtp.conf ] && mv /opt/nagios/etc/ssmtp.conf /opt/nagios/etc/ssmtp.conf.bak
cp /etc/config/ssmtp/ssmtp.conf /opt/nagios/etc/ && rm /opt/nagios/etc/ssmtp.conf.bak
/bin/chgrp nagios /opt/nagios/etc/ssmtp.conf
/opt/nagios/bin/ndo2db -c /opt/nagios/etc/ndo2db.cfg
/opt/etc/init.d/nagios start
fi

4) create script file /opt/etc/init.d/K39nagios, make it executable and edit it:
#!/bin/sh
if [ -f /opt/etc/init.d/nagios ] ; then
/opt/etc/init.d/nagios stop
killall ndo2db
fi

Http authentication:
All qnap apache helper binaries are in /usr/local/apache/bin
/usr/local/apache/bin/htpasswd -c /etc/config/apache/.htpasswd.nagios your_user_name
and add to /etc/config/apache/apache.conf:
<Directory “/share/Web/nagios”>
AuthType Basic
AuthName “password required”
AuthUserFile /etc/config/apache/.htpasswd.nagios
Require valid-user
</Directory>
and run
/usr/local/apache/bin/apachectl configtest
/usr/local/apache/bin/apachectl graceful
Then add your_user_name to /opt/nagios/etc/cgi.cfg:
use_authentication=1
authorized_for_system_information=nagiosadmin,your_user_name
authorized_for_configuration_information=nagiosadmin,your_user_name
authorized_for_system_commands=nagiosadmin,your_user_name
authorized_for_all_services=nagiosadmin,your_user_name
authorized_for_all_hosts=nagiosadmin,your_user_name
authorized_for_all_service_commands=nagiosadmin,your_user_name
authorized_for_all_host_commands=nagiosadmin,your_user_name
and run
/opt/etc/init.d/nagios configtest
/opt/etc/init.d/nagios reload

Configuration of sendmail on qnap:
qnap firmware installs ssmtp with config in /etc/config/ssmtp/
(and the start script S61nagios copies ssmtp.conf to /opt/nagios/etc/ and sets group nagios)
use webinterface: control panel /system settings /notification
to define the smtp server of your mail account
Then edit /etc/config/ssmtp/ssmtp.conf:
hostname=localhost
and /etc/config/ssmtp/revaliases (use same smtp server as in ssmtp.conf):
admin:you@yourdomain.org:your_smtp_server:your_smtp_port
nagios:you@yourdomain.org:your_smtp_server:your_smtp_port

and run (logged in as admin user):
echo "first message" |sendmail your_receiver@your_mailbox.org
This sends mails from admin as mails from you@yourdomain.org; (if this command runs without errors check your inbox and your spam folder).
Repeat this test as user nagios:
cp /etc/config/ssmtp/ssmtp.conf /opt/nagios/etc/; chgrp nagios /opt/nagios/etc/ssmtp.conf;
su nagios; echo "second message" |sendmail -C/opt/nagios/etc/ssmtp.conf your_receiver@your_mailbox.org; exit
Nagios notifications use the program printf which is in /opt/bin/printf (which gets installed with ipkg install coreutils)
and edit /opt/nagios/etc/objects/commands.cfg:
/usr/bin/printf has to be replaced by /opt/bin/printf
and the subject line has to be moved from sendmail to printf:
sendmail -s "........." has to be replaced by sendmail -C/opt/nagios/etc/ssmtp.conf
and printf "%b" "****** Nagios has to be replaced with printf "%b" "Subject: .........\n\n****** Nagios
Reload nagios with /opt/etc/init.d/nagios reload and try to send a forced host (or service) notification from nagios web interface: Host (or Service) state information
(Change debug level from 0 to 164 and debug_verbosity from 1 to 2 in /opt/nagios/etc/nagios.cfg to search bugs; debug logfile: /opt/nagios/var/nagios.debug; normal logfile: nagios.log)
The comments given by the user in notifications manually sent by the user may be included into the message using variable $NOTIFICATIONCOMMENT$ (reference).

