Posts tagged: linux

How to get postfix to deliver root’s mail locally when using a smarthost

By , 2015-12-09 10:40

When setting up Postfix on Ubuntu/Debian as “Internet Site with smarthost” to use an external smtp relay, automatic e-mails intended for “root” (such as cron job error reports) get sent out to the smarthost with a To: address of This can cause a problem as the smarthost doesn’t know where to deliver these messages to, since has no MX record.

The fix for this is (go figure) in the Postfix README:

Delivering some but not all accounts locally

A drawback of sending mail as “” (instead of “”) is that mail for “root” and other system accounts is also sent to the central mailhost. In order to deliver such accounts locally, you can set up virtual aliases as follows:

1 /etc/postfix/
2     virtual_alias_maps = hash:/etc/postfix/virtual
4 /etc/postfix/virtual:
5     root     root@localhost
6     . . .


Execute the command “postmap /etc/postfix/virtual” after editing the file.

Oddly, just adding the line

root: root@localhost

to /etc/aliases doesn’t work. You really need to do the steps outlined in the manual.

Atheros AR5005/5212, WPA encryption

By , 2012-11-07 22:08

I have a few old reliable AR5005G (5212, PCI 168c:0013) cards, both MiniPCI and Cardbus from the heyday of Wireless-G back in the early ’00s. Back then, Atheros 500x series cards were THE cards to have if you wanted to have some fun with aircrack, or if you just wanted your WiFi to actually WORK, especially under Linux. The madwifi (aka ath_pci) drivers were probably the most stable wireless drivers at the time. Even on Windows, you could use 3rd party drivers to put the cards in monitor mode and capture packets.

Times have changed and madwifi has been superseded by ath5k (and indirectly ath9k).

For some reason I decided to install Ubuntu 12.04 on an old Fujitsu Lifebook (Pentium III 600MHz, upgraded 512MB RAM, ATI Mobility Radeon M4) without built-in wireless, using a Netgear WPN511 Cardbus adapter. I expected everything to work as it did in the old days, but for some reason the WiFi wouldn’t stay connected.

It seems the hardware encryption capabilites on the card don’t quite support WPA2/CCMP-AES, even though the ath5k driver says it does. So the solution is to disable hardware encryption support:

echo "options ath5k nohwcrypt=1" | sudo tee /etc/modprobe.d/ath5k.conf

Then reboot, or reload the ath5k module (modprobe -rv ath5k, modprobe -v ath5k).

Now I can enjoy my surprisingly not-extremely-slow 10-year old laptop wirelessly.


Useful apt commands

By , 2012-10-29 14:46

apt-cache search [searchterm]

search local apt-cache for a package  containing [searchterm]

apt-file list [packagename]

lists all files associated with [packagename], even if the package is not installed

apt-file search [/path/to/file]

search for the package that “owns” [/path/to/file]

apt-cache madison [packagename]

displays all available versions of [packagename]

apt-get install [packagename]=[version]

force apt to install a specific version of a package

Farewell, Desktop Metaphor

By , 2012-03-04 16:20

We’re living the end of an era. I’m sad to say that as tech journalists have been proclaiming for a little while now, it seems “the desktop is dead” or at least on its last legs. (I would have liked to provide some data to support that but unfortunately big G has killed off their search timeline feature as of a few months ago.)

The original Macintosh Desktop

Now, when I say desktop, I don’t mean the desktop PC. I mean the traditional personal computer desktop metaphor introduced on the original Macintosh in 1984 (- yes, I know Xerox was first). Since then, most personal computers have used some variation of a desktop as their primary UI. Windows, icons, folders, documents, trash/recycle bins have become familiar and nearly universal. The desktop metaphor also includes some important elements that were not really part of a traditional physical desktop, such as menu, status and task bars.

Why do I concur that the desktop is dying? Well, there are a few reasons.

Mobile device sales

Smartphones and tablet sales surpassed PC sales this past year. In Q4 of 2011, vendors shipped just over 100 million smartphones, while PC sales were numbered at 92.1 million. It’s not a huge relative difference, but the trend shows no sign of stopping for now since many consumers are still using feature phones but already own a PC. Tablets are also poised to take a bite out of PC sales, especially with ever-faster processors and slimmer packages. New releases of tablet OS in 2011 should also contribute, with Apple iOS 5 no longer requiring activation using iTunes on a traditional PC and Android 4 (“Ice Cream Sandwich”) replacing the rather underwhelming Android 3 “Honeycomb”.

