I was trying to run Kodi and some other GUI apps from LXD containers on Archlinux but had some small problems, so I decided to document it in case I need it again in the future. The same approach should work for Docker and other types of Linux containers.
UID mapping
When it comes to running containers, it is recommended to use user namespace remapping (man subuid) to have different uid ranges for different cgroups. This way container processes are better isolated.
In cases where you use containers to simply run different software versions and don’t care about the added security of namespace remapping, you can allow reusing the same UIDs inside the container. This allows easy mounting of host directories inside the container without the need of any additional work to deal with file permissions.
So if you want to reuse the same user ID, append additional mapping lines to subuid/subgid files:
echo "root:$UID:1" | sudo tee -a /etc/subuid /etc/subgid
Create container
lxc launch images:archlinux/current/amd64 gui
If you decided to use specific UID mapping, configure container to use it
lxc config set gui raw.idmap "both $UID 1000"
For Kodi to use hardware accelerated graphics, we want to share GPU with the container:
In my case the host is running graphics server so we have to share the Xorg socket with container to be able to draw on it:
lxc config device add gui X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0
Sadly you will have to remount this socket each time Xorg or container is restarted. Maybe there is some way to make LXD do it automatically?
lxc config device remove gui X0
Permanently add DISPLAY variable to the container
lxc config set gui raw.lxc 'lxc.environment = DISPLAY=:0'
Allow access to Xorg on host
Not being able to access host Xorg was the reason why it didn’t work for me from the start. You have to allow connecting to X on host even when using the unix socket:
xhost +local:gui
gui is the hostname of the container
This has to be run each time X is restarted (unless configured permanently).
Using xhost + disables permission checking altogether and can be useful while testing. Run man xhost to see other configuration options.
Add audio support
Mount pulseaudio socket to the container to be able to play audio
lxc config device add gui PASocket disk path=/tmp/.pulse-native source=/run/user/1000/pulse/native
Install pulseaudio
sudo pacman -S pulseaudio
Inside the container make pulseaudio use the already mounted socket
sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf
echo export PULSE_SERVER=unix:/tmp/.pulse-native | tee --append /home/ubuntu/.profile
Now pactl info in the container should show that it is connected
Test it
Connect to container and make sure you have your /tmp/.X11-unix/X0 socket available. Then try running some program.
If you get this:
No protocol specified
Error: couldn't open display :0
… then you have to adjust the permissions with xhost on the host.
Notes
This is probably going to be impossible with Wayland out of the box but it is not like Wayland is really production ready, even in 2020. š
Wireguard is an amazing VPN solution that in 10 years time will be the go-to VPN solution for most. If you haven’t heard of it yet, go check it out.
Common scenario
I had a situation where clients want to access internal network which is behind NAT and no incoming ports can be opened to the outside world.
Solution approach
The solution was simple – set up Wireguard on a server elsewhere, make clients connect to that Wireguard server and tell it to route traffic through one of the clients inside the aforementioned LAN.
Intricate details
While it seems simple, I initially misconfigured a parameter which stopped the configuration from working as necessary. The misconfigured parameter was AllowedIPs parameter on the server.
After configuring the internal address of the peer in AllowedIPs line, you can append multiple subnets that can and will be routed through that peer. Adding 0.0.0.0/0 will allow routing any traffic through it. But it will also create a default route that might have to be removed.
Without adding these subnets to the config Wireguard won’t accept packets for those subnets even if routed manually.
Then I set up separate routing table and used it for routing the other peers. This simplifies things.
Here is the Server config:
[Interface]
Address = 192.168.90.1/32
SaveConfig = false
PostUp = iptables -A FORWARD -i %i -j ACCEPT; ip rule add from 192.168.90.3 lookup privatenet; ip route add default via 192.168.90.2 table privatenet; `ip route del default dev wg1 table 51820`
PostDown = iptables -D FORWARD -i %i -j ACCEPT; ip rule del from 192.168.90.3 lookup privatenet; ip route del default via 192.168.90.2 table privatenet
ListenPort = 41234
PrivateKey = ...
# Router behind NAT
[Peer]
PublicKey = ..
PresharedKey = ..
AllowedIPs = 192.168.90.2/32, 0.0.0.0/0
PersistentKeepalive = 25
# Client
[Peer]
PublicKey = ..
PresharedKey = ..
AllowedIPs = 192.168.90.3/32
Note how I use PersistentKeepalive to make sure it stays up. Wireguard is a silent protocol and unless some traffic is being sent to the interface, it won’t do anything.
