Archive for the ‘English’ Category

Nokia 6630 phone

Tuesday, May 15th, 2007

I have one-year-old Nokia 6630 phone.
I bought it because it has two essential capabilities : classic phone and GPRS modem Linux compatible.

For details, it works with Symbian OS v8.0 with classical apps : calendar, tasks, contacts. PC connectivity is USB, Bluetooth or MMC memory card. I tried only USB and synchronization doesn’t work out-of-the-box (no time to investiguate). SyncML seems buggy too. Camera gives good pictures but my only way to send them is SMTP, then I don’t use really camera for now.

Note that Open Source apps like Frozen Bubble or PuTTy work fine (yeah, I like SSH+screen+irssi everywhere).


reverse DNS query for LDAP server with nss_ldap

Saturday, February 3rd, 2007

With nss_ldap Debian unstable host, when I start a lot of softwares (XTerm, bash, top, xmms, etcetera), there is a reverse DNS query for LDAP server. I don’t know why there is this reverse DNS query !!
The problem is when this reverse DNS query fails and you use Avahi daemon : all this softwares start after 2 or 3 seconds. Example, if I start XTerm… I wait 3 seconds… Xterm window appears … I wait 3 seconds… bash prompt appears : WTF.
Workarounds could be :
– Add line for LDAP server in /etc/hosts
– Have reverse DNS entrie in DNS server
– Disable Avavhi daemon use in nsswitch.conf

NoBreakSPace in Vim with utf-8 encoding

Monday, December 25th, 2006

In Vim with iso-8859-1 encoding, when you press NBSP (NoBreakSPace) character (0xa0 in 8-bit ASCII), you see:

«| Es-tu là| ?| »

But with utf-8 encoding, you see by default a common space for NBSP.
Then, you can add theses lines in your vimrc to see it:

if &encoding == "utf-8"
set list lcs=nbsp:·

And you can see:

«·Es-tu là·?·»

PPTP VPN Gateway with Debian

Monday, December 18th, 2006

PPTP VPN gateway can avoid various constraints : single connection, delay for switching VPN between two hosts, etc.

Here is an easy solution :

– Install Debian with ppp and pptp-linux packages
RTFM and create /etc/ppp/options.pptp file :

lock noauth nobsdcomp nodeflate

And /etc/ppp/peers/my-tunnel file :

pty "pptp SERVER-IP --nolaunchpppd"
name LOGIN
remotename PPTP
file /etc/ppp/options.pptp
ipparam my-tunnel

where LOGIN is your PPTP login.

Put Microsoft CHAP parameters in /etc/ppp/chap-secrets file :


where PASSWORD is your PPTP password.

Then, PPTP connection is ready.
Add it in interfaces file :

auto mobile
iface mobile inet ppp
provider my-tunnel
up sleep 10 && route add -net 192.168.x.0/24 dev ppp0
up route add -net 192.168.y.0/24 dev ppp0
up /etc/init.d/firewall start

In this example, 192.168.x.0/24 and 192.168.y.0/24 are in VPN network.

And /etc/init.d/firewall file is easy IPTables script :


# just route it !
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/tcp_ecn
iptables -t nat -D POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# MTU in tunnel (only for Windows machines... strange)
iptables -D FORWARD -p tcp  --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -p tcp  --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu
(update : I use now "--set-mss 294" option after some problems with "--clamp-mss-to-pmtu")
iptables -L --line-numbers
iptables -L -t nat --line-numbers

Then, to enable or disable your PPTP VPN Gateway :

# ifup mobile
# ifdown mobile

My Acer Aspire laptop : RIP

Wednesday, December 6th, 2006

Today is a sad day. My famous Acer laptop is definitly dead. Hardware crash takes it suddenly while a classical compilation.

Acer Aspire

According to SMART informations, my laptop was up during about 11.000 hours, then more 458 days (not too bad for three-old-years laptop). It boots about 1.900 times. The only system on it was Debian Linux.


SiRF protocol specification

Saturday, November 18th, 2006

SiRF protocol is designed by SiRF for GPS material.
I don’t find a really clear specification, then I write it !