Web apps

Web Apps running in Firefox

There’s no denying that the Web has come a long way from its beginnings on Tim Berners-Lee‘s NeXT cube at CERN. Web sites have evolved from being essentially online news or encyclopedia articles to being hubs for dynamic multimedia content and information sharing. Take a look at your taskbar/dock/other app switcher (if you’re viewing this from a desktop!). There’s a very good chance a Web browser is running. Even if there isn’t one running, chances are you have already used the Web more than once today. More and more of our daily computing activities are performed using a Web-based tool. Sharing. Word processing. Blogging. Watching videos. Listening to music. Instant messaging. Photo editing. E-mail. CLI shell access. Hell, why not any GTK application. True, there are some things that can only be done using a desktop application. Like OS virtualization. Oh, wait – never mind.  There are probably quite a few computer users who never open a desktop app at all. Even as a network admin, most of my work is done using Web-based administration tools.

Single-purpose, full-screen apps

The new Metro UI in Windows 8

With the new breed of smartphones and tablets that started with the iPhone, single-purpose, full-screen apps have become mainstream. Game consoles and PCs had full-screen apps before, but now, more than ever, “there’s an app for that”. With limited screen real estate, these apps are supposed to be fast, intuitive and immersive. Desktop PCs have hopped on the bandwagon too. During the netbook era, “mainstream” Linux distro Ubuntu launchedUbuntu Netbook Remix“, a special version of their OS optimized for small (typically 1024×640) netbook screens featuring large buttons, automatically maximized apps and minimal user distractions. Ubuntu’s new interface, Unity, is based on UNR. Following the immense popularity of their iOS mobile devices, and the successful launch of the iPad, Apple released Mac OS X Lion with support for full-screen apps and many other features and UI elements pulled from iOS. Over in Redmond, Microsoft is bringing their “Metro” interface from Windows Phone 7 and XBOX 360 to the Windows desktop.

The future

It could be argued that some of these new interfaces are an evolution of the desktop metaphor. I would agree, however, the traditional desktop seems to have its days numbered. The future seems to be a future of full-screen apps, custom web/HTML-driven interfaces and maybe widgets. Windows 8 still has what they call a traditional desktop, however the Start button has been unceremoniously killed off. The next version of Apple’s OS is not Mac OS X Mountain Lion, but simply OS X Mountain Lion, a clear sign that the Macintosh and its once-revolutionary desktop is now a part of the past.

For my part, I feel saddened and almost homeless with the prospect that my beloved desktop belongs to the confines of history. True, I could just continue using Gnome 2, or Mac OS X 10.6, or Windows 7, but that means missing out on the latest and greatest. I don’t like where this is going. Change is not always good. I must be getting old.

On a more optimistic note, I know that there are teams of brilliant designers, engineers and programmers also living through this change. And I know I’m not the only person to feel less than satisfied with current desktop environments. Nothing to do but wait to see what the future brings! (Or become a programming pro and write a new Linux DE from scratch/help out with MATE or Cinnamon.)

How to remove restrictions/password from a PDF

By , 2011-12-24 19:04

Adobe Acrobat PDF documents have a nice feature which allows content authors to restrict certain features or “encrypt” the document using a password. These can all be easily bypassed using the open-source Ghostscript:

gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=unencrypted.pdf -c .setpdfwrite -f encrypted.pdf

Source :

Why I use Debian and Ubuntu (Apt)

By , 2011-12-21 10:35

OK, rant time.

Way back in the day (I mean 2001 or so), I used to use rpm-based distros. Red Hat, Mandriva – or rather Mandrake- and they worked fine. As long as you didn’t have to install any packages. To be fair, this was in the early days of package managers and the like, and I was a novice Linux user at the time. Mandrake had put in a good effort with urpmi, but I still had to visit sites like and very often to find this or that package.

Then, in 2004/2005, I discovered Ubuntu. (The OS, not the philosophy. Ha ha.) It was a world of difference. Need a program? apt-get install program would automagically fetch and install it for you. Don’t know the name of the package, or exactly what you’re looking for? apt-cache search can help. If that package you want installed has dependencies, and those have dependencies? No problem, everything gets pulled in and the proposed changes are listed for you. The other advantage was that seemingly any program I could possibly want was available in a Debian/Ubuntu repo.

Fast forward to today. I’ve pretty much been using Debian based distros since then, although I have tried Arch and Slax, and possibly many others that I can’t remember right now. All my servers run either Debian or Ubuntu Server, and my Linux PCs are Ubuntu or Arch. Package management has become so easy that I rarely ever have to worry about it, unless I’m trying to make some major changes outside of repo packages.

Recently, however, I’ve started using some RPM distros again, to see how things have been on that side of the fence. It’s been mostly CentOS and a few CentOS/PBX distros (Elastix, Trixbox, pbxinaflash…). I have to say though, I can’t believe the state of the package management system. CentOS has got yum, which seems to be good in principle, but somehow I’ve seen it massively fail in ways that Apt never has for me. The first issue is not really to do with the package manager, but more the repositories.

