Bash Prompt

I think a person’s command-line prompt says a lot about them.  Some people have big fancy prompts with tidbits of data; some people have simple black & white prompts.  Some people like fancy or frivolous things like smiley and frowny faces based on the error status of the last command; some people are strictly utilitarian.  I mostly fall into the last category – I like some color with my prompts when possible, but otherwise I only want to see my name, server, cwd, and VCS branch (if any).
Continue reading

Adventures in WiFi

Apple and hostapd

The problem

I set up my fileserver to be a router and wireless gateway using hostapd and dnsmasq, after I got fed up with Verizon’s crappy Actiontec router.  Works great, except for Apple products.  Neither Megh’s Mac nor my iPad would connect.

The various Linux boxes, Android devices, Nintendo Wii, and HP printer connected to it without a problem, so I held out hope that this was a solvable configuration problem and not some fundamental hardware incompatibility.  I’ve been running both routers for weeks while I tried to figure this out.

My iPad has been prompting for a username and password to log into wifi, even though I’m only using WPA Personal.  Megh’s Mac refused to connect at all.

Logging hasn’t been much help, as it fills with messages like this, over and over:

Oct  3 21:30:02 dandelion hostapd: wlp3s6: STA 01:02:03:04:05:06 IEEE 802.11: authentication OK (open system)
Oct  3 21:30:02 dandelion hostapd: wlp3s6: STA 01:02:03:04:05:06 IEEE 802.11: authenticated
Oct  3 21:30:02 dandelion hostapd: wlp3s6: STA 01:02:03:04:05:06 IEEE 802.11: association OK (aid 2)
Oct  3 21:30:02 dandelion hostapd: wlp3s6: STA 01:02:03:04:05:06 IEEE 802.11: associated (aid 2)
Oct  3 21:30:11 dandelion hostapd: wlp3s6: STA 01:02:03:04:05:06 IEEE 802.11: deauthenticated due to local deauth request

Not much indication of what’s wrong there.

The Server

Wireless is provided by an Ralink RT61-based card.  I’ve used the same hardware to set up wireless networks before, because I know this chipset can enable master mode.  Not all wireless chipsets can.  This is the first where I know Apple hardware is in use, though.

Googling gave me some ideas, but nothing that I found solved the problem.  Various posts pointed fingers at hostapd’s integrated EAP server, AES, the wireless hardware itself (oh noes!), and more.

I started with a basic hostapd config file, no encryption, to rule out hardware issues.

/etc/hostapd/hostapd.conf

driver=nl80211
logger_syslog=1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=My crappy wifi name
country_code=US
hw_mode=g
channel=1
macaddr_acl=0
deny_mac_file=/etc/hostapd/hostapd.deny
auth_algs=3
wmm_enabled=0
ap_max_inactivity=600
ieee8021x=0
eap_server=1
own_ip_addr=127.0.0.1

/etc/conf.d/modules

Apparently, the hardware crypto can be a little flaky with rt61 cards so it’s safer to load it as a module (instead of compiling it into the kernel, so you can unload/reload it) and disabling hardware crypto at run time.

modules="rt61pci"
module_rt61pci_args="nohwcrypt=1"

Like that, everything connected.  Hallelujah.

Now came the fun (if tedious is fun) process of enabling and modifying options until we get an encrypted signal that everything can connect to.  The linux-based devices, bless their little electronic souls, seem to be very tolerant about network settings and kept reconnecting no matter what the encryption config was.

Here’s my final configuration:

interface=wlp3s6
driver=nl80211
logger_syslog=1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=My crappy wifi name
country_code=US
hw_mode=g
channel=1
macaddr_acl=0
deny_mac_file=/etc/hostapd/hostapd.deny
auth_algs=3
wmm_enabled=0
ap_max_inactivity=600
ieee8021x=0
eap_server=1
own_ip_addr=127.0.0.1
wpa=2
wpa_passphrase=My crappy wifi password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP

Notes:

  • wpa_key_mgmt=WPA-PSK WPA-EAP does NOT work with Apple devices, though it does work in general
  • wpa_pairwise=TKIP DOES seem to work, but AES probably provides safer encryption

GCC Tuning

File this under “things that should be obvious but I just found out about”.  GCC will tell give you optimal flags for your processor.  To wit:

echo "" | gcc -march=native -v -E - 2>&1 | grep cc1

Stick the results into your make file or command-line call to GCC and your executable should be as optimized for your processor as GCC can make it.

You could, of course, always use --march=native  and forget all that but that doesn’t work so well if you’re cross-compiling.

Transferring Large Files

Linux has an impressive tool set, if you know how to use it.  The  philosophy of using simple tools that do one job (but do it well) with the ability to chain commands together using pipes creates a powerful system.

Everyone has to transfer large files across the network on occasion.  scp is an easy choice most of the time, but if you’re working with small or old machines the CPU will be a bottleneck due to encryption.

There are several alternatives to scp, if you don’t need encryption.  These aren’t safe on the open internet but should be acceptable on private networks.  TFTP and rsync come to mind, but they have their limitations.