Firmware update woes:

  • nagios section in /etc/config/apache/apache.config has to be reinserted
  • ipkg install procps; ipkg install inetutils: ping and ps in /opt/bin are kept
  • but nagios needs ping (and nagios initscript needs ps) non busysbox verion in /bin:
    • cd /bin; mv ping ping.bb; mv ps ps.bb; ln -s /opt/bin/ping ping; ln -s /opt/bin/ps ps

notes when trying to display xps files with evince
(however mupdf has less bugs and is supported by homebrew as well)

  • brew install evince does not support xps file format (xps option disabled at compile time)
    (check PATH variable, put /usr/local/bin as first entry if homebrew and macports are installed and errors like Python.h not found occur even if python has been freshly installed by homebrew)
  • an example for own brew formulas can be found here
  • copy /usr/local/Library/Taps/homebrew/homebrew-core/Formula/evince.rb to
    /usr/local/Library/Taps/homebrew/homebrew-x11/
  • edit /usr/local/Library/Taps/homebrew/homebrew-x11/evince.rb:
    uncomment the lines from bottle do to end using  # to disable prebuilt binaries
    add “–enable-xps”, to configure arguments
    and add line depends_on “libgxps”
  • run brew search evince which should find homebrew/x11/evince
  • run brew install homebrew/x11/evince

Bare metal recovery: Making the hard disk with image data bootable – update of this post; requires a licensed version of trueimage 2016 home (to be able to either download the acronis standalone iso from acronis or to create the iso with acronis media builder).

Step 1: Initialization of the disk using windows diskpart (compare this post); all data on this disk gets erased; tested with diskpart of windows 10:

  • list disk
  • select disk 1 (be careful to select the external disk which will be erased)
  • clean
  • convert gpt (automatically creates a 100 MB msr partition which remains unused)
  • create partition efi size=512
  • format fs=fat32 quick label=EFI
  • create partition primary size=2048 (bootloader and acronis)
  • create partition primary (use remaining space for image data)
  • exit

Step 2: Continue with linux; tested with ubuntu 16.04.

Step 2: Prepare and format the hard disk:

  • sudo su
  • gdisk -l /dev/sdb (be careful to select the external disk which has been prepared in step 1)
  • use df -h to show if any partitions of /dev/sdb are mounted and unmount them
  • gdisk /dev/sdb (be careful to select the external disk – replace sdb by your disk sd… in the instructions below!)
    • p
    • t
      3 <enter> (sets type of partition 3 to linux; do not set the data partition 4 to linux – else trueimage won’t allow to read/write tib files)
    • x
    • a
      3
      2 <enter> (set gpt partition flag bios bootable, used by extlinux boot loader)
    • w
  • mkfs.ext2 -L BootExtHD /dev/sdb3
  • mkfs.ext4 -L DataExtHD /dev/sdb4

Step 3: Install extlinux to make the hard disk bootable in bios mode:

  • mount /dev/sdb3 /mnt
  • mkdir /mnt/extlinux
  • extlinux -i /mnt/extlinux
  • touch /mnt/extlinux/extlinux.conf
  • mcedit /mnt/extlinux/extlinux.conf (compare these instructions on reboot.pro)
    • DEFAULT ti2016
      SAY booting TrueImage 2016 from USB disk with extlinux
      LABEL ti2016
      KERNEL /acronis/dat10.dat
      APPEND quiet force_modules=usbhid lib80211=off
      INITRD /acronis/dat11.dat,/acronis/dat12.dat
    • my machine crashes if lib80211.ko gets loaded (ti2016 build 6571)
      else parameter lib80211=off is not neccessary
  • dd if=/usr/lib/syslinux/mbr/gptmbr.bin of=/dev/sdb (add a syslinux/extlinux compatible mbr to the hard disk)

Step 4: Install grub to make the hard disk bootable in (u)efi secure boot mode; assumes that ubuntu 16.04 has been installed with grub efi boot loader and that loading of unsigned kernel (modules) has been enabled:
mokutil –disable-validation (has to be run as root, disables kernel validation at reboot; boot loader grub then complains insecure boot.)