For example, we had a service on a server at work that absolutely required “Arial”. In Ubuntu or Debian, all you have to do is enable the non-free repo, or an Arch, use one of the excellent AUR frontends such as yaourt. Then install msttcorefonts (Debian) or ttf-ms-fonts (Arch). The package manager will fetch the MS fonts package and its dependency, cabextract. It then downloads each of the fonts’ self-extracting EXEs from sourceforge, cabextracts them, then installs them to the appropriate fonts directory. Now, on the CentOS 5 server, no such luck.

$ yum install msttcorefonts
Loaded plugins: downloadonly, fastestmirror
Loading mirror speeds from cached hostfile
 * base:
 * extras:
 * updates:
Excluding Packages from CentOS-5 - Addons
Excluding Packages from CentOS-5 - Base
Excluding Packages from CentOS-5 - Extras
Excluding Packages from CentOS-5 - Updates
Setting up Install Process
No package msttcorefonts available.
Nothing to do

Awesome. Time to break out the manual package manager, AKA Google. Which brings me to the corefonts sourceforge project homepage, fortunately with clear instructions on how to install on an rpm-based system.

  1. Make sure you have the following rpm-packages installed from from your favourite distribution. Any version should do.
    • rpm-build
    • wget
    • A package that provides the ttmkfdir utility. For example
      • For Fedora Core and Red Hat Enterprise Linux 4, ttmkfdir
      • For old redhat releases, XFree86-font-utils
      • For mandrake-8.2, freetype-tools
  2. Install the cabextract utility. For users of Fedora Core it is available from extras. Others may want to compile it themselves from source, or download the source rpm from fedora extras and rebuild.
  3. Download the latest msttcorefonts spec file from here
  4. If you haven’t done so already, set up an rpm build environment in your home directory. You can to this by adding the line %_topdir %(echo $HOME)/rpmbuild to your $HOME/.rpmmacros and create the directories $HOME/rpmbuild/BUILD and $HOME/rpmbuild/RPMS/noarch
  5. Build the binary rpm with this command:
    $ rpmbuild -bb msttcorefonts-2.0-1.spec

    This will download the fonts from a Sourcforge mirror (about 8 megs) and repackage them so that they can be easily installed.

  6. Install the newly built rpm using the following command (you will need to be root):
    # rpm -ivh $HOME/rpmbuild/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm

Sounds like fun. Let’s try and see if we’re lucky.

yum install wget rpm-build cabextract

Cool! rpm-build was installed! but wait, how about wget and cabextract? It didn’t mention those!

wget is probably installed, but let’s try anyway:

$ wget
wget: missing URL
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.

OK, how about cabextract?

$ cabextract
sh: cabextract: command not found

Well then, that’s wonderful. Thanks for mentioning that you didn’t install cabextract, yum.

Fortunately the good people at corefonts provided a link to the download for cabextract, and fortunately, my server is i386 (I know it doesn’t seem like it from the screenshot), so I can use the pre-built RPM. (For those who need it, the x86_64 package) Now to the final step.

$ wget -O - | rpm -bb msttcorefonts-2.0-1.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.77304
+ umask 022+ cd /usr/src/redhat/BUILD

[… a hundred or so lines…]

Wrote: /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.22861
+ umask 022
+ cd /usr/src/redhat/BUILD
+ '[' /var/tmp/msttcorefonts-root '!=' / ']'
+ rm -rf /var/tmp/msttcorefonts-root
+ exit 0

Phew, that’s a lot of output. Well exit 0, that’s good. Aaand “Wrote: /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm”. cool!

And finally:

$ rpm -ivh /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:msttcorefonts          ########################################### [100%]

(Another thing that bugs me – no success message! After all that, not even a Yay! Package installed!? I’m disappointed, rpm.)

For illustrative purposes, Debian:

# apt-get install msttcorefonts
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  cabextract ttf-liberation ttf-mscorefonts-installer
The following NEW packages will be installed:
  cabextract msttcorefonts ttf-liberation ttf-mscorefonts-installer
0 upgraded, 4 newly installed, 0 to remove and 4 not upgraded.
Need to get 1103kB of archives.
After this operation, 2109kB of additional disk space will be used.
Do you want to continue [Y/n]? Y


All fonts downloaded and installed.
Updating fontconfig cache for /usr/share/fonts/truetype/msttcorefonts
Setting up msttcorefonts (2.7) ...
Setting up ttf-liberation (1.04.93-1) ...
Updating fontconfig cache for /usr/share/fonts/truetype/ttf-liberation

Wasn’t that easier? Also, a nice plain English message saying what was done: “All fonts downloaded and installed.” Take notes, rpm.

