bloovis.com

There are a number of ways to encrypt a file system on Linux, and the choices of strategies (single directory or entire partition) and tools (dm-crypt, LUKS, losetup) can be bewildering. I didn’t have a spare partition to play with, and I wanted to use what seemed to be regarded as the preferred tool (LUKS). So here’s how I created an small encrypted directory on SLED (SUSE Linux Enterprise Desktop 10 SP2). (I cobbled together this information from Encrypted Root File System with SUSE and File System Encryption.) I performed all of these steps as root in root’s home directory.

First I created a 100 MB file and filled it with random data:

dd if=/dev/zero of=private bs=100M count=1
shred -n 1 -v private

I created a loopback device that referred to this file:

losetup /dev/loop0 private

I loaded various kernel modules required for encryption:

modprobe dm-mod
modprobe dm-crypt
modprobe aes
modprobe sha256
modprobe sha1

I created an encrypted mapping for the device:

cryptsetup -v --key-size 256 luksFormat /dev/loop0

At the prompt, I entered a passphrase (which would be used later to open the device). I verified that the encryption setup had succeeded using:

cryptsetup -v luksDump /dev/loop0

I opened the encrypted device, and at the prompt typed same the passphrase I had entered earlier:

cryptsetup luksOpen /dev/loop0 private

This created a mapping device at /dev/mapper/private. The next step was to create a file system:

mkfs.ext3 /dev/mapper/private

Finally, I mounted the file sytem at /mnt:

mkdir /mnt/private
mount /dev/mapper/private /mnt/private

At this point, I now had a 100MB encrypted directory, mounted at /mnt/private and backed by the file ~/private.

To unmount the file system and close the encrypted device, I did this:

umount /mnt/private
cryptsetup luksClose private

I bought my first ThinkPad nine years ago, and now have five of them. Two of them (an A30p and a T40) are hopelessly broken, with system boards that either won’t power up or won’t stay powered up. The others are working pretty well, including the oldest one, a model called the 380Z, which despite the name, has no relation to Datsun sports cars.

The 380Z served me well for a couple of years. It was running Mandrake Linux practically from day one, and was a reliable, non-sleek tank. Recently I thought it might be fun to update it to a more recent Linux. But its specs are quite modest by today’s standards. Its power is about 1/10th that of a modern laptop in just about every area: 96 MB of RAM, a 233 MHz Pentium II processor, and a 4 GB hard disk. Nothing could be done about the RAM, and that’s the biggest problem, because most Linux GUIs these days (KDE being my favorite) require about 256 MB at a minimum if you want some memory left over for running a browser. The hard disk problem solved itself: when I powered the machine on yesterday for the first time in a year, the disk made terrible clunking and seeking noises and the BIOS reported it as dead. So I swapped in an 80 GB disk from the dead T40.

Now at least the machine could boot and presumably take a new OS installation. But what to install? I am a fan of PCLinuxOS, but it’s a bit on the heavy side for such a lightweight machine. So I tried a cut-down version of this OS called TinyMe 2008. This distro replaces the lovely but somewhat porky KDE GUI with a lightweight GUI based on various minimalist components (Openbox, LXPanel, Nitrogen, and iDesk).

I ran into a serious problem during installation having to do with the limited RAM on the 380Z. If a swap partition was not already available on the hard disk, then the live CD installer would eventually crash, apparently due to running out of RAM. My solution was to create a swap partition manually, enable it, and patch the installer so that it wouldn’t die when attempting to mount or unmount the swap partition.

The first step was to create the swap partition. This was accomplished by running the installer, and telling it to use the entire disk. The installer created three partitions, one of which was a swap, and then asked me to reboot the system. I did that, and when the login screen came up, I switched to a text console using Ctrl-Alt-F1, and logged in as root. I formatted and enabled the swap partition using mkswap /dev/hda5 and swapon -a. Then I switched back to the login screen using Ctrl-Alt-F7.

After logging in as root in the GUI, I launched a terminal (called Sakura) and edited two of the installer Perl scripts so that it wouldn’t die trying to mount or unmount the swap partition.