To keep the configuration cleaner, I keep PostUp and PostDown commands in separate shell scripts.
Of course it also needs packet forwarding enabled and some forward/NAT rules on the peer behind the firewall.
Dropping of the Wireguard default route and some other things could maybe be avoided by interfacing with Wireguard directly instead of using wg-quick and config files, but I really like having those config files.
Some of you might have noticed that Arduino becomes unresponsive or really slow to respond when it sends information using serial interface.
This can also lead to messages like “Serial port ‘/dev/ttyACM0’ not found.” when trying to upload new sketches to Arduino.
I noticed this years ago but never found a solution because I always somehow managed to get it working after many upload retries and I could not find any information regarding the problem.
So, yes, it was a firmware problem and you can fix it by flashing more recent firmware that can be found here.
I haven’t posted here for a while so I figured I’d write about this little project I made some time ago.
I’ve had an aquarium for some time but it had no lights so it didn’t look that cool during the dark time of the day.
I had an old Arduino Uno lying around from times before RaspberryPi and it just so happens that Arduino has 5 PWM output pins and I only needed 3.
I connected a single RGBLED and a couple of white LED’s (which is enough to light a small aquarium properly) to the Arduino and made the program use serial connection to send and receive JSON formatted data.
Then I connected Arduino (using USB) to my RaspberryPi that I use as a home server and wrote a Perl script that connects to Arduino’s serial port (using IO::Async::Stream).
The Perl script creates a WebSocket server (using Net::Async::WebSocket::Server) that allows realtime control of LED’s and color modes from a web browser.
In the future I could tweak it a bit more and bring back the scripts that I used to switch on LED’s based on events from IM clients (Pidgin/Skype) or E-mail but at the moment I’m happy with it as it is.
PÄc diviem ar pusi gadiem beidzot nobeidzÄs mans Nexus S viedtelefons.
Man ļoti patÄ«k Nexus telefoni, tÄpÄc nÄkamais noteikti bÅ«s Nexus 5, kas vÄl Å”obrÄ«d nav pieejams. KamÄr gaidu, nÄcÄs tikt pie pagaidu aparÄta. Savu veco telefonu jau sen atdevu mÄsai, tÄpÄc pirmo reizi nÄcÄs apmeklÄt lombardu. Biju cerÄjis tikt pie kÄda no tiem nekrÄsainajiem tÄlruÅiem, bet Ŕķiet, ka tÄdi vairs nav pieejami. IzvÄle krita par labu kaut kÄdam Samsung, kam cena zem 10 latiem. Var zvanÄ«t, sÅ«tÄ«t SMS, lietot kÄ modinÄtÄju.
Nexus lietoja Android operÄtÄjsistÄmu, un kontaktus sinhronizÄja ar Gmail. No turienes tos var eksportÄt csv formÄtÄ. CSV failu atvÄru ar LibreOffice, kontaktus ar vairÄkiem numuriem sadalÄ«ju atseviŔķos kontaktos, nodzÄsu liekos laukus, un uzrakstÄ«ju Perl skriptu, kas arĀ Text::Undiacritic noÅem garumzÄ«mes un mÄ«kstinÄjuma zÄ«mes (lai varÄtu lietot garÄkus vÄrdus), sakÄrto telefonu numuru formatÄjumu (noÅem atstarpes, sakÄrto valsts kodus), un uzÄ£enerÄ derÄ«gu Gammu backup failu.
Visbeidzot izmantojot iepriekÅ” pieminÄto GPRS modemu, ar Gammu kontaktus ieimportÄju SIM kartÄ.
Ja vÄl neesi pÄrgÄjis uz viedtelefonu, bet plÄno to drÄ«zumÄ darÄ«t, iesaku iepazÄ«ties ar Gammu. Tas ir lielisks rÄ«ks telefona datu rezerves kopiju veidoÅ”anai (kontaktiem, SMS). PÄrkopÄjot kontaktus uz SIM karti visdrÄ«zÄk tiks pazaudÄta daļa datu, bet Gammu tos saglabÄs. š
It is because Windows comes with a lot of standard dynamic link libraries (dll files) out of the box. It also seems that they don’t change as much from version to version so there are less (just a guess) compatibility issues on different Windows versions. Or maybe they all are outdated and full of bugs. In any case, it is usually easy to move binaries around from computer to computer without any problems.