  • mount /dev/sdb2 /mnt2
  • mkdir /mnt2/EFI
  • copy /boot/efi/EFI/ubuntu to /mnt2/EFI/ubuntu
  • edit /mnt2/EFI/ubuntu/grub.cfg
    • run: blkid /dev/sdb3
    • replace the uuid filesystem number in grub.cfg by the UUID number shown by blkid
    • remove grub hint hd0,gpt6 (in case your ubuntu (boot) partition is sda6)
    • replace set prefix=($root)’/boot/grub’
      by set prefix=($root)’/grub’
    • e.g.:
      search.fs_uuid 4164bfdd-bfbe-464a-9e7f-1ec096f84c2d root
      set prefix=($root)'/grub'
      configfile $prefix/grub.cfg
  • umount /mnt2
  • mkdir /mnt/grub
  • copy the contents of directory /boot/grub/ to /mnt/grub/
  • delete /mnt/grub/grubenv
  • edit /mnt/grub/grub.cfg
    • set default="0"
      set timeout="10"
    • taken from ubuntu:
      function load_video {
      if [ x$feature_all_video_module = xy ]; then
      insmod all_video
      else
      insmod efi_gop
      insmod efi_uga
      insmod ieee1275_fb
      insmod vbe
      insmod vga
      insmod video_bochs
      insmod video_cirrus
      fi
      }
    • taken from ubuntu (but replace filesystem UUID number ):
      font=unicode
      insmod part_gpt
      insmod ext2
      search --no-floppy --fs-uuid --set=root 4164bfdd-bfbe-464a-9e7f-1ec096f84c2d
      load_video
      gfxmode text
    • again using these instructions on reboot.pro:
      menuentry "Acronis TruImage Home 2016 on USB disk" {
      set quiet=1
      set gfxpayload=1024x768x32,1024x768
      set mbrcrcs=on
      # bug: kernel module lib80211 crashes kernel in build 6571 (ti 64bit)
      linux /acronis/dat10.dat lib80211=off quiet force_modules=usbhid
      initrd /acronis/dat11.dat /acronis/dat12.dat
      boot
      }

Step 5: Copy acronis trueimage 2016 from iso to hard disk:

  • mkdir /mnt/acronis
  • loop mount the acronis iso file (e.g. mount -o loop acronis.iso /mnt2)
  • copy the files dat10.dat, dat11.dat and dat12.dat to directory /mnt/acronis
  • umount /mnt

Step 6: enable to boot on a mac mini

  • The builtin boot selector of a mac mini expects the grub efi file inside the efi partition at it’s official place:
    EFI/boot/bootx64.efi (or EFI/boot/bootia32.efi: see step 7)
  • to configure grub as official boot loader simply copy
    MokManager.efi, shimx64.efi, grubx64.efi and grub.cfg
    from EFI/ubuntu/ to EFI/boot/ and
    rename shimx64.efi to bootx64.efi
  • Now the boot selector of OS X on a newer mac mini (e.g. late 2012) shows
    an USB disk with subtitle EFI Boot (keep alt/option key pressed on power on to start the boot selector)

Step 7 (optional): enable to boot on older mac minis (late 2007, 5.1)

  • These systems work with 32 bit efi (grub-mkimage -O i386-efi -d /usr/lib/grub/i386-efi -o grubia32.efi ...)
  • Trial & error showed that grubia32.efi created in ubuntu 16.04 (apt-get install grub-efi-ia32-bin) did load acronis true image, but keyboard and mouse remained disabled
  • Multiple sources (like this blog: My Solution How To Boot A Linux Live System) describe that grubia32.efi contained inside zip archive ISO-2-USB EFI-Booter for Mac 0.01 beta works fine
  • For some reason unknown to me this older version of grub does not block keyboard and mouse;
    but it’s command initrd does not load multiple files
  • Copy dat11.dat and dat12.dat into one file dat1112.dat:
    cp dat11.dat dat1112.dat
    cat dat12.dat >> dat1112.dat

    and in grub/grub.cfg replace
    initrd /acronis/dat11.dat /acronis/dat12.dat
    by
    initrd /acronis/dat1112.dat
  • Copy the older version of grub (local copy) to EFI/boot/bootia32.efi
  • Now it boots as described in step 6. But be prepared to wait 3 minutes until the efi32 bios has loaded the 85 MB initial ramdisk of acronis trueimage 2016

Step 8: Try to boot from this hard disk on efi and on bios systems.

  • Without step 6 on one of my systems the builtin boot selector did not show my usb disk,
    but it did show an entry boot from efi file:

    • this allowed to navigate into /EFI/ubuntu on the usb disk
    • then shimx64.efi had to be selected

 

Running a dual boot system with OS X and Windows 10 an ExFAT data exchange partition is useful.