• /usr/lib/libDrakX/fs/mount.pm: I edited the two lines containing syscall_('swapon',...) and syscall_('swapoff',...), changing the die calls to print.
• /usr/lib/libDrakX/draklive-install: I commented out the line containing fs::mount::swapoff by prefixing it with a # character.

After these changes, the installer completed successfully without aborting or crashing the system. The resulting installation is a minimal Linux system that uses Opera as its web browser. This is certainly a decent alternative to Firefox, but I do miss the AdBlock Plus extension that makes browsing commercial, ad-laden sites more pleasant. The Orinoco-based wifi card (a Dell TrueMobile 1150 PCMCIA card) is supported and works perfectly with WEP (but probably won’t work with WPA, if past experience can be trusted).

The main post-installation problem was that sound didn’t work. The 380Z has an old Plug-And-Play Crystal Sound 423x device that pre-dates PCI. After a day of Google searching and experimentation, I determined that the ALSA driver (snd-cs4232) would not work, and that I needed to use the older OSS driver (cs4232). I edited /etc/modprobe.d/sound to look like this:

alias snd-card-0 cs4232
alias sound-slot-0 cs4232
options cs4232 io=530 irq=5 dma=0 dma2=0

I verified these settings by running the ThinkPad’s DOS-based configuration utility, PS2.EXE. I also found it necessary to run aumix after booting to bring up the speaker and PCM levels to audibility.

Another problem with the installation is that graphics acceleration was not enabled; this was very apparent when scrolling or moving windows. The solution was to run the PCLinuxOS Control Center, select “Hardware” and “Set up the graphical server”, and change the resolution bit depth from 24 bits to 16 bits. This is apparently required to work around a limitation of the NeoMagic graphics chip in the 380Z.

Today I updated my ThinkPad R61, which came with SUSE Linux Enterprise Desktop (SLED) SP1, to SP2. I did this entirely online, using this Novell document as a guide. In particular, section 9.2.3, “Updating to a Service Pack” and “Starting with YaST Online Update” described the process I used.

There were a few gotchas with the documentation. Some of the package names didn’t match what I saw on my system. But more seriously, I needed to run the Yast2 Novell Customer Center Configuration tool before anything would work. Registering one’s installation is apparently the only way to add the service pack repositories to Online Update. Otherwise, the process went smoothly, and the system appears to be running well after a reboot.

I noticed one small glitch after installing SP2: fonts in both KDE applications and Firefox looked very fuzzy. After some head-scratching, I fixed this by disabling subpixel hints in anti-aliased fonts. To do this, start the KDE Control Center (which SUSE calls “Personal Settings”), then select Appearance & Themes, then Fonts, then press the Configure button, then un-check “use subpixel hinting”.

SUSE Linux Enterprise Desktop 10 SP 1 (or SLED), as installed on the ThinkPad R61, is based on SUSE Linux 10.1. This distro includes a somewhat old version of Ruby on Rails, a popular web development framework. I wanted to use the latest version of Rails, but before I could do that, I needed to build and install the latest stable versions of Ruby and Rubygems (Ruby’s package management system). This wasn’t too difficult, but there were a few non-obvious steps along the way. (All of the steps described here were performed while logged in as the root user.)

I first used the Software Management tool in Yast2 to delete the existing Ruby packages I’d previously installed. Then I downloaded the source for ruby 1.8.6 here. Before building it, I had to unset the RUBYOPT environment variable, which was set to “rubygems” by SUSE. Then I built the basic Ruby interpreter using these commands:

./configure
make
make install

This process didn’t build or install the tk extension, which I use in a couple of my Ruby scripts to build simple GUIs. To build that, I first needed to use the Software Management tool in yast2 to install the tcl-devel and tk-devel packages. Then I built and installed the tk extension using these commands:

cd ext/tk
ruby extconf.rb
make install
cd tkutil
ruby extconf.rb
make install

Then I downloaded the latest version (1.1.1) of Rubygems here, and installed it using this command:

ruby setup.rb

Finally, I was able to install the latest Rails using Rubygems:

gem install rails

This installed all of the packages that Rails depends on, such as ActiveRecord.

