Mysterious IGMP Query Request packets from 0.0.0.0 to 224.0.0.1
On my Debian KVM hosts, and on the firewalls that guard them, I noticed that every two minutes, plus a couple seconds or so each time, I'd see blocked IGMP packages from 0.0.0.0 to 224.0.0.1. Googling around, I found this post, explaining that it's the multicast_snooping option for bridge-utils that's causing it. Being KVM hosts, they are indeed configured with bridges.
I added the following line to my Bash startup scripts in /etc/rc.local, and the issue is now gone:
( shopt -s nullglob; for ms in /sys/devices/virtual/net/br*/bridge/multicast_snooping; do echo -n 0 >"$ms"; done )
In short, it runs a subshell, sets the nullglob option to prevent running on a file with an asterisk in the name if no bridges were found, then puts a 0 into all found multicast_snooping configuration files. Problem solved!
Note: If you use virtual interfaces, those are in /sys/devices/virtual/net/virbr and require the same treatment.
How to prevent ssh -X from hanging on exit when dbus is used
Programs like virt-manager and gedit commonly use dbus. Dbus running will prevent a clean exit of ssh -X, making it hang on exit until you press ctrl+c or kill dbus manually.
To avoid having to kill dbus manually, let's kill it automatically 
Now, normally if I want to run virt-manager (or anything else graphical) on a remote machine with X forwarding, I'd use a command like
ssh -X root@remote-server virt-manager
Instead, I want to use dbus' ability to output sh-compatible commands to set invironment variables and kill the PID I get from that before exiting, like so:
ssh -X root@remote-server 'eval $(dbus-launch --close-stderr --sh-syntax); virt-manager --no-fork; kill -TERM $DBUS_SESSION_BUS_PID'
Problem solved! The remote shell (bash) now starts dbus manually instead of letting virt-manager do it, waits for virt-manager to exit (--no-fork), then kills dbus and exits.
Enable username and password in URL in Internet Explorer
After IE6, usernames and passwords in URL's are no longer enabled by default in Internet Explorer, the reasoning being that saving usernames and passwords in the browser history and referral headers is a very, very bad idea. Still, it's sometimes needed, especially when dealing with old IP cameras, which is when I last bumped into this issue.
If you're not sure what I'm on about, I'm referring to links like these: http://user:pass@example.com/
To re-enable this feature:
- Open RegEdit (Start->Run->"regedit")
- Navigate to [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE].
- Create two new REG_DWORD values, set to 0, named "iexplore.exe" and "explorer.exe"
- Reboot
Disable UAC in Windows 8
While Windows 7 let you disable UAC by simply typing "UAC" into the search field on the start menu and disabling it from the UAC options that show up, Windows 8 made it a bit more complicated.
In short, press Windows+R, type "secpol.msc", go to "Local Policies => Security Options" and set "User Account Control: Run all administrators in Admin approval mode" to "Disabled". Reboot.
Windows 8 non-pro does not have "secpol.msc", so we have to resort to the registry. Go to Start->Run->"regedit", go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" and set the value of the "EnableLUA" key to 0.
Again, reboot.
Please note: While disabling UAC in this way gives you and all applications you run complete admin rights to the machine, the equivalent of running everything as "root" on a Linux machine, it also breaks almost every single Metro app in horrible ways. Only do this if you really need to.
XP Windows Update error 0x8024400A solution
You need to install XP SP3, available here for English versions.
Linux on Mac Mini – power on after power loss
The Mac Mini doesn't save this information in its BIOS (or equivalent), so you need to set it on each boot. I use my distribution's /etc/rc.local file for this.
Either way, these are the commands to run (copy, and uncomment the correct line for your Mini):
## PPC Mac Mini #echo server_mode=1 > /proc/pmu/options ## Intel Mac Mini #setpci -s 0:1f.0 0xa4.b=0 ## nVidia Mac Mini #setpci -s 00:03.0 0x7b.b=0x19 ## Unibody Mac Mini #setpci -s 0:3.0 -0x7b=20
gitolite: ‘foo’ does not appear to be a git repository – ForceCommand
Many people seem to get the following error message when trying to manipulate a remote git/-olite repository:
fatal: 'foo' does not appear to be a git repository
fatal: The remote end hung up unexpectedly
The problem here, which is absolutely not explained by the above error message, is likely to be that the remote command gitolite specifies in "~/.ssh/authorized_keys" is not used.
