The Smell of Molten Projects in the Morning

Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.

Category: PC Tweakage

Remembering which tweaks worked

  • Windows KB967715 Doesn’t Install: Fixed

    I fire up the Token Windows Laptop more or less monthly, to download data from our gaggle of Onset Computer Hobo dataloggers. As a result, the laptop gets broadsided with Windows updates from the Mother Ship and, although I look at ’em before installation to see wassup, I don’t really remember any particular update from month to month.

    It seems that, in order to solve the really-disable-Autorun-dammit problem, the patch described in KB967715 must update a registry entry that’s nailed down by some other program. As a result, the patch either doesn’t install, installs-but-fails-quietly, or installs-but-fails-loudly.

    It eventually percolated to the front of my dim consciousness that I’d seen all of those outcomes over the last few months…

    A bit of trawling turned up the usual collection of uninformed blather, plus what seems to be the Definitive Answer direct from the Mother Ship. Go there for the details.

    Update 967715 may be reoffered if the HonorAutorunSetting registry setting that is described in this article is not added to the registry hive. This issue may occur if some other program that is installed on the computer blocks the update from writing the registry entry. Such software may block the update during the installation of the update or may remove the registry entry after the computer is restarted.

    (“Registry hive”? WTF?)

    Basically, you download the patch as an executable file, save it somewhere convenient, reboot in Safe Mode (hold F8 down as Windows starts up, then pick Safe Mode from the menu), clickety-click on the patch program, and give it permission to have its way with your PC.

    So far, it’s all good. Maybe I won’t have to remember this for another month…

    Memo to Self: if all else fails, MS doesn’t charge for security-related patch assistance phone support.

  • Why Friends Don’t Let Friends Use Windows: Torpig

    For those of you still using Windows, here’s a sobering look at why you shouldn’t: an analysis of the Torpig botnet by an academic group that managed to take over its command & control structure for a few days.

    The report is tech-heavy, but well worth the effort to plow through.

    Here are some of the high points…

    Why do the bad guys do this? It’s all about the money, honey:

    In ten days, Torpig obtained the credentials of 8,310 accounts at 410 different institutions.

    … we extracted 1,660 unique credit and debit card numbers from our
    collected data.

    Does an antivirus program help?

    Torpig has been distributed to its victims as part of Mebroot. Mebroot is a rootkit that takes control of a machine by replacing the system’s Master Boot Record (MBR). This allows Mebroot to be executed at boot time, before the operating system is loaded, and to remain undetected by most anti-virus tools

    In these attacks, web pages on legitimate but vulnerable web sites are modified with the inclusion of HTML tags that cause the victim’s browser to request JavaScript code from a[nother] web site under control of the attackers. This JavaScript code launches a number of exploits against the browser or some of its components, such as ActiveX controls and plugins. If any exploit is successful, an executable is downloaded from the drive-by-download server to the victim machine, and it is executed.

    What happens next?

    Mebroot injects these modules […] into a number of applications. These applications include the Service Control Manager (services.exe), the file manager, and 29 other popular applications, such as web browsers (e.g., Internet Explorer, Firefox, Opera), FTP clients (Leech-FTP, CuteFTP), email clients (e.g., Thunderbird, Outlook, Eudora), instant messengers (e.g., Skype, ICQ), and system programs (e.g., the command line interpreter cmd.exe). After the injection, Torpig can inspect all the data handled by these programs and identify and store interesting pieces of information, such as credentials for online accounts and stored passwords.

    If you think hiding behind a firewall router will save you, you’re wrong:

    By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall.

    If you think you’ve got a secure password, you’re wrong:

    Torpig bots stole 297,962 unique credentials (i.e., username and password pairs), sent by 52,540 different Torpig-infected machines over the ten days we controlled the botnet

    If you think a separate password manager will save you, you’re wrong.

    It is also interesting to observe that 38% of the credentials stolen by Torpig were obtained from the password manager of browsers, rather than by intercepting an actual login session.

    Somewhat more info on Mebroot from F-Secure.

    Remember, the virus / worm / Trojan / botnet attacks you read about all the time only affect Windows machines. Linux isn’t invulnerable, but it’s certainly safer right now. If you’re running Windows, it’s only a matter of time until your PC is not your own, no matter how smart you think you are.

    If you have one or two must-gotta-use Windows programs, set up a dedicated Token Windows Box and use it only for those programs. Network it (behind a firewall) if you like, but don’t do any email / Web browsing / messaging / VOIP on it. Just Say No!

    For everything else, run some version of Linux. It’ll do what you need to get done with less hassle and far less risk. It’s free for the download, free for the installation, and includes all the functions you’re used to paying money for. Just Do It!