Lenovo now sells some ThinkPads that come with SUSE Linux Enterprise Desktop 10 SP 1 instead of Windows. The cheapest of these is the R61. I have owned an R61 for about a month and it’s quite nice. SLED has been performing admirably, and pretty much everything Just Works, including video, sound, suspend to disk or RAM, DVD movies, and wireless. The Network Manager is especially nice, and it reliably detects and configures wireless connections, and automatically connects to networks it’s seen before. The wireless antenna in this laptop is very sensitive and picks up networks that other laptops miss.

But SLED did need a little bit of tweaking to suit my tastes. First, by default SLED uses Gnome as its GUI, and while it looked fine, I’ve been using KDE for many years and wanted a familiar environment. I also wanted to migrate all of my mail (which is stored in KMail) to the new system. But installing KDE wasn’t completely trivial. In the Software Management part of Yast (the SUSE control panel) there didn’t seem to be a single master KDE package that would pull in everything I needed. So I ended up installing the following packages (as printed by rpm -qa | grep kde):

kdebase3-3.5.1-69.52
kdenetwork3-3.5.1-32.24
kdebindings3-3.5.1-19.2
kdemultimedia3-CD-3.5.1-20.15
kdebase3-beagle-3.5.1-69.52
kdenetwork3-InstantMessenger-3.5.1-32.24
kdelibs3-3.5.1-49.39
kdelibs3-doc-3.5.1-49.35
kdepim3-3.5.1-41.30
kdepim3-networkstatus-3.5.1-41.30
kdegraphics3-pdf-3.5.1-23.13.1
kdebase3-kdm-3.5.1-69.52
kdemultimedia3-sound-3.5.1-20.15
kdegraphics3-scan-3.5.1-23.13.1
kdemultimedia3-video-3.5.1-20.15
kdepim3-sync-3.5.1-41.30
kdegraphics3-kamera-3.5.1-23.13.1
kdegraphics3-postscript-3.5.1-23.13.1
kdebase3-session-3.5.1-69.52
NetworkManager-kde-0.1r588481-1.17
kdebindings3-ruby-3.5.1-19.2
kdebase3-ksysguardd-3.5.1-69.52
kdemultimedia3-mixer-3.5.1-20.15
kdelibs3-arts-3.5.1-49.35
sled-kde-user_en-10.1-0.11
kdemultimedia3-3.5.1-20.15
kdeutils3-laptop-3.5.1-25.14
kdeutils3-3.5.1-25.14

I didn’t have to select all of these packages manually; some were pulled in via dependencies.

Once KDE was installed, it still wasn’t presented as an option at the login screen. I had to edit /etc/sysconfig/displaymanager and change DISPLAYMANAGER to “kdm”. Then rebooting brought up the proper login screen.

Then I discovered that KMail wasn’t able to send mail via authenticated SMTP. After some frustrating Google searches, I discovered that I needed to install the following Cyrus packages (as printed by rpm -qa | grep cyrus):

cyrus-sasl-plain-2.1.21-18.4
cyrus-sasl-crammd5-2.1.21-18.4
cyrus-sasl-digestmd5-2.1.21-18.4
cyrus-sasl-gssapi-2.1.21-18.4
cyrus-sasl-2.1.21-18.4
cyrus-sasl-saslauthd-2.1.21-18.4
cyrus-sasl-otp-2.1.21-18

Finally, there was a strange problem running Yast from the KDE menus: nothing seemed to happen after I typed the root password, although running it manually from a terminal window logged in as root worked fine. It appears that running Yast via kdesu is not always reliable. To work around this, I created a desktop icon that runs gnomesu yast2, and that works every time. But strangely, now I can’t reproduce the problem with kdesu. So this problem still remains to be diagnosed.

I recently needed to send my credit report to a landlord, and it seemed as if a PDF file would be the logical choice. So I needed a way to create a PDF file directly from Firefox, since the credit reporting agency didn’t provide an option for creating a PDF. Fortunately, there is a cups-pdf package that lets you do this. However, getting it to work in Firefox is not completely obvious. Here’s how to do it in PCLinuxOS 2007:

First, install the cups-pdf package in synaptic (the program labelled “Package Manager” in the toolbar).

