The Promised Lan

Remember how happy we were when finally got clicky with nm-applet?

I don’t know about you, but I’ve been wishing, hoping and waiting (not helping or coding of course!) a long time for a useable command line client for network-manager. cnetworkmanager came and went without anyone actually trying it, and then nmcli showed up.

nmcli syntax is a little less than intuitive, and if you’re like me it took you a while to notice that the problem you were having with it was not in fact that you couldn’t figure out the syntax, it was that it would not do the thing you were trying to get it to do!
Well eventually anyway. As it turned out it; would do 2 out of 3. That is you could:
bring up or down networks that network-manager already knew about:
nmcli con down id NetworkImDoneWith
nmcli con up id MyAwesomeNetwork
In the process of figureing that one out, we all learned to list nm’s known networks:
nmcli con list
Which does’nt count as one of the three, because while it’s kind of nostalgic to see an SSID you connected to in 2009 on that work trip to Illinois, until you’re wrestling with nmcli you’d never want to do this, it’s the equivalent opening nm-connection-editor and opining over each tab.

But oh boy were you excited that day at the coffee shop when you were practicing running your whole system from a framebuffer on tty1, and discovered that nmcli could list the _new_ networks available:
nmcli dev wifi

</facepalm!>

If it can list them surely we can connect to them!

Alas, it was not to be. After plugging through all the syntactic options for nmcli and it’s dev,nm,con subcommands you gave up and hit ctrl+alt+f7 logged into to X and clickyclickyclickied on “aztec cafe” so easy and so defeating.

You knew someday you would not suffer so.

That time is now!

The nmcli that comes with network-manager 0.9.6 (0.9.6.4-2 is already in debian experimental) includes the all new “wifi connect” command:

$ nmcli dev help
Usage: nmcli dev { COMMAND | help }

COMMAND := { status | list | disconnect | wifi }

status
list [iface ]
disconnect iface [–nowait] [–timeout ]
wifi [list [iface ] [bssid ]]
wifi connect <(B)SSID> [password ] [wep-key-type key|phrase] [iface ] [bssid ][name ][–private] [–nowait] [–timeout ]

That mess translates into, You can now finally attach to a new network:
“Hmm are there are any networks here?”
nmcli dev wifi
SSID BSSID MODE FREQ RATE SIGNAL SECURITY ACTIVE
'JoesHouse' 00:30:DE:AD:BE:EF Infrastructure 2412 MHz 54 MB/s 67 WPA WPA2 no

“Sweet, oh wait it’s wpa, ‘Hey Joe what’s your wifi password?, Cool thanks'”
nmcli dev wifi connect JoesHouse password correcthorsebatterystaple

Effing finally. 😀

( /me is accepting wagers on whether someone mentions pkexec in the comments)

Rancid “Really Awesome New ConfIg Differ” is a very cool little suite of scripts that monitor the configurations on routers or other devices and keeps them in a version control system. If you admin more than a few such devices I highly recommend it. Not only is it a lifesaver to have the configs backed up and diffed automatically, but it can be fun to abuse some of the internals like the “clogin” script to push out changes or the like.

Rancid is full of very good expect scripts that know how to get all kinds of info from Cisco routers and a slew of other devices.

But I wanted to use it the same way with my vyatta routers too. I had great hopes of writing excellent expect scripts to do it, there was just one problem. I don’t know how to do that 😐

Fortunately in addition to the preconfigured device types, someone figured out that rancid can also be set up with a “wrapper” device where you can just throw in any ugly script and it will point it at your device and throw whatever comes back into CVS just like it was one of the carefully parsed and sanitized configs.