Even though there are some libraries that will most likely be on most Linux systems, lots of applications require additional libraries that are probably not installed by default. And even if it seems that you have all the necessary libraries there is a big chance that they won’t be compatible with your binary because those libraries tend to change a lot between different versions.
Most of the time it won’t be a problem because maintainers of each distribution solve this by giving users tools to install necessary dependencies built for each specific program.
But what should you do when you don’t have that much time to compile hundreds of libraries for each distribution, version and architecture you are targeting? Or you simply don’t have the necessary permissions to install required packages using your distribution’s package manager and you don’t want to go through dependency hell on a limited user.
It of course has it’s pros and cons but depending on what you are trying to achieve this could ease your life.
“Static hell”
Unless you have a trivial application it won’t be as easy as adding “-static” to your compiler’s argument list.
You will probably have to specify some libraries that it should statically link against at compile time.Ā And those libraries probably also require other static libraries. You get a whole different dependency hell.
And when you finally track down every library needed you find out that glibc is huge and will not play nice. š Yay!
Bifrost uClibc build environment
One way of solving this would be using uClibcchroot environment for architecture that works on most desktops, server and laptops out there.
I did try some other light glibcĀ alternatives and build environments but came to conclusion that uClibc is great and works. I found that there is a Linux distribution named “Bifrost” that uses uClibc. The creators of it provide build scripts and instructions to set up your own bifrost build i586 and x86_64 environment. I also made a fork of it on Github and use it from time to time.
Building almost anything using this environment makes building static binaries a piece of cake. And building it for i586 makes those binaries quite portable.
I haven’t tried building any GUI tools (why would I?) but I’ve successfully built applications like git, tmux, lighttpd, php, rtorrent, perl, python, etc.
Also at the time of writing this post, Bifrost doesn’t support ARM (I guess it is not the purpose of it) but that shouldn’t be a problem because there are lots of articles and info on making uClibc build environments for ARM.
Saprotams, ka vajadzÄ«ga iekÄrta, kurÄ ievietot viedkarti. Iesaku izvÄlÄties iekÄrtas, kurÄm priekÅ” Linux ir pieejami draiveri.
KÄ jau minÄju iepriekÅ”ÄjÄ rakstÄ – SCR3310 ir gana lÄta un pÄrbaudÄ«ta iekÄrta.
PieslÄdzam iekÄrtu datoram un lasÄm tÄlÄk.
ViedkarÅ”u lasÄ«tÄja draiveris Linux kernelim
SCR3310 gadÄ«jumÄ nekÄdi papildus draiveri nebija jÄinstalÄ, jo tie nÄk komplektÄ ar pietiekoÅ”i jaunu kerneļa versiju. Kaut kur lasÄ«ju, ka senÄk vajadzÄja atjauninÄt firmware, bet paÅ”am ar to nav nÄcies saskarties.
CitÄm iekÄrtÄm varÄtu nÄkties uzinstalÄt papildus draiverus un/vai firmware.
ProgrammatÅ«ra komunikÄcijai ar iekÄrtu
Pieļauju, ka Å”im mÄrÄ·im pastÄv dažÄdas aplikÄcijas, bet vispopulÄrÄkÄ ir “pcscd” (PC/SC Smart Card Daemon).
Uz Archlinux to var uzinstalÄt palaižot:
$ sudo pacman -S pcsclite pcsc-tools
Uz Debian bÄzÄtÄm (Debian/Ubuntu/Mint/u.c.) sistÄmÄm to var uzinstalÄt palaižot:
$ apt-get install pcscd pcsc-tools
PÄc instalÄcijas jÄieslÄdz pcscd serviss. Uz Archlinux jÄpalaiž:
Uz Debian bÄzÄtÄm sistÄmÄm tam vajadzÄtu notikt automÄtiski, bet ja tÄ nenotiek, tad jÄpalaiž:
$ sudo /etc/init.d/pcscd start
Å obrÄ«d ieliekot e-paraksta viedkarti iekÄrtÄ, un palaižot komandu
$ pcsc_scan
vajadzÄtu parÄdÄ«ties informÄcijai par ievietoto karti. Ja parÄdÄ«ts tikai sarkans uzraksts “waiting for the first reader”, vai “waiting for the card”, tad attiecÄ«gi vai nu nestrÄdÄ iekÄrta, vai arÄ« Tu nepareizi esi ievietojis viedkarti. š
Ar to vien, ka spÄjam noteikt kÄda viedkarte ievietota iekÄrtÄ – nepietiks. Pcscd nav informÄcija par to kÄ pilnvÄrtÄ«gi komunicÄt ar LatvijÄ izsniegto e-paraksta viedkarti, tÄpÄc nepiecieÅ”ams uzstÄdÄ«t viedkarÅ”u ražotÄja bibliotÄku.