Then, as root, restart cups using this command in a Konsole (or other terminal window): service cups restart. (This step may not be necessary, but it doesn’t hurt either.)

At this point, the KDE browser, Konqueror, will be able to see the “CUPS-PDF” printer in its Print dialog. But Konqueror has problems with rendering pages this way, so you’ll want to use Firefox instead. But Firefox won’t see the printer.

Back in Firefox, visit the CUPS configuration page. You’ll be asked to provide the root username and password. Click on the “Administration” tab. You should see the “Virtual PDF” printer under “New Printers Found”. Click the “Add This Printer” button. In the “Make/Manufacturer” page, select “Generic”. In the “Model/Driver” page select “Generic PostScript”.

Now Firefox should be able to see the CUPS-PDF printer in its Print dialog.

When you print a page using this pseudo-printer, the output goes to a PDF file on your desktop (the ~/Desktop directory). There’s no easy way to change the directory or filename that cups-pdf uses, so you’ll probably want to move or rename the file after it’s created.

On my ThinkPad A30p, watching a DVD with Kaffeine often results in very uneven, jerky video. This has been a problem with both PCLinuxOS 2007 and Mepis 6.5. The cause appears to be an obscure kernel bug that disables DMA on the CD-ROM drive. The fix is to run the following command as root after Kaffeine has started:

hdparm -d1 /dev/cdrom

It doesn’t work to enable DMA before starting Kaffeine (it’s enabled by default when the system boots). It has to be done after Kaffeine has opened the DVD and started to display its menus, and it has to be done with each new DVD. It’s not a big nuisance, but you can create an icon on the desktop to make it a little easier:

• As root, edit /etc/sudoers and add a line like the following:
  bloovis localhost = NOPASSWD: /sbin/hdparm
  Be sure to change bloovis to your actual user name.
• Create a desktop “link to application”, where the command to run is:
  sudo hdparm -d1 /dev/cdrom

Curiously, this problem doesn’t occur on my other Thinkpads (A21m, T40) even when running the same versions of Linux.

Playing music directly from CDs is, like, so last millennium. I don’t even own a CD player any more, unless a laptop with a CD drive counts. I do all my listening now via a 4th-generation iPod and a Treo 700p.

The problem is that most popular music file formats, particularly MP3, are encumbered by patents. The owners of these patents require license fees if you use files in these formats for commercial purposes, or make them available for downloading via the internet, or copy them to a physical medium like a CD — essentially, you have to pay protection money for any purpose except private use in the home.

Because the legality of patented file formats is questionable for Linux users, I decided to stop using these formats altogether. Fortunately, there are free formats that work just fine: FLAC (a lossless format), and Ogg Vorbis (a lossy format conceptually similar to MP3). My fourth generation iPod didn’t support these formats, but replacing the iPod’s firmware with Rockbox fixed that problem. The commercial Pocket Tunes software for the Treo also plays Ogg Vorbis files.

So now the interesting technical problem was to convert my CD collection to digital files for use on the computer and my two playback devices. My first two attempts at this were failures because I mistakenly chose to rip the CDs initially to Ogg Vorbis and MP3. This was a mistake because these formats are lossy, and some audio fidelity is lost in the conversion process. I could hear the loss in fidelity when comparing a CD of the Brahms First Symphony with an Ogg Vorbis file created with -q3 (equivalent to MP3 at 128Kbps). The opening bars of this symphony are very thick, and the Vorbis file sounded muddy compared with the CD. Increasing the Ogg Vorbis quality level to -q6 cleared up the muddiness, but I realized that I need to start from scratch with the ripping process.

Now my strategy is to first rip CDs to FLAC files. FLAC is a lossless format, so these files are, in essence, an exact copy of the music on the CD. FLAC is quite bulky, anywhere from three to six times the size of an Ogg Vorbis -q6 file of the same recording. But the FLAC files only need to live on the ThinkPad, not on the iPod or the Treo. When the ThinkPad disk fills up, I back up the FLAC files to an external USB disk, then delete them from the ThinkPad disk. I’m not too worried about the lack of redundancy here because the CDs act as the ultimate backup.