But from time to time (after some months in my case) theExFAT partition is gone:

  • OS X and Windows 10 list a raw partition instead of an ExFAT partition

Repair in OS X using the terminal:

  • sudo su
  • diskutil list
    (this should display a “Microsoft Basic Data” partition with the size of the disappeared ExFAT partition;
    the name column is empty; the identifier like disk0s3 has to be used in the next step)
  • fsck_exfat disk0s3
    (replace disk0s3 by your ExFAT partition)
  • when asked by fsck_exfat to repair your “Main boot region” answer “y”
  • diskutil mount disk0s3
    (replace disk0s3 by your ExFAT partition)
  • now yourExFAT partition should be back in Finder
    (which can be verified on the console with: ls /Volumes)

Details taken from this discussion.

Repair attemps on Windows could use chkdsk d: /f
(replace d: with the windows drive letter of your disappeared ExFAT partition;
use <windows key> + x to open an administrative console.)

Hardware: multiple avm fritz!box router, isdn telephones attached to these routers

  • normal internet connection: router can register sip numbers
    – the router gets a public ip on the wan side
  • mobile data connection: router fails to register most voip providers
    – mobile data modems/routers get a private ip (at least in my setup)
    – private ip means listening for incoming traffic is not possible
    – smartphone clients (e.g. bria) seem to be able to use push notifications to enable incoming calls (with optional codec g729 good voice quality and rather low data rates)
  • openvpn connection through mobile data to a server with public ip:
    – router can register sip numbers and outgoing calls work
    (until the firewall of the mobile provider gets active if voip by mobile data is forbidden)
    – incoming calls are still a problem; maybe the vpn tunnel responds to slowly.
  • reliable incoming calls by usb gsm modem with voice sim card attached to the router
    – fritzbox 7270v2 and higher of voice connections by voice capable usb gsm data sticks

Openvpn tunnel server side (official howto):

  • apt-get install openvpn
  • enable ipv4 forwarding
  • set iptable rules (reference1, reference2)
    – nat routing from tunnel interface to wan interface
    – disable direct forwarding from wan to tunnel
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    iptables -A FORWARD -j REJECT
  • create keys following this tutorial (and it’s openvpn sample config file) using easy-rsa
    (which is part of the debian openvpn package); no passwords except for ca signing key
    – inside easy-rsa directory, edit vars file and run
    source vars; ./clean-all; ./build-ca; ./build-key-server your_server_name;
    ./build-key-pass client_name1;
    (openssl rsa -in client_name1.key -des3 -out client_name11.3des.key for mobile clients)
    ./build-dh
    openvpn –-genkey –-secret keys/ta.key

Openvpn tunnel client side:

  • use freetz to modify the router firmware and add openvpn (plus dropbear server)
    (might be tricky with older routers with only 4MB flash; needs squashfs 128kb block size
    and many of the removal patches; be prepared to recover your router with rukerneltool)
  • detailed howto here; (64 bit linux needs sudo apt-get -y install libc6-dev-i386 lib32ncurses5-dev gcc-multilib lib32stdc++6);
  • to fetch the current stable version:
    svn co http://svn.freetz.org/branches/freetz-stable-2.0 freetz-2.0
  • make menuconfig; make
  • the freetz web interface allows to configure openvpn udp tunnel client
    – use certificates and tls auth (ta.key goes into “static key” field)
    – redirect client traffic
  • additional note: echo “clear_id 87” > /proc/tffs allows to remove the message
    unsupported changes (reference); freetz has an option to do this from web interface.

Receiving calls with usb data modem in voice mode (e.g. with huawei e1552; at command configuration): ippf forum thread

  • voice capability might have to be unlocked with dc_unlocker
    (tool shows status of usb modem (free) and is able to unlock voice (paid))
  • testing voice capability with huawei mobile partner software on windows might require editing of config\PluginsConfig.xml to enable (voice) call menu entry (reference)
  • huawei sticks with newer firmware (“hilink”) act as router and not as modem; this seems to block voice modem usage (reference)
  • alternative: raspberry pi with asterisk (RasPBX) with chan_dongle (openvpn tunnel described here)
  • to make the option gsm voice telephony appear on a fritzbox router, attach the usb data stick, open menu Internet / Mobile Connection, enter SIM PIN number (if set) and press apply; press refresh until the data stick is booked into a mobile network; then press again apply; if the data stick has (enabled) voice capability and is supported by the fritzbox router, then the menu entry gsm voice calls should appear
  • fritzbox routers with vendor branded firmware might disable gsm voice (which requires installation of generic avm firmware with rukerneltool)
  • if the firmware of the fritzbox router is modified by freetz the program minicom can be installed to display sms messages (reference)
    – ls -l /var/gsm/ displays which ttyUSBN (N=0,1,2…) is the data port (huawei e1552: USB0)
    – stty -F /dev/ttyUSB0 displays the baudrate setting of this port (which is accessed by umtsd; in my setup baudrate 9600 is used)
    – minicom -o -b 9600 -D /dev/ttyUSB0 allows to send at-commands (ctrl+a e enables local echo)
    – at+cmgl=”all” displays all SMS stored on the SIM card
    – at+cmgr=4 displays SMS with index 4 (described in detail here)
    – the commands might fail and have to be repeated if umtsd gets active at the same time