Archlinux lietotÄjiem esmu izveidojis luxtrust-middleware PKGBUILD failu, kas ir pieejams AUR sistÄmÄ. Ja lieto Archlinux un ir uzinstalÄts yaourt palÄ«grÄ«ks, tad to var uzinstalÄt izpildot:
$ yaourt -S luxtrust-middleware
Es gan neizpÄtÄ«ju vai Luxtrust bibliotÄkas nav atkarÄ«gas no citÄm bibliotÄkÄm, tÄpÄc, ja kaut kas nestrÄdÄ, lÅ«dzu paziÅot komentÄros.
Citu distribÅ«ciju lietotÄjiem vai nu jÄizpÄta iespÄjas konvertÄt esoÅ”Äs .deb pakas uz jÅ«su distribÅ«cijas paku formÄtu, vai arÄ« pakas saturs manuÄli jÄizpako, un jÄiekopÄ attiecÄ«gajÄs sistÄmas mapÄs (ko es noteikti nerekomendÄju darÄ«t).
Kad middleware programmatÅ«ra uzinstalÄta, vajadzÄtu varÄt atvÄrt PIN koda mainÄ«Å”anas aplikÄciju, ko var atvÄrt izpildot:
$ CCChangePinTool
Ja aplikÄcija atveras un viss strÄdÄ – lieliski, varam turpinÄt. Ja parÄdÄs kļūdu paziÅojumi – lÅ«dzu ziÅot komentÄros. š
PMLP, vai LVRTC iepriekÅ” piedÄvÄtajÄs middleware pakÄs tika lietoti citi failu nosaukumi. TÄ kÄ tie ir statiski ierakstÄ«ti e-paraksta Java aplikÄcijÄs, jÄizveido symbolic link, savÄdÄk saÅemsim kļūdas paziÅojumu.
$ cd /usr/lib/pkcs11/
$ sudo ln -s libgclib.so otlv-pkcs11.so
PÄrlÅ«kprogrammas konfigurÄcija
VÄlÄk izveidoÅ”u pamÄcÄ«bu Chromium lietotÄjiem, bet Å”obrÄ«d pieejama informÄcija par uzstÄdÄ«Å”anu uz Firefox.
Nosaukumu ierakstam pÄc izvÄles, bet pie Module filename norÄdÄm:
/usr/lib/pkcs11/libgclib.so
PÄc OK pogas nospieÅ”anas, sarakstÄ bÅ«tu jÄparÄdÄs jaunajai iekÄrtai. To izvÄloties, bÅ«tu jÄaktivizÄjas Log in pogai. Uz tÄs uzspiežot vajadzÄtu parÄdÄ«ties PIN koda pieprasÄ«juma logam. Ja tÄ ir, tad viss kÄrtÄ«bÄ.
TurpmÄk lietojot e-parastu, var gadÄ«ties, ka pÄc iekÄrtas, vai viedkartes atvienoÅ”anas un atkÄrtotas pieslÄgÅ”anas, var nÄkties pÄrstartÄt interneta pÄrlÅ«kprogrammu.
LVRTC un/vai Latvijas pasta sertifikÄti
PÄdÄjais solis ir sertifikÄtu pievienoÅ”ana. KÄ to izdarÄ«t uz Chromium – aprakstÄ«Å”u vÄlÄk. Å obrÄ«d pieejama pamÄcÄ«ba Firefox pÄrlÅ«kprogrammai.
Firefox vajadzÄtu automÄtiski piedÄvÄt uzinstalÄt sertifikÄtus, bet ja tÄ nenotiek, saglabÄjam tos datorÄ un pievienojam manuÄli, atverotĀ Firefox Preferences > Advanced > Certificates > View Certificates logu.
NobeigumÄ
Tagad visam vajadzÄtu strÄdÄt. Tikai jÄatceras, ka pÄc iekÄrtas pievienoÅ”anas, visdrÄ«zÄk, nÄksies pÄrstartÄt pÄrlÅ«kprogrammu, kÄ arÄ« labÄkais veids kÄ noskaidrot, vai viedkarte kÄrtÄ«gi ievietota iekÄrtÄ, ir izpildot komandu pcsc_scan.