Once I have the FLAC files, I then transcode them to whatever lossy format I need for playback, typically Ogg Vorbis. As mentioned earlier, I use quality level -q6 for this step, because I find it produces results that, to my ears, are nearly indistinguishable from the original CD.

The workflow for these steps (ripping, tagging, transcoding, syncing) was not so easy at first. I was using GUI tools like grip, but as with nearly all GUIs, these tools required a large amount of manual labor: filling out forms, clicking buttons, and so forth. The problem was particularly annoying when I had ripped several albums and wanted to convert them all at once to Ogg Vorbis.

To make the process of ripping and tagging more automatic, I invented an album description file format, and wrote some Ruby scripts that use these “album files”, as I call them. Album files are simple text files that contain the artist, album title, genre, date, and track names. Here’s a hypothetical album file:

Artist=Brahms
Album=Piano Works - Radu Lupu
Genre=Classical
Date=1970
Rhapsody in B minor Op. 79 #1
Rhapsody in G minor Op. 79 #2
Intermezzo in E flat Op. 117 #1
...

The first step in ripping a CD is to create an album file for it. There are several online databases of track information that can be used; I use freedb.org. The script cdmakealbum reads the track data from a CD, queries freedb.org for a matching record, and writes a corresponding album file to standard output. I usually hand-edit the resulting album files to correct mistakes or to suit my aesthetic and organizational preferences.

The second step is to rip the CD to FLAC files and tag them based on the information in the album file. The script ripalbum does this. It keeps the files separate by using a two-level directory hierarchy (artist name, album name).

The third step is to trancode the FLAC files to Ogg Vorbis. The script flac2ogg recursively walks the FLAC directory tree and creates Ogg Vorbis files in a separate Ogg directory. The script is smart enough to skip files that have already been converted.

The final step is to copy the converted Ogg Vorbis files to the iPod. Because the iPod runs Rockbox, it’s a simple matter of using rsync to copy a directory on the laptop to a directory on the iPod. The script syncipod does this, after first running flac2ogg (thus eliminating the need for the separate transcoding step described in the previous paragraph).

While this might seem like an awful amount of work, it’s actually quite fast. The lengthiest part of the process is hand-editing the album files; once that’s done, the scripts can run unattended.

Another advantage of the scripts is that some of them take an optional parameter that tells them to pause when the CPU temperature exceeds a certain level. This prevents my flaky ThinkPad T40 from crashing when it gets too hot (which it can do during the very CPU-intensive transcoding process).

Both PCLinuxOS 2006 and Mepis 6.5 come with a wonderful media player called Kaffeine. I especially like being able to customize the toolbars. I’ve added buttons to go backwards and forwards by 20 seconds, which is great for those times when you miss some important bit of dialog.

But Kaffeine, as shipped with these two older versions of Linux, has a serious problem when viewing DVDs: the sound is not synchronized with the video, and appears to be off by as much as a quarter of a second. There is a control for adjusting the sync, but it’s difficult to get just right and it requires fiddling with each new DVD.

After the usual poking about with Google, I discovered that the problem is due to a bug in the underlying video engine, Xine, and in particular, a library called libxine. The bug was present in version 1.14 of the library as shipped with these two distros, and fixed in version 1.16. So the solution was to download the source for the library and build it myself.

I found the source for libxine on the xine download page. The file I downloaded, xine-lib-1.1.4.tar.bz2, is no longer available, but I would guess that later versions would also work. The numbering scheme is confusing; version 1.1.4 of the source is used to build version 1.16 of the binary library.

Once I had the source code, I unpacked it and built and installed the library using the following commands:

tar xvfj xine-lib-1.1.4.tar.bz2
cd xine-lib-1.1.4
./configure --prefix=/usr
make
make install # run this as root

After that, the audio sync problem was gone.

On both of these systems, I had to install some X11 development packages (header files and libraries) before libxine would build.  I have forgotten exactly which packages these were, but clues can be gotten by looking at the compiler error messages, and seeing which header files are missing.  I installed these extra packages from synaptic, the standard package management program on both systems.