The proof-of-concept code for that was a perl script called vpn3k written by Michael Stefaniuc at Red Hat, that could scp configs for Altera’s VPN 3000 concentrators. So I hacked it up a little bit to grab a couple snmp strings and then scp over the written config. That’s pretty sub-optimal since you only get the saved config, not the running config. Also Mr. Stefaniuc warns that the script may eat babies. But it works, and I don’t have to set up seperate cronjobs or CVS and the like. It all gets taken care of by rancid just like the non-free routers.

wrancid

Is the actual wrapper code that sits in $RANCID_HOME/bin in lieu of a good expect script and calls the perl script:

vyatta_rancidwrapper

Which you copy to $RANCID_HOME/share/wrapper/vyatta (note the name change) where it will make a new device type of wrapper.vyatta available for you to use in your router.db file:

someciscorouter.promisedlan.org:cisco:up
opencorevyatta.promisedlan.org:wrapper.vyatta:up

You do have to set up scp to work unattended also. I recommend you do it with authorized_keys, though the other rancid scripts can store plain text passwords (for telnet!) in the .cloginrc file, so you can be just as insecure as you’d like.

Well struggling with silly ideas like freedom and autonomy have taken up a really significant amount of my time and mental energy over the last few years.

Today inspired by some wise words from one of my ettiquette coaches,

I’ve decided to take a little different direction with my “online presence” such as it is.

This will be the last post from my autonomously hosted website. In the future if you’re interested in seeing what I’m up to please visit my new website:

3039

I’m also on twitter, and foursqualor.com ( The second most popular site on the internet!)

So if you also have no concerns about who owns and controls your personal data”>concerns about who owns and controls your personal data, I encourage you to join me in using whichever thing that’s a lot like the World Wide Web but is less powerful has some php doodads, and includes spying for free, that is popular this year.

BTW, does anyone have a gmail invite I could get? Thanks.

One of the side effects of the Ubuntu community being so large, is that it’s now commonplace for software to get packaged for Ubuntu before (and sometimes _long_ before) it makes it into Debian.

That’s been the case so far for chromium, the open source browser sposored by google. But I’ve been wanting to try it. So I went ahead and used the chromium-daily source repository from the Ubuntu PPA and built an amd64 package for Debian testing.

It seems to work fine:
3029
Though I have’nt exactly put it through it’s paces yet. And it took me a minute to find how to make it use the local gtk theme (brown of course!).

Also debuting today is:
repo.thepromisedlan.org

You can follow the instructions there to add the tpl repository to your sources.list, or feel free to just grab the binaries:
chromium-browser
and
chromium-codecs-ffmpeg

So at work we have some rarely used dial-in modems. The users are all configured locally on the router with the modem bank, so modemconfigfile contains strings like this:
!username sam password <removed>

Well, I needed to send a brief message to all of the modem users, so I needed a way to translate a few dozen of the lines above into something I could paste into the bcc: bar of my mua. Also a few of them were not using their real email usernames for the modem.
So given a handy local copy of the mail servers passwd file, here’s what I came up with:
grep username modemconfigfile |cut -d " " -f 2 | for USER in `cat`; do grep $USER passwd > /dev/null; echo $USER $?; done |grep 0 |cut -d " " -f 1 | sed s/$/@ourdomain.com/g | tr '\n' ','

Which does indeed spit out a list of verified email addresses comma seperated, and ready to be pasted. It is still missing the real addresses of those users with different usernames, but there were only a few so I looked them up manually with the output of
grep username modemconfigfile |cut -d " " -f 2 | for USER in `cat`; do grep $USER passwd > /dev/null; echo $USER $?; done |grep -v 0
as a starting point.

Man I really need to learn perl or something. I couldn’t even fit that in an Identi.ca posting.

Update: DOH!, keen observers will have noticed that until this update, the above created output like user1.ourdomain.com, user2.ourdomain.com
Which of course are not email addresses. So s/./@/ and we’re back on track.
I guess that’s what I get for hours of DNS updating just previous. 😛

Annoyed by the !BONG! noise that macbooks make when you power them on?

Apparently if you turn the volume down in Mac OS it saves a similar volume as an nvram setting in the EFI. So if you’re dual-booting or somesuch, you can just turn the volume down.