ManuprÄt, lielÄkÄ daļa piekritÄ«s, ka e-paraksta ideja – iespÄja elektroniski parakstÄ«t dokumentus, iesniegt tos dažÄdÄm iestÄdÄm nosÅ«tot e-pastu , un parakstus pÄrbaudÄ«t elektroniski –Ā ir ļoti laba. Vairs nekÄda dirnÄÅ”ana garÄs rindÄs, nav jÄmaksÄ notÄram par paraksta apstiprinÄÅ”anu, kÄ arÄ« dokumentus var iesniegt no jebkuras vietas, kur pieejams interneta pieslÄgums.
IzklausÄs ļoti labi. GandrÄ«z pÄrÄk labi.
Å obrÄ«d reÄli LatvijÄ darbojas 3 dažÄdi e-paraksti, no kuriem tikai 2 varÄtu bÅ«t gana droÅ”i, un tikai vienu var iegÅ«t komplektÄ nesaÅemot to nedroÅ”o, turklÄt tas nav pieejams kuram katram.
Latvijas pasta e-paraksts uzÅÄmumiem – EME (viedkarte)
ID kartes, kuras var lietot pases vietÄ, ceļojot pa ES – eID (viedkarte)
VirtuÄlais e-parasts (nÄk komplektÄ ar eID, turklÄt no tÄ nav iespÄjams atteikties)
EME
SÄkumÄ tika ieviests EME. Å Ä·iet, ka tas neguva pietiekoÅ”i lielu atsaucÄ«bu, un pÄc eID iznÄkÅ”anas pie EME var pieteikties tikai uzÅÄmumi.
Neskatoties uz to, ka EME var pieteikt tikai caur uzÅÄmumu, tas vizuÄli izskatÄs ļoti nenopietni.
eID
ID kartes, kuras izsniedz PMLP, ir LatvijÄ oficiÄli atzÄ«ts dokuments. To var lietot ceļoÅ”anai pa ES, un, ja nemaldos, to var izmantot kÄ atgrieÅ”anÄs atļauju, ja tiek pazaudÄta pase (Ärpus ES).
TajÄs ir RFID Äips (tÄds pats kÄds jaunajÄs pasÄs), kÄ arÄ« e-paraksta viedkarte.
VirtuÄlais e-paraksts
IzstrÄdÄts Ä·eksÄ«Å”a pÄc?
VirtuÄlais e-paraksts ļauj parakstÄ«t dokumentus portÄlÄ eparaksts.lv un ir droÅ”s tikai tÄpÄc, ka tÄ ir ierakstÄ«ts likumÄ. š RealitÄtÄ tas ir pakļauts MITM uzbrukuma riskiem un tieÅ”i Ŕī iemesla dÄļ ar virtuÄlo e-parakstu parakstÄ«tus dokumentus nepieÅem praktiski neviena nopietnÄka iestÄde.
VarÄtu vaicÄt – kÄpÄc tad tika izveidots virtuÄlais e-paraksts?
Es varu tikai minÄt, ka tas tika izveidots tÄpÄc, ka eID un EME lietoÅ”ana ir gana sarežģīta, un lietoÅ”anas instrukcijas ir tik ļoti nepilnÄ«gas, ka gadÄ«jumÄ, ja nebÅ«tu izveidots virtuÄlais e-paraksts, tiktu sacelta liela jezga par kÄrtÄjo, ne lÄ«dz galam novesto e-paraksta risinÄjumu.
PotenciÄlÄs un reÄlÄs problÄmas
InformÄcija par e-paraksta lietoÅ”anu
SÄkumÄ Å”Ä·iet, ka eparaksts.lv mÄjas lapa ir ļoti pÄrskatÄma un labi strukturÄta, bet brÄ«dÄ«, kad mÄÄ£ini sameklÄt sev nepiecieÅ”amo informÄciju, rodas sajÅ«ta, ka pie sistÄmas strÄdÄjuÅ”i pirmklasnieki. InformÄcija daudzÄs lapÄs dublÄjas, bet dažas lietas vienkÄrÅ”i nav iespÄjams sameklÄt. Daļu tehniskÄs informÄcijas man bija vieglÄk sameklÄt Igaunijas e-paraksta mÄjas lapÄ, jo tÄ ir labÄk strukturÄta un informÄcija ir pilnÄ«gÄka.