    If you think using Linux is too much of a hassle, imagine what putting your finances back together will be like. Remember, the bad guys will steal everything you’ve ever put on your PC, destroy your identity, and never get caught.

    Now you know… why are you still stalling?

  • Arduino IDE Race Condition

    Every now and again the Arduino IDE spits out an error message along the lines of “couldn’t determine program size” or simply fails to compile with no error message at all. The former is evidently harmless, but the latter can be truly annoying.

    The cause is described for Macs there as a race condition in the IDE on multi-core processors, with a patch that either partially fixes the problem or pushes it to a less-likely part of the code. That’s true on my system, as the error still occurs occasionally.

    How you apply it to Xubuntu 8.10: unzip the file to get Sizer.class, then copy that file to /usr/lib/jvm/java-6-sun-1.6.0.10/jre/lib/. That won’t be the right place for a different Xubuntu or different Java, so use locate rt.jar and plunk it into that directory.

    A less dramatic change seems to be setting build.verbose=true and upload.verbose=true in ~/.arduino/preferences.txt.

    In my case, both of those changes did bupkis.

    This is evidently an error of long standing, as it’s been discussed since about Arduino 11. I’m currently at 15 and it seems that patch will be in the next version of the IDE.

  • Xubuntu 8.10: Xrandr For Dual Rotated Displays

    Up to this point I’ve been using a hardcoded

    Option "Rotate" "CCW"

    in my /etc/X11/xorg.conf file to get a portrait-mode display on my right-hand monitor, as described in grisly detail there.

    That kills xrandr, which prevented any further display configuration and seemed to sometimes kill off the screensaver. Maybe the screens would blank and then power down, maybe they’d just power down, maybe they’d be on all the time.

    However, simply eliminating the hardcoded Rotate didn’t solve the problem, as xrandr refused to do anything. The appropriate command-line syntax isn’t obvious to the casual observer, but this was alleged to work: xrandr -o left.

    Come to find out, after considerable digging, that one must add this secret incantation to each Display stanza in /etc/X11/xorg.conf:

    Option  "RandRRotation" "on"

    And, perforce, remove the Rotate option.

    That’s evidently due to the fact I’m using the proprietary nVidia driver, which I think everybody does.

    Log out, Ctrl-Alt-Backspace to restart the X server, log back in again, and shazam the cute little Display applet in the Settings Manager actually works. Not only that, but you can specify Left rotation for Display 1 and that actually works, too.

    Update: but, alas, it seems to not be sticky between sessions. Worse, there seems to be no combination of xrandr parameters that can rotate the right-hand screen from a console on the other or, presumably, from a startup script. It is not obvious what this means, either:

    This option selects the X display to use. Note this refers to the X screen abstraction, not the monitor (or output).

    I can’t find anything that works.

    And, FWIW, there’s no Screensaver config applet in the Settings Manager (at least not that I can find), so you fire it up from the command line:

    gnome-screensaver-preferences

    Yes, you use the Gnome screensaver preferences in Xubuntu.

  • Shutdown Problems with Xubuntu 8.10 on a Dell 531s

    As described there, I set up a cron job to back up our low-budget file server to an external USB drive and turn it off for the night.

    After a while, it became painfully obvious that

    shutdown -P now

    was, at best, intermittently successful at turning off the power. The shutdown sequence would sometimes hang near the end, with a blank screen, after unmounting all the drives (so there are no logs), with the power on. Keyboard & mouse were dead, tapping the power button produced a display about acpid being unhappy, but nothing I could follow up.

    Oddly, that same command issued from a terminal window would work perfectly for as long as I was willing to restart the machine.

    Even more oddly, the box would shut off properly from the GUI or the GDM login scren.

    A puzzlement…

    After several days of tedious “try this” experimentation and rummaging through the scripts in /etc/init.d/, it seems this command works in the cron job the way it’s supposed to

    halt -p -f

    The -p calls for a power-down and -f says to force the halt (rather than calling shutdown, which we know won’t work).

    So, finally, I can hack 25% off the power bill for that thing.

    Memo to self: some day, figure out exactly how the whole shutdown sequence works.

  • Backup with Rsnapshot

    Now that our low-budget file server (a stock Dell Inspiron 531S desktop with an additional 500 GB SATA drive) is up & running Xubuntu 8.10, it’s time to get rsnapshot working again.

    All our data files live on the server, so the backup routine need not handle any of the usual /home stuff on our desktop boxes. Rebuilding a dead box is a nuisance, but they’re all pretty much the same and it’s less of a nuisance not worrying about rare failures… haven’t had any failures in many years; they get replaced before they die.

    The backup files go to an external 500 GB USB drive, which is not protection against a catastrophe in the basement. Mostly, this guards against finger fumbles; the external drive gets dumped to another hard drive in the fireproof safe more-or-less monthly.