  • tftp is generally limited to 4 gig files
  • rsync either requires setting up an rsync service, or piping through ssh

My new personal favorite is netcat-as-a-server.  It’s a little more complicated to set up than scp or ftp but wins for overall simplicity and speed of transfer.

netcat doesn’t provide much output, so we’ll put it together with pv (pipeviewer) to tattle on bytes read and written.

First, on the sending machine (the machine with the file), we’ll set up netcat to listen on port 4200, and pv will give us progress updates:
pv -pet really.big.file | nc -q 1 -l -p 4200

  • pv -p prints a progress bar, -e displays ETA, -t enables the elapsed time
  • nc -q 1 quits 1 second after EOF, -l 4200 listens on port 4200

Without the -q switch, the sender will have to be killed with control-c or similar.

On the receiver (the machine that wants the file) netcat will read all bytes until the sender disconnects:
nc file.server.net 4200 | pv -b > really.big.file

  • nc will stream all bytes from file.server.net, port 4200
  • -b turns on the byte counter

Once the file is done transferring, both sides will shut down.

Dovecot woes

So after an upgrade, Dovecot failed to start:

Error: socket() failed: Address family not supported by protocol
Error: service(imap-login): listen(::, 143) failed: Address family not supported by protocol
Error: socket() failed: Address family not supported by protocol
Error: service(imap-login): listen(::, 993) failed: Address family not supported by protocol
Fatal: Failed to start listeners
* start-stop-daemon: failed to start `/usr/sbin/dovecot'
* ERROR: dovecot failed to start

How irritating.

A google search wasn’t particularly conclusive, but “listen(::, 143) Address family not supported by protocol” gave me some idea that it might be complaining about IPv6 support.  I removed support some time ago from the kernel and libraries.  (I don’t have a problem with IPv6 per se, but why have it when my ISP doesn’t support it?)  I’ve had Dovecot running well for ages without it, so what changed?

I found the culprit in /etc/dovecot/dovecot.conf:

# A comma separated list of IPs or hosts where to listen in for connections. 
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf.
#listen = *, ::

So the default configuration now enables IPv6. At least the fix is easy:

listen = *

Nerd Poetry

< > ! * ' ' #
^ " ` $ $ -
! * = @ $ _
% * < > ~ # 4
& [ ] . . /
| { , , SYSTEM HALTED

Translation:

Waka waka bang splat tick tick hash,
Caret quote back-tick dollar dollar dash,
Bang splat equal at dollar under-score,
Percent splat waka waka tilde number four,
Ampersand bracket bracket dot dot slash,
Vertical-bar curly-bracket comma comma CRASH.

Vim and tabs

At work, we use vim for our editing needs – which, as programmers, means we spend our day in vim.

We have a lot of mixed-format code – sometimes it has tabs, sometimes it has spaces.  Personally, I prefer spaces for my indenting, but I’m a convert to the church of make-your-code-match-the-existing-code.  As opposed to reformatting the existing code, which is soooo irresistible until you’re faced with a mountain.

So, I have to switch back and forth a lot.  Here, for the sake of posterity, is how to switch from spaces to tabs on-the-fly in vim:

:set noexpandtab
:set copyindent
:set preserveindent
:set softtabstop=0
:set shiftwidth=4
:set tabstop=4

Working with hidden files and directories

I had a problem.  My home directory is huge – 9 gigs – but I don’t know what’s taking up all that room. My porn stash is on another partition where my wife doesn’t know to look, so something is taking up a lot of room and I want to know what and why.

Oh yeah, I know how to check the size of a directory – use du ('du -sh .') for the usage of current directory (including all sub directories).  And, to see the size for every individual directory in the current directory, 'du -sh *'.  Easy peasy.

But that didn’t tell me what I needed to know, since the total size of all visible directories was less than a quarter of the used space.  That’s where hidden directories come into play.

Now, in the unix world, there isn’t a special file permission to hide a file or directory.  You just name it with a leading dot, like '.my_hidden_stuff', and most utilities won’t display it.  There’s nothing intrinsically hidden about it, though.  You can view them easily enough, e.g. 'ls -a' will show everything, including the “hidden” stuff.

What if you want to see just the hidden stuff?  It’s not as simple as saying 'ls -a .*', since that includes '.' (the current directory) and '..' (the parent directory), too.  Some utilities, like du, will then combine arguments with a common root, which means you get the summary for the current directory, but none of the hidden files broken out.

Solution

In bash, at least, you can include simple regular expressions on the command line.  (Remember, in unix, your command line is pre-processed by the shell (bash, csh, tcsh, etc.) and the expanded items are given to the program. DOS/Windows, by contrast, the expansion and processing is the responsibility of the program and command.com (or cmd.exe) does little processing itself.

The regex for all dot files, minus ‘.’ and ‘..’, is '.[^.]*' (which basically says, “start with a dot, and the next character must exist but cannot be a dot, and then anything goes after that”).

So, my command to see how much space each of my hidden directories are using, is

du -shx .[^.]*

Five cents

I have ‘fortune’ run at login for all of my machines.  These are the fortunes I saw, one right after the other, while hopping from machine to another:

Our country has plenty of good five-cent cigars, but the trouble is they charge fifteen cents for them.

Then, when I connected to the next machine…

What this country needs is a good five cent ANYTHING!

My computers are getting better at coordination.  I had best keep them happy.