Format of SiRF packet :

* begin ** length ** payload ** checksum ** end *

begin (2 bytes) = 0xa0a2
length (2 bytes) = number of bytes in payload
checksum (2 bytes) = XOR of bytes in payload AND 0x7fff
end (2 bytes) = 0xb0b3

Example of SIRF message dump :
a0a2 0009 000000010203040506 0007 b0b3

‘df’ command VS ‘du’ command

Saturday, October 28th, 2006

On a mail server, I had a strange problem on ext3 partition. When I saw output of ‘df’ command, partition was Use% at 95% (size of 8 Go) but only 2 Go if I use ‘du’ command. And I have only 15.000 files on this partition according “find | wc -l” hack (then no block-size problem). Solution is in Linux ext3 FAQ :

The standard cause for this is some user process keeping a deleted file open. When this happens, the space is not visible via ‘du’, since the file is no longer visible in the directory tree. However, the space is still used by the file until it is deallocated, and that can only happen once the last process which has the file open either closes its file descriptor to the file, or the process exits. You can use the lsof program to try to find which process is keeping an open file. Usually it’s some log file, or some large data base file which gets rotated out, but some older process are still keeping the log file open.

Then I discovered ghost files with :

# lsof | grep “(deleted)”

In my case, an amavis daemon didn’t close an old and big log file.
I closed this process and now ‘df’ command say me Use% at 20%.

Then ‘df’ command win ;-)
End of alert.

TCP window scaling in kernel 2.6.17

Monday, July 17th, 2006

I had a strange problem: TCP freeze after HTTP GET with particular web sites (but no problem for HTTP HEAD for example) when I use machines with 2.6.17 Linux (Debian) kernel. I find why. Use of TCP window scaling changes in 2.6.17 and some broken routers don’t like this. Here is interesting discussion about use of TCP window scaling.

For my problem, fast (and bad) work around is:

echo 0 > /proc/sys/net/ipv4/tcp_default_win_scale

or even:

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

OTP on Debian system

Saturday, May 20th, 2006

When you are not in your secure hacklab, and you login on your Debian systems (laptop, remote server), it’s not secure to enter your very private password (“please, could you see ceiling” is not a secure way).

Then you could use OTP (One Time Password) way.
On Debian system, do this :

# (apt-get|aptitude) install opie-server

Add in your PAM info. For example, in pam.d/ssh (or pam.d/common-auth for all your pam.d/foo), modify to have :

auth sufficient
auth sufficient
auth required

Your systeam is now ready for OTP.

To use it, log you and :

$ opiepasswd -f -c
(You must choose a secret pass phrase to generate your OTP)

Generate 10 passwords for example :

$ opiekey -n 10 497 ab1234
(Enter your secret pass phrase)

In this example, 497 is your current seq number and ab1234 is your seed. You could known them with opieinfo command (only if /etc/opiekeys is chmod 644).

Print your 10 passwords (with your printer or you hand if you are paranoiac) and you could use them. For example, OTP login :

homer login : jdoe
Password : [enter]
otp-md5 497 ab1234 ext, Response : [enter your OTP number 497][enter]
Welcome !!

Realtek network cards with VIA chipset !

Saturday, March 18th, 2006

At work, we have cheap network cards for tests.
From the last command, cards are announced to be classic Realtek RTL8139D chip.

Strange realtek card

But when I put in Linux 2.(4|6) systems, I discover curious lspci message :

Ethernet controller: VIA Technologies, Inc. VT6105 [Rhine-III] (rev 86)
Subsystem: VIA Technologies, Inc.: Unknown device 0105

And with pci-id 1106:3106 (rev 86), I found on PCI IDs database the reference :

3106  VT6105 [Rhine-III]
1186 1403  DFE-530TX rev C

On Linux, this chipset seems to be a VIA Rhine chipset and it works fine with via-rhine Linux driver. On Windows XP, card is recognized as Realtek card and works with Realtek driver. On OpenBSD, card works with vr driver…

MAC address confirms me that is Realtek card :
Then I have VIA chipsets marked as Realtek Chipsets !
Perhaps a factory error…