OSX un Linux lietotÄjiem
Ja OSX (Apple) lietotÄjiem ir pieejama vismaz kaut kÄda nepilnÄ«ga un greiza informÄcija par e-paraksta viedkarÅ”u lietoÅ”anu, tad Linux lietotÄjiem pasaka, ka eparaksts.lv neatbalsta Linux operÄtÄjsistÄmu, un kaut arÄ« ražotÄjs (kas gan nekur nav norÄdÄ«ts) apgalvo, ka Linux ir atbalstÄ«ts, viÅi par to neko nezin un nevÄlas zinÄt.
VairÄk informÄciju izdevÄs sameklÄt pÄc tam, kad vienÄ no PDF dokumentiem atradu karÅ”u ražotÄja nosaukumu, un tÄlÄk jau palÄ«dzÄja Google.
Eparaksts.lv foruma administratori
E-paraksta mÄjas lapÄ ir arÄ« forums, kurÄ ikviens var uzdotĀ jautÄjumus.
VecÄkos foruma ierakstos var novÄrot, ka foruma administratori uz sev nepatÄ«kamiem jautÄjumiem cenÅ”as atbildÄt ar: “mÄs par to neesam atbildÄ«gi, ejiet pie PMLP”. TurklÄt, palasot Ŕīs tÄmas, var secinÄt, ka pievienotÄs saites uz PMLP lapu vairÄkas reizes palikuÅ”as nederÄ«gas. (KÄda velna pÄc PMLP lapai tik bieži maina linku struktÅ«ru?) [1,Ā 2,Ā 3]
Ja sÄkumÄ eparaksts.lv foruma administrÄcija centÄs novelt vainu uz PMLP, tad ar jauno e-parakstu, kas bÅ«tÄ«bÄ ir identisks vecajam (+ virtuÄlais e-paraksts), tiek piekopta vilcinÄÅ”anÄs stratÄÄ£ija. [1]
JaunÄkos ierakstos foruma administratori tÄmÄs, kas saistÄ«tas ar OSX un Linux instalÄcijÄm, paprasa, kuru no e-paraksta veidiem jautÄjuma uzdevÄjs ir domÄjis, tÄdejÄdi vilcinot laiku, droÅ”i vien cerÄ«bÄ, ka jautÄjuma uzdevÄjs vairs neatgriezÄ«sies. (Neviens lietotÄjs nepiesauktu operÄtÄjsistÄmu, ja mÄÄ£inÄtu lietot virtuÄlo e-parakstu. Un pat ja piesauktu, priekÅ” kam lieki tÄrÄt cilvÄku laiku? Uzreiz bÅ«tu uzrakstÄ«juÅ”i, ka no Linux un OSX “ne bÅ«, ne bÄ”, un lieta darÄ«ta.)
Mistiskie Latvija.lv paziÅojumi
MÄÄ£inot ar EME ielogoties portÄlÄ latvija.lv, parÄdÄs paziÅojums, ka ar Firefox un Opera pÄrlÅ«kiem nav iespÄjams ielogoties. [1] Kas tÄs par muļķībÄm?
Es vÄlÄk atÅ”ifrÄju, ka tas paziÅojums visdrÄ«zÄk ir domÄts Windows lietotÄjiem, kuriem IE un Chrome pÄrlÅ«ki lieto Windows iebÅ«vÄto sertifikÄtu sistÄmu, bet Firefox un Opera ir savas sistÄmas, kas oficiÄli netiek atbalstÄ«tas.
TÄs tieÅ”Äm izrÄdÄ«jÄs muļķības, jo beigu beigÄs man sanÄca ielogoties no Firefox un Chrome gan uz Linux, gan uz OSX.
Es noteikti kÄdÄ no nÄkamajiem rakstiem pievienoÅ”u pamÄcÄ«bu kÄ lietot e-parakstu OSX un Linux vidÄ.
E-paraksta standarts
E-paraksta dokumentiem ir savs standarts. AtvÄrts standarts. AtvÄrts standarts, kura dokumentÄcija hostÄjÄs Microsoft mÄjas lapÄ, bet saites uz tiem ir nomiruÅ”as.
…pag, tad ir open source, vai nav?
IzmeklÄjoties pa Google, pie dokumentiem var tikt caur lietuvieÅ”u adresÄm, jo izskatÄs, ka Latvija mÄÄ£ina Lietuvai piedÄvÄt tÄdu paÅ”u standartu.