This can in turn be caused by two things, as far as I know:
- You are using an ssh key which appears in the authorized_keys file without gitolite's "command=..." configuration, in which case the solution is to use a separate public/private key pair for git
- Your SSH server has a ForceCommand directive in sshd_config (/etc/ssh/sshd_config on debian) which overrides the "command=..." setting in authorized_keys. To solve this, that directive has to go, or an exception needs to be added for your git user with a Match clause in sshd_config.
In the latter case, there does not seem to be any sane way to retrieve the contents of the "command=..." statement. While the user supplied command is available in the environment variable $SSH_ORIGINAL_COMMAND while using ForceCommand, the command supplied by authorized_keys seems nowhere to be found. Thus you need an exception for the ForceCommand directive. If you find another way to avoid this, please leave a comment below?
Fixing “shmget() failed: No space left on device”
I had this happen when someone ran a script to kill x11vnc every so often, using kill -9 (don't ask).
Killing x11vnc with SIGTERM (15) allows it to clean up its shared memory segments. SIGKILL (9) will not.
Googling around, I found a script over here (backup copy here).
The problem with that was that it's aimed at being run as the user, and it only supports usernames up to 10 characters, because of how "ipcs -m" prints its entries on Linux.
I wanted a solution that supported any length of username, and that could be run periodically, by root, as a cronjob to clean up after silly users, and that would also give me a report when it cleaned something, so I could see who was causing this.
The result was this script. It only supports Linux, and thus is a bit less portable than the one at karlrunge.com, but it does the job, even with long usernames, and generates such nice reports:
Removed SHM Segments: ___________________________ | OWNER | COUNT | |------------|------------| | bolt | 42 | |____________|____________| Total: 42
Oops...
EDIT:
Updated script, automatically synced with the one I'm actually using available here.
SSH in a while loop – stdin problems
When SSH is used with a line like "while read ....", the while loop will only run once.
This can be seen by running this simple example:
$ seq 1 10 | while read line; do ssh remotehostname "echo x${line}x"; done
x1x
You might expect this to connect to the host with the name "remotehostname" 10 times, and each time print one of the numbers in the sequence from 1 to 10. This will, however, not be the case. The result is a single line, saying "1".
Where did the rest of the numbers go? To the SSH process.
By default, SSH runs off with the stdin file descriptor, preventing "read" from reading anything else from it. You can see this by trying the following example:
$ seq 1 10 | while read line; do ssh remotehostname "echo x${line}x; cat -"; done
x1x
2
3
4
5
6
7
8
9
10
Now all the numbers were printed, but they were all in a single ssh connection. As you can see, only the number "1" got the X'es on both sides, indicating it was printed by the "echo" instruction. The rest of the numbers come from "cat -", which basically takes whatever comes in on SSH's stdin, and dumps it to the stdout (the screen, in this case). So that's where they went!
Now, how do you remedy this?
Answer: SSH's -n switch. From the manual:
-n Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background. A common trick is to use this to run X11 programs on a remote machine. For example, ssh -n shadows.cs.hut.fi emacs & will start an emacs on shadows.cs.hut.fi, and the X11 connection will be automatically forwarded over an encrypted channel. The ssh program will be put in the background. (This does not work if ssh needs to ask for a password or passphrase; see also the -f option.)
So let's try that with -n, shall we?
$ seq 1 10 | while read line; do ssh -n remotehostname "echo x${line}x; cat -"; done
x1x
x2x
x3x
x4x
x5x
x6x
x7x
x8x
x9x
x10x
There. 10 SSH connections opened, 1 number printed each time. A total waste of time, but a rather simple example to follow
GCC stray X in program
Problem:
IEMGD_HEAD_Linux/common/drm/emgd/display/pi/cmn/pi.c:1: error: stray ‘\357’ in program
This is caused by "invalid" characters in the code, specifically I encountered this while trying to compile the Intel EMGD driver for my EEEPC's graphics card.
Thanks to the helpful folks over here, there's a solution:
cd IEMGD_HEAD_Linux/common/drm/emgd/display/pi/cmn
cat -v pi.c | awk '{if(NR>1) print $0}' > tmp # make strange characters on first visible and remove
mv tmp pi.c
That makes the invalid characters visible and removes them.
In this case, it leaves some partial, garbage comments behind, so the file still wont compile.
To resolve this, I opened the file in vim, and quickly searched for and removed the faulty comments (and some I didn't have to remove).
Remember to answer "no" to the question of re-extracting the tarball each time you retry building this.
Attached is the original driver file, and my modified copy of pi.c
Result:
"Completed EMGD Installation"