Using firmware evb1_06x from fatcatlab.com; hardware is a beaglebone black (revision c) with evb cape.
(To access the firmware image from linux, unzip it and run fdisk -l evb1_06x.img, multiply the start position of partition 2 by 512 and run mount -o ro,offset=53477376 evb1_06x.img /your_mountpoint)

Console access: the ethernet port fetches an ip address by dhcp; telnet allows access as root without password
(Adress fetched by dhcp is also shown on serial console of beaglebone; only accessible when evb cape is removed.)

To upload files to the beaglebone black with evb cape
python -m SimpleHTTPServer 8080 (cd to directory which has content to be downloaded)
wget http://your_server_ip:8080/filename
(builtin busybox unzip does not keep symlinks and executable attributes)

Toolchain used to build evb1_06x firmware:
uname -r displays 3.12.10-ti2013.12.01 and kernel_config is available in /proc/config.gz
which is TI SDK 7.0 (forked github repository of linux kernel here). The ti download page for sdk 7.0 is somehow hidden because the current sdk version is sdk 8.0 and later; the toolkit uses 32 bit binaries and here is listed which libraries (might) have to be installed on 64 bit ubuntu 14.04.

  • apt-get install libc6:i386 libx11-6:i386 libasound2:i386 libatk1.0-0:i386 libcairo2:i386 libcups2:i386 libdbus-glib-2.0-0:i386 libgconf-2-4:i386 libgdk-pixbuf2.0-0:i386 libgtk-3-0:i386 libice6:i386 libncurses5:i386 libsm6:i386 liborbit2:i386 libudev1:i386 libusb-0.1-4:i386 libstdc++6:i386 libxt6:i386 libxtst6:i386 libgnomeui-0:i386 libusb-1.0-0-dev:i386 libcanberra-gtk-module:i386 gtk2-engines-murrine:i386
  • uses linaro toolchain (gcc 4.7, 2013.03): download
    (copy contents into /usr/ except /usr/share/aclocal|gdb|locale)
  • create directories /opt/bbb/lib and /opt/bbb/usr/include and create symlinks
    inside /opt/bbb/lib for all files in /usr/arm-linux-gnueabihf/libc/lib/arm-linux-gnueabihf/:
    d=/usr/arm-linux-gnueabihf/libc/lib/arm-linux-gnueabihf
    cd $d; for f in *; do cd /opt/bbb/lib; echo ln -s $d/$f; cd $d; done
    and inside /opt/bbb/usr/include for all files in /usr/arm-linux-gnueabihf/[libc/usr/include|]:
    d=/usr/arm-linux-gnueabihf/libc/usr/include
    cd $d; for f in *; do cd /opt/bbb/usr/include; echo ln -s $d/$f; cd $d; done
    d=/usr/arm-linux-gnueabihf/libc/usr/include/arm-linux-gnueabihf
    cd $d; for f in *; do cd /opt/bbb/usr/include; ln -s $d/$f; cd $d; done
  • sdk source code: download
    (copy linux-3-12-10-ti2013.12.01 to /usr/src)
  • precompiled sdk binaries: download
    (contains tisdk-rootfs-image-am335x-evm.tar.gz with all binaries of the sdk root file system)
  • getting started guide: pdf document
  • handling PRU: overview

To test the kernel build environment, backup .config and copy kernel_config to .config, then run:
cd /usr/src/linux-3.12.10-ti2013.12.01
export ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf-
make oldconfig
And to prepare external and/or internal module compilation run
make clean
make prepare
make zImage (this is required to create that part file Module.symvers which belongs to modules built into the kernel; else modules compile but fail to load with exec error)