E-paraksta programmatūra
Å obrÄ«d pieejamÄ e-paraksta programmatÅ«ra ir rakstÄ«ta programmÄÅ”anas valodÄ Java.
Labi, Java nav tÄ ÄtrÄkÄ, vai droÅ”ÄkÄ, bet vismaz bÅ«tu jÄdarbojas uz visÄm operÄtÄjsistÄmÄm, vai ne?
Kind of…
Darbinot pÄrlÅ«kprogrammu debug režīmÄ ievÄroju, ka uz Linux eparaksta appleti meklÄ neeksistÄjoÅ”as bibliotÄkas. Nezinu kÄpÄc tÄ, bet to izdevÄs atrisinÄt izveidojot symlinku uz ražotÄja bibliotÄku. Å Ä·iet, ka tas tÄpÄc, ka PMLP piedÄvÄtajÄs pakÄs bibliotÄkÄm ir citi nosaukumi. Diez kÄpÄc tÄ? Vai tur ir kÄdi papildus pÄrsteigumi? š
LejupielÄdei ir pieejama arÄ« offline lietoÅ”anai paredzÄta e-paraksta aplikÄcija (joprojÄm Java).
TajÄ atverot jaunu dokumentu izlec dažÄdas izstrÄdÄtÄja reklÄmas. Es ceru, ka par to izstrÄdÄtÄjs valstij iedeva nelielu atlaidi. š
Fun fact: Ideja par vÄlÄÅ”anÄm internetÄ
ManuprÄt, ja Å”obrÄ«d vÄlÄÅ”anas notiktu internetÄ, tad vai nu tajÄs caur internetu nobalsotu labi ja 0.1% vÄlÄtÄju (ja viedkarÅ”u lietoÅ”ana bÅ«tu obligÄta), vai arÄ« ļoti ticams, ka vÄlÄÅ”anu rezultÄti bÅ«tu sagrozÄ«ti (virtuÄlÄ e-paraksta potenciÄlo ievainojamÄ«bu dÄļ).
Fun fact: E-paraksta time stamp serveri darbina IIS
Man nav nekÄdu iebildumu pret Microsoft (ir gan) un kompilÄtu kodu, bet pÄrÄk bieži ir redzÄtas problÄmas ar caurumainu, nepÄrskatÄmu binÄru blÄÄ·i, ko beigÄs nav iespÄjams izlabot, jo ražotÄjs, protams, nav iedevis izejas kodu. Protams, tÄ nav problÄma, ja Tev ļoti patÄ«k darboties asemblerÄ«. š
Es ļoti, ļoti ceru, ka tuvÄkajÄ laikÄ netiks atrasta kÄda Windows vai IIS ievainojamÄ«ba, kas ļautu bojÄt time stamp servera darbÄ«bu.
Fun fact: Caurums e-paraksta forumÄ?
Apskatot foruma arhÄ«vu, pÄdÄjÄ lapÄ atradu ko interesantu.
Vai esmu vienÄ«gais, kurÅ” to pamanÄ«jis? Un ja ir Å”Äds caurums, cik liela iespÄjamÄ«ba, ka pÄrÄjÄ sistÄma ir droÅ”a? š
ProblÄmu risinÄjumi un pozitÄ«vais
Es ieteiktu LVRTC darbiniekiem pakonsultÄties ar zinoÅ”Äkiem Linux un OSX lietotÄjiem/administratoriem, lai izveidotu jaunu, derÄ«gu pamÄcÄ«bu, kÄ uz Linux uzinstalÄt nepiecieÅ”amÄs bibliotÄkas un draiverus, kÄ arÄ« nomainÄ«t kļūdu paziÅojumus, lai lietotÄji netiktu maldinÄti. Tas nav tik sarežģīti, vai neiespÄjami.
Pozitīvais
Eparaksts.lv foruma lietotÄji
Ar e-paraksta foruma lietotÄjiem nav tik traki kÄ ar administratoriem. VairÄki lietotÄji ir ierakstÄ«juÅ”i tÄ«ri labas pamÄcÄ«bas. Ja vÄl strÄdÄtu programmatÅ«ras lejupielÄdes saites, un tiktu norÄdÄ«ts, ka pastÄv arÄ« programmatÅ«ra, kas domÄta 64 bitu sistÄmÄm, bÅ«tu pavisam labi. š
Offtopic: ViedkarÅ”u lasÄ«tÄju SCR3310 no ebay var pasÅ«tÄ«t pa ~10 latiem.