For completeness’ sake, Arch:

$ yaourt -S ttf-ms-fonts

==> Downloading ttf-ms-fonts PKGBUILD from AUR...
x ttf-ms-fonts.install


==> ttf-ms-fonts dependencies:
 - fontconfig (already installed)
 - xorg-fonts-encodings (already installed)
 - xorg-font-utils (already installed)
 - cabextract (package found)


Targets (1): ttf-ms-fonts-2.0-8

Total Download Size:    0.00 MB
Total Installed Size:   5.49 MB

Proceed with installation? [Y/n]
(1/1) checking package integrity                                         [########################################] 100%
(1/1) checking for file conflicts                                        [########################################] 100%
(1/1) installing ttf-ms-fonts                                            [########################################] 100%
Updating font cache... done.

A bit more user interaction, but that’s the point of Arch.

So, to summarize:

Arch/Debian package management > rpm package management (CentOS).

And that’s the end of my rant for today.

Quick and dirty bash script to apt-get update all OpenVZ containers

By , 2011-11-30 22:29

It’s a bit of a pain having to run upgrades on all servers. I could of course, set up unattended upgrades, but I always liked initiating the upgrade process myself. So I wrote a little bash script that will initiate apt-get update and apt-get upgrade on all running OpenVZ containers.

Note that this only works for Debian-based distros. So Debian, *buntu, Linux Mint and the like.

It’s very rough, no error-handling or safeguards, so use at your own risk. Works for me, but YMMV.

#Delete temp file
rm /tmp/
#Get running VZ
CTIDS=$(vzlist | awk '{print $1}' | sed -e '/CTID/d' -e ':a;N;$!ba;s/\n/ /g' )
# Echo list of running IDs
echo "$CTIDS"
for x in ${CTIDarray[@]}
    echo "#/bin/bash" > /tmp/
    chmod +x /tmp/
    echo vzctl exec $x "apt-get update &&;  apt-get -y upgrade" >> /tmp/
    screen -d -m /tmp/
#Delete temp file
rm /tmp/
#Show running screens
screen -x

First, we rm the /tmp/ Starting off with very bad form, I know, feeling lazy right now. Then I use awk and sed to get the IDs of running containers from the output of the vzlist command, and place them on a single line, separated by spaces. Those IDs are than put in an array, so that the update command can be called using a for loop.

For some reason, I couldn’t get screen to launch the

vzctl exec $x "apt-get update &&  apt-get -y upgrade"

command directly, hence the hideous use of a temp file. If anyone can fix/improve this, I would be glad to hear from you!

Quick bash script to restore all OpenVZ dumps

By , 2011-10-05 22:57

This script will read the container ID from the file name, and use it to restore the tgz dump to the same ID on the new OpenVZ/Proxmox server.

Note that this only works if the default name for the vzdumps is kept, and it only works for the next 89 years, because I’m lazy.

Thanks to and

for f in $VZDUMPS
        echo "Restoring $f to $VEID"
        vzrestore $f $VEID

Redirecting a port to another host on same LAN using iptables

By , 2010-11-27 22:53

I have a strange situation where I want to redirect a specific port on one host to another host. That is, traffic to =>

Found the answer on LQ forums.

iptables -A PREROUTING -t nat -p tcp -d --dport 8080 -j DNAT --to-destination
iptables -A POSTROUTING -t nat -p tcp -d --dport 8080 -j SNAT --to-source

Don’t ask me why this works. It just does. Well, the first line makes sense, but I have no idea what the second is doing.

After looking at the rule in Webmin, I think I figured it out.

  1. When a packet arrives at this computer, if protocol is TCP and destination is (local IP) and destination port is 8080 then Destination NAT (change destination IP) to
  2. When a packet leaves this computer, if protocol is TCP and destination is and destination port is 8080 (as would be the case for any packet modified by the above rule), then Source NAT (change source IP) to (This ensures that the remote host .101 returns any packets via this computer, .100, rather than simply attempting to send them to the original requesting host.)

Update: This even works on an OpenVZ container! Just need to enable iptables nat in the vz config on the hardware node (VM host) [source].

nano /etc/vz/vz.conf

Then do Control W and SEARCH for IPTABLES

Comment out (by adding a # symbol to the line ) the current IPTABLES= line

and then copy/paste and add this line directly underneath the line you just commented out.

IPTABLES="ipt_REJECT ipt_recent ipt_owner ipt_REDIRECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

It is important to make sure this is all in 1 line and that it does not wrap.

Now Control-S and save – overwriting the current file.

Finally do an /etc/init.d/vz restart
to restart openVZ.

Triple-Booting Macbook Pro

By , 2009-10-05 13:01

It’s been a week now and I still have had no success installing all 3 major OSes on my MBP. OSX+Windows works fine (via Bootcamp), OSX+Ubuntu 9.10 also (9.04 hangs on boot).

This, however looks promising:

Custom theme by me. Based on Panorama by Themocracy