For access point mode with rtl8192cu chipsets like edimax ew-7811un wireless usb adapter (ap.tar.zip) the driver from realtek has to be used (module 8192cu_ko; version patched for newer kernels on github). The Makefile has to be edited:
CONFIG_PLATFORM_I386_PC = n
CONFIG_PLATFORM_ARM_BEAGLEBONE = y
… (and after ifeq ($(CONFIG_PLATFORM_I386_PC), y) … endif):
ifeq ($(CONFIG_PLATFORM_ARM_BEAGLEBONE), y)
EXTRA_CFLAGS += -DCONFIG_LITTLE_ENDIAN
KSRC := /usr/src/linux-3.12.10-ti2013.12.01
ARCH := arm
KVER:= 3.12.10
endif
Then run
make
arm-linux-gnueabihf-strip –strip-debug 8192cu.ko
Copy the module to /lib/modules/3.12.10-ti2013.12.01/extra/ and run depmod -a

UNUSED and kept for reference: The module coming with the linux kernel source does not allow access point mode (error: ioctl[SIOCSIWMODE]: Operation not supported):
make menuconfig to select the ew-7811un kernel module (micro wifi usb dongle)
Device Drivers > Network device support > Wireless LAN > Realtek rtlwifi family of devices
<M>   Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter
and run make modules (rtl8192cu_ko):
Copy modules to /lib/modules/3.12.10-ti2013.12.01/extra/ and copy rtl8192cufw.bin to /lib/firmware/rtlwifi/
modprobe rtl8192cu; ifconfig -a
should show interface wlan0

Modified hostapd binary which works as access point with ew-7811un:
Go to realtek downloads (which is referenced here), select RTL8188CUS and download the linux driver.
This archive contains wpa_supplicant_hostapd-0.8_rtw_r7475.20130812.tar.gz (in wpa_supplicant_hostapd/ directory)
export CC=arm-linux-gnueabihf-gcc
export LDFLAGS=”-L/opt/bbb/lib -L/opt/bbb/usr/lib”
export CFLAGS=”-I/opt/bbb/usr/include -I/opt/bbb/usr/include/arm-linux-gnueabihf”
export PKG_CONFIG_PATH=/opt/bbb/usr/lib/pkgconfig
(the exported variables shown above are used for all compilations below!)
cd wpa_supplicant_hostapd-0.8_rtw_r7475.20130812/hostapd
make; make install DESTDIR=/opt/bbb

Compile dnsmasq-2.73 (dnsmasq):
export CC  as shown for hostapd and edit the Makefile to set prefix = /usr
edit src/config.h: uncomment HAVE_BROKEN_RTC and comment out HAVE_TFTP
make; make install DESTDIR=/opt/bbb

To install the access point on the beaglebone, download and extract ap.tar.zip (reference):
wget https://blog.spblinux.de/wp-content/uploads/2015/07/ap.tar.zip
unzip ap.tar.zip
tar -C / -xf ap.tar
and edit the wlan0 entry of /etc/network/interfaces:
iface wlan0 inet static
address 10.0.0.1
netmask 255.0.0.0
(or copy interfaces.ap to interfaces if file interfaces has not yet been edited)
Change of settings might require a reboot. The wlan driver kernel module 8192cu.ko is automatically loaded at boot time.

Editor nano (nano.tar.zip):
First compile libncurses-5.9 with
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –with-shared –enable-widec –enable-pc-files –with-ticlib
make; make install DESTDIR=/opt/bbb
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –with-shared –disable-widec –enable-pc-files –with-ticlib
make; make installDESTDIR=/opt/bbb
Then compile nano-2.4.2 with
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –enable-utf8
make; make install DESTDIR=/opt/bbb
Install on beaglebone by:
wget https://blog.spblinux.de/wp-content/uploads/2015/07/nano.tar.zip
unzip nano.tar.zip
tar -C / -xf nano.tar