Kad tomÄr izdodas uzstÄdÄ«t nepiecieÅ”amo programmatÅ«ru, lietot e-parakstu ir diezgan vienkÄrÅ”i un Ärti.
Some people tried to avoid Skype (and Facebook, Gmail, etc.) long before Snowden’s leaks, but most never cared and still don’t. And when you are the only fool abandoning Skype, you don’t really have anyone online to communicate with. Even if it’s only for chit chat and sharing your 9gag links.
I made a small Python script that sends messages between XMPP and Skype chats.
At the moment it uses Skype4py and python’s XMPPĀ library to act as a client. It would be cooler if Jabber’s part would get integrated in the XMPPĀ server itself, thus allowing to simulate Skype users as real XMPPĀ users. But I probably won’t do it because it takes too much effort and it already works the way it is.
Yes, it leaks stuff to Skype, so this should only be used for more or less public chats.
After I clean up the code a bit, I’ll put it on Github.
P.S. And making these bridges actually encourage more users to migrate to your XMPP server.
Uploader v4 is out and it is miles ahead of v3 in terms of stability, ease of setup and ease of use.
Even though I released it a few months ago, there were some things I wanted to add and test before I announce it to the public. It now performs better than I expected so I figured I should write about it here.
The new start/stop/status script in action.
Setup
Statically compiled – no need for compiling
The time it takes to do the initial setup has been reduced a lot. There is no need to install any dependencies anymore because Uploader is now available as a statically compiled i686 binary that should run on most Linux servers.
I also made statically compiled rTorrent (with the headless patch), tmux, lighttpd and other tools that are used with the uploader. You can use these versions to save some time going through dependency hell and compiling, or you can use your own binaries if you wish to. (Since statically compiled binaries might be of interest to some of you, especially in case of rTorrent, I’ll talk about this in a separate post. Sources are on my Github page.)
This is good news because it isĀ possible to run Uploader on Ā shared seedboxes. So far I have tested it only on some shared boxes with SSH access but it should be possible to use it without ssh as long as there is some way to execute the binary.
Better structured, completely portable
In previous versions it took some time to change paths in every configuration file to make it work after moving it to other location. The new version uses relative paths and some cool scripts to make sure it runs no matter where you move it.
Just move “tuper4/” folder to a new location/server and run it without doing any manual changes.Ā Yes, it is that simple.
Easy to migrate
If you are still using the previous version it is easy to migrate to v4 using the new migrate script. Just run a single command and your’e all done.
Automatic updating
V4 will receive critical updates automatically by default. This means that when a download source or some API changes and breaks some functionality, it will fix itself as soon as update is available.
Update status messages on the server during testing.
Usability and features
Now, when deploying and updating is made easy I have had more time to focus on new features and usability improvements.
Uploader is now easier to use by novice users and at the same time more advanced features have been added for the more experienced users who need more control over how things work.
Features
Multiple functions were fixed and new features were added to the core of the Uploader. Among them are:
Easier to view and understand debugging messages;
Better dupe detection;
Smart IMDB title search. This allows automatic IMDB info and poster retrieval;
Fixed TVRage info lookup for TV shows;
Updated GiantBomb game info retrieval functions;
Better BBCode converter and image uploading functions to include screenshots and other images in the description;
Fixed RAR and ZIP extraction functions that allow automatic creation of new unpacked releases.
Better handling of unicode, messed up encoding and ascii art.
Ascii art removal test
Some of the non-core improvements:
Added new debugging tool called “logstream” that uses websockets to show realtime message output of the Uploader. It also shows process groups and allows to view output of each single task;
Modified browser plugin to use websockets to show realtime status of the task being run;
New version of web panel is being worked on;
New script to easily start, stop and see the status of the Uploader and all the related processes (rTorrents, lighttpd).
Logstream output showing task history.
Better support
Making it easier to set up and update gives more time for supporting users and helping them find answers to their questions.
Also wiki and forum has improved and it is easier to find answers than it was before.
Music release info search results for Waffles upload form.
Existing users
And as it has always been, existing users still get the access to the latest version and it probably will stay this way in the future.
Summary
As years have passed, Uploader is still being developed and version 4 is a big step forward. It is completely different experience to how it was couple years ago. Making these changes makes it better for you, saves more time for me and it also means that it costs less. So, when you need the ultimate tool to automate it, you know where to look. š