But what about those of us who wiped out the legacy OS in the first few minutes of owning the thing and never looked back?
Well only a few years later 🙂 with the help of the mactel-linux-user list I can now turn off that blasted noise.

With new improved silence!

It goes like this:
#Boot EFI shell (from rEFIt, I don’t have rEFIt installed so i used a CD)
#spend 30 minutes finding the paginate switch for help 🙂
Shell>help -b

#cd to a writable partition (fs0 was the rEFIt CD, so fs1 was the 100MB fat/efi partition)
Shell>fs1:
fs1:\>

#dump the nvram variable
fs1:\>dmpstore SystemAudioVolume -s sav.txt

#edit the the dumped variable with a hexeditor (probably wiser to keep
the original dump and edit a copy)
fs1:\>hexedit sav.txt

#load the new nvram variable
fs1:\>dmpstore SystemAudioVolume -l sav.txt

#exit to refit and reboot
fs1:\>exit

Enjoy the BONGless restart.

So for a while it wasn’t apparent what value to change with the
hexeditor, and tbh, not being familiar with any hexeditor, I’m not sure
I got it right. Further experimentation indicates I may have just borked
it, but apparently that also serves to make it shut up.

The dmpstore’d files (now back in Debian) look like this:

$ cat SystemAudioVolume.txt
$SystemAudioVolume(and some illegible characters with no new line)

$ hexdump -C SystemAudioVolume.txt
00000000  24 00 00 00 53 00 79 00  73 00 74 00 65 00 6d 00  |$...S.y.s.t.e.m.|
00000010  41 00 75 00 64 00 69 00  6f 00 56 00 6f 00 6c 00  |A.u.d.i.o.V.o.l.|
00000020  75 00 6d 00 65 00 00 00  10 61 43 7c 2a ab bb 4b  |u.m.e....aC|*..K|
00000030  a8 80 fe 41 99 5c 9f 82  07 00 00 00 01 00 00 00  |...A.\..........|
00000040  71                                                |q|
00000041

(In hexedit.efi the 00000041 line did not appear.)

Since running dmpstore SystemAudioValume by itself returned output
something like:
00000: 71 “q”
I took a guess and replaced the 71 with 80 (as suggested on the mailing list.) getting:

$ hexdump -C SystemAudioVolume80.txt
00000000  24 00 00 00 53 00 79 00  73 00 74 00 65 00 6d 00  |$...S.y.s.t.e.m.|
00000010  41 00 75 00 64 00 69 00  6f 00 56 00 6f 00 6c 00  |A.u.d.i.o.V.o.l.|
00000020  75 00 6d 00 65 00 00 00  10 61 43 7c 2a ab bb 4b  |u.m.e....aC|*..K|
00000030  a8 80 fe 41 99 5c 9f 82  07 00 00 00 01 00 00 00  |...A.\..........|
00000040  80                                                |.|
00000041

Which turned off the bong and I’m happy. But for kicks I also tried 32
(for 25% more BONG)

$ hexdump -C sav.txt
00000000  24 00 00 00 53 00 79 00  73 00 74 00 65 00 6d 00  |$...S.y.s.t.e.m.|
00000010  41 00 75 00 64 00 69 00  6f 00 56 00 6f 00 6c 00  |A.u.d.i.o.V.o.l.|
00000020  75 00 6d 00 65 00 00 00  10 61 43 7c 2a ab bb 4b  |u.m.e....aC|*..K|
00000030  a8 80 fe 41 99 5c 9f 82  07 00 00 00 01 00 00 00  |...A.\..........|
00000040  32                                                |2|
00000041

But that also gave me silence, so I think I’m doing it ‘wrong.’
However reloading the original (71) file did bring back the bonging. So
I don’t think any of this is particularly dangerous for those who may
want to here the noise again someday. 🙂

Oh man! I knew I should have moved to Brazil!