Compile midnight commander (mc.tar.zip) approximately following this reference
(use mc -a in case of missing line drawing characters; might disappear by switching from telnet login to ssh login)
libz (zlib-1.2.8)
CHOST=arm-linux-gnueabihf ./configure –prefix=/usr
make; make install DESTDIR=/opt/bbb
libiconv (libiconv-1.14)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc
make; make install DESTDIR=/opt/bbb
libgettext (gettext-0.19.4)
#bug: make fails if libiconv.la and libiconv.so* from /opt/bbb/usr/lib
# are not symlinked to /usr/lib (at least on a system without installed libiconv)
OLDPWD=$PWD
cd /usr/lib
ln -s /opt/bbb/usr/lib/libiconv.la
ln -s /opt/bbb/usr/lib/libiconv.so
cd $OLDPWD
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –enable-shared –disable-csharp –disable-java –disable-openmp –disable-c++ –disable-native-java –with-libiconv-prefix=/opt/
make; make install DESTDIR=/opt/bbb
[ -L /usr/lib/libiconv.la ] && rm /usr/lib/libiconv.la
[ -L /usr/lib/libiconv.so ] && rm /usr/lib/libiconv.so
libffi (libffi-3.2)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc
make; make install DESTDIR=/opt/bbb
glib (glib-2.45.3)
echo “glib_cv_stack_grows=no” >config.cache
echo “glib_cv_uscore=no” >>config.cache
echo “ac_cv_func_posix_getpwuid_r=yes” >>config.cache
echo “ac_cv_func_posix_getgrgid_r=yes” >>config.cache
LIBFFI_CFLAGS=”-I/opt/bbb/usr/lib/libffi-3.2.1/include” LIBFFI_LIBS=”-L/opt/bbb/usr/lib -lffi” ./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc -C –with-libiconv=gnu
make; make install DESTDIR=/opt/bbb
slang (slang-2.1.4)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc
make: make install DESTDIR=/opt/bbb
midnight commander (mc-4.8.14)
GLIB_CFLAGS=”-I/opt/bbb/usr/lib/glib-2.0/include -I/opt/bbb/usr/include/glib-2.0″ GLIB_LIBS=”-L/opt/bbb/usr/lib -lglib-2.0″  ./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc  –with-slang-includes=/opt/bbb/usr/include –with-slang-libs=/opt/bbb/usr/lib –with-libiconv-prefix=/opt/bbb/usr –with-libintl-prefix=/opt/bbb/usr
make; make install DESTDIR=/opt/bbb
[ -L /usr/lib/libiconv.la ] && rm /usr/lib/libiconv.la
[ -L /usr/lib/libiconv.so ] && rm /usr/lib/libiconv.so
On the beaglebon fetch mc.tar.zip with wget and extract it:
wget https://blog.spblinux.de/wp-content/uploads/2015/07/mc.tar.zip
unzip mc.tar.zip
tar -C / -xf mc.tar

ssh server dropbear (dropbear-2015.67)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –with-zlib=/opt/bbb/usr/lib
make; make install DESTDIR=/opt/bbb
make scp; cp scp /opt/bbb/usr/bin
On the beaglebone (dropbear.tar.zip), first set a password for root user,
then fetch dropbear.tar.zip with wget and extract it:
passwd
wget https://blog.spblinux.de/wp-content/uploads/2015/07/dropbear.tar.zip
unzip dropbear.tar.zip
tar -C / -xf dropbear.tar
reboot
Now scp can be used to transfer files.
(The first login by ssh will take about a minute because dropbear creates a key in /etc/dropbear)

Hardware settings (pinmux), defined by device tree file am335x-boneblack.dtb in folder /boot:
Use dtc in /usr/src/linux-3.12.10-ti2013.12.01/scripts/dtc to convert the binary dtc file to am335x-boneblack.dts
dtc -I dtb -O dts am335x-boneblack.dtb  -o am335x-boneblack.dts
Here is an online Device-Tree Overlay Generator which helps to understand pinmux settings.
(The beaglebone black reference manual documents the expansion header pin names:
Expansion Header P8 Pinout, Expansion Header P9 Pinout, tables 12, 13 on pages 84, 86)

The current pinmux setting can be fetched from debugfs with
cat /sys/kernel/debug/pinctrl/44e10800.pinmux/pins |sed “s,(44e108, ,” |sed “s,(44e109,1,” |sed “s,.0) 000000,: ,”
Firmware evb1_06x runs with these settings: pins.txt (more info; compact list of bbb expansion header pinout)
(The sed commands replace the memory offset 44e10pqr by relative offset used by dts file entries
pinctrl-single,pins = <0xpqr 0x10>;)

  • motors A, B, C, D use ehrpwm2B, ehrpwm2A, ehrpwm1B, ehrpwm1A
  • sensors A, B, C, D use uart4, uart2, uart1, uart5
  • lcd uses spi1