    So. To begin…

    Install rsnapshot, which will also drag in ssh, the metapackage around the client & server sides of openssh. The server side is already installed so I can sign in using public-key authentication.

    Set /etc/rsnapshot.conf thusly (comments snipped out):

    snapshot_root   /mnt/backup/snapshots
no_create_root  1
cmd_cp          /bin/cp
cmd_rm          /bin/rm
cmd_rsync       /usr/bin/rsync
cmd_ssh /usr/bin/ssh
cmd_logger      /usr/bin/logger
cmd_du          /usr/bin/du
cmd_rsnapshot_diff      /usr/bin/rsnapshot-diff
#interval       hourly  6
interval        daily   30
#interval       weekly  4
interval        monthly 12
#interval       yearly  1
logfile /var/log/rsnapshot
du_args -csh
backup  /mnt/userfiles/         oyster/
backup  /mnt/bulkdata/          oyster/
backup  /mnt/music/             oyster/
backup  /mnt/diskimages/        oyster/

    Basically, that creates a month of daily backups, plus monthly backups for a year. Haven’t ever gotten to a yearly backup, but you get the idea.

    The no-create-root option prevents horrible things from happening if the USB drive wakes up dead and doesn’t mount; you don’t want to back up the drives to the /mnt/bulkdata mount point. The USB drive mounts using a UUID entry in /etc/fstab, as described there.

    Create a pair of scripts in /root to mount the USB drive, do the backup, unmount it, and shut down the system:

    rsnapshot.daily

    #!/bin/sh
logger "Mounting USB drive"
mount /mnt/backup
logger "Starting backup"
/usr/bin/rsnapshot daily
logger "Unmounting USB drive"
umount /mnt/backup
logger "Power off"
shutdown -P now
logger "Done!"

    rsnapshot.monthly

    #!/bin/sh
mount /mnt/backup
/usr/bin/rsnapshot monthly
umount /mnt/backup
shutdown -P now

    Note: the rsnapshot executable has moved from /usr/local/bin in Ubuntu 7.10 to /usr/bin in 8.10.

    You could be more clever than that, but, eh, they’re simple & easy.

    The Inspiron 531S 1.0.13 BIOS now powers off dependably with the 2.6.27-14-generic kernel in 8.10, a pleasant change from the 1.0.12 BIOS and the 2.6.22-16-generic kernel used in 7.10. That means the shutdown commands work and I can shave 25% off the server’s power bill. Not that it’s very big to begin with, but every little bit helps.

    Set up /etc/crontab to run the backups (and sync the system clock with reality, for the reasons described there):

    10 23	1 * *	root	/root/rsnapshot.monthly
30 23	* * *	root	/root/rsnapshot.daily
#
00 01	* * *	root	ntpdate north-america.pool.ntp.org

    And that’s it.

    Memo to Self: add e2fsck to the monthly backup routine and move it an hour earlier.

  • Ubuntu 8.10 Server Setup: Samba

    We need Samba for the Token Windows Laptop and the CNC box on the milling machine which also runs TurboTax during that season of the year. Despite having done this many times before, it never works right until, suddenly, without warning, everything works. It’s a permission thing, I think.

    To get SWAT running, check there, which boils down to:

    • sudo chmod g+w /etc/samba/smb.conf
    • sudo chgrp adm /etc/samba/smb.conf

    Put this in /etc/xinetd.d/swat:

    ... comments snipped ...
service swat
{
        port    = 901
        socket_type     = stream
        wait    = no
###     only_from = localhost
        user    = <<your adm-enabled userid>>
        server  = /usr/sbin/swat
        log_on_failure  += USERID
        disable = no
}

    Then use sudo smbpasswd -a -e <> to set up the allowed users and get their passwords aligned. I use the same userids and paswords on all the boxes, which is terrible security.

    Whenever you change anything, use sudo /etc/init.d/samba restart to make sure Samba gets the message.

    Use SWAT to set up all the shares. This is what the config file looked like after the damn thing finally started working:

    # Samba config file created using SWAT
... snippage ...

[global]
	workgroup = whatever-you-use
	server string = %h server (Samba, Ubuntu)
	map to guest = Bad User
	obey pam restrictions = Yes
	passdb backend = tdbsam
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	dns proxy = No
	usershare allow guests = No
	panic action = /usr/share/samba/panic-action %d

[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	browseable = Yes
	printable = Yes
	writeable = Yes

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers

[Bulkdata]
	comment = Assorted useful files
	path = /mnt/bulkdata
	read only = No

... likewise for other file shares ...

    Actually, you don’t have to share the printers with Samba. Better to use CUPs directly. Just tell Windows to “Connect to a printer on the Internet or on a home or office network”, then fill in something like:

    http://oyster:631/printers/R380_TP

    And that’ll work even better.