Suramya's Blog : Welcome to my crazy life…

March 6, 2023

Resolving Citrix error: “No active policy is found in Secondary authentication cascade” when connecting via Android client

Filed under: Computer Tips,Knowledgebase — Suramya @ 8:37 PM

I was try to connect to Citrix using an android device and after authentication, I got the following error message: “No active policy is found in Secondary authentication cascade. Please contact your administrator.”

I tried doing a search for the error message but none of the solutions were applicable in my case. I was accessing the log in page using Firefox mobile and on a hunch I switched the view to “Desktop Site” by clicking on the three dots on the top right corner of the browser (See screenshot below). Once I did that and resubmitted the page, things automatically started working without any errors.


Enable Desktop Site in Firefox

My guess is that the mobile view doesn’t allow the server to run secondary validation checks because of the limitations in the mobile view. Switching to Desktop mode removes the limitations so things start automagically working again.

– Suramya

January 21, 2023

Fixing AssertionError: Font Arial,Bold can not represent ‘E’ when using Borb to modify PDF Files

Filed under: Computer Software,Knowledgebase,Tech Related — Suramya @ 12:47 AM

I have a bunch of PDF files that I need to modify to remove text from them. Initially I was using LibreDraw but that was a manual task so I thought that I should script it/Automate it. Little did I know that programmatically editing PDF’s is not that simple. I tried a bunch of libraries such as PyPDF4, pikepdf etc but the only one which worked was borb which is a library by Joris Schellekens. They have a great collection of examples and using that I got my first script that searched and replaced text in the PDF working.

However, when I tried to run the script against my pdf file the script fails with the following error:

Traceback (most recent call last):
  File "/home/suramya/Temp/BorbReplace.py", line 26, in 
    main()
  File "/home/suramya/Temp/BorbReplace.py", line 18, in main
    doc = SimpleFindReplace.sub("Manual", "", doc)
  File "/usr/local/lib/python3.10/dist-packages/borb/toolkit/text/simple_find_replace.py", line 80, in sub
    page.apply_redact_annotations()
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/page/page.py", line 271, in apply_redact_annotations
    .read(io.BytesIO(self["Contents"]["DecodedBytes"]), [])
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/canvas/canvas_stream_processor.py", line 290, in read
    raise e
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/canvas/canvas_stream_processor.py", line 284, in read
    operator.invoke(self, operands, event_listeners)
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/canvas/redacted_canvas_stream_processor.py", line 271, in invoke
    self._write_chunk_of_text(
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/canvas/redacted_canvas_stream_processor.py", line 203, in _write_chunk_of_text
    )._write_text_bytes()
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/canvas/layout/text/chunk_of_text.py", line 145, in _write_text_bytes
    return self._write_text_bytes_in_hex()
  File "/usr/local/lib/python3.10/dist-packages/borb/pdf/canvas/layout/text/chunk_of_text.py", line 160, in _write_text_bytes_in_hex
    assert cid is not None, "Font %s can not represent '%s'" % (
AssertionError: Font Arial,Bold can not represent 'E'

Process finished with exit code 1

I tried a couple of different files and the font name changes but the error remains

The script I was using is: 

from borb.pdf import Document
from borb.pdf import PDF
from borb.toolkit import SimpleFindReplace

import typing

def main():

    # attempt to read a PDF
    doc: typing.Optional[Document] = None
    with open("/home/suramya/Downloads/t/MAA1.pdf", "rb") as pdf_file_handle:
        doc = PDF.loads(pdf_file_handle)

    # check whether we actually read a PDF
    assert doc is not None

    # find/replace
    doc = SimpleFindReplace.sub("PRIVATE", "XXXX", doc)

    # store
    with open("/home/suramya/Downloads/t/MAABLR_out.pdf", "wb") as pdf_file_handle:
        PDF.dumps(pdf_file_handle, doc)


if __name__ == "__main__":
    main()

I searched on the web and didn’t find any solutions so I reached out to the project owner and they responded with the following message “Not every font can represent every possible character in every language. you are trying to insert a piece of text that contains a character that Arial can not represent. Maybe some weird kind of “E” (since uppercase E should not be a problem).”. The problem was that I wasn’t trying to replace any strange characters, just a normal uppercase E.

To help trouble shoot, they asked me for a copy of the file. So I was masking the data in the PDF file to share it and the script suddenly started working. Turns out that there was an extra space after the word PRIVATE in the file and when I removed it things started working (even on the unmasked file). So it looks like the issue is caused when there is an encoding issue with the PDF file. Opening it in Libre Draw and exporting as a new PDF file seems to resolve the issue.

Now we are a step closer to the solution, I just need to figure out how to convert the file from the command line and I will be home free. Something to work on when I have had some sleep.

– Suramya

January 13, 2023

Fixing autopost to LinkedIn not working via Social Networks Auto-Poster

Filed under: Knowledgebase,Tech Related — Suramya @ 9:57 PM

A few days ago my authentication token that allowed Social Networks Auto-Poster to post my blog entries automatically expired (I can only authorize for a max of 2 months at a time). Usually the fix is quite simple, I just go to the account settings in the Plugin and then click on ‘Authorize Your LinkedIn Account (without Marketing API)’, after which I just have to authenticate using my LinkedIn password select Yes and then I am done. This time however, when I clicked on the Authorize connection button the system would redirect me to www.suramya.com/blog instead of the Plugin page which meant that the authentication process couldn’t complete. I spent a few hours trying to troubleshoot and for the life of me I couldn’t figure out the problem. I even tried installing another plugin but faced the same issue over there as well. In the end I decided to take a break and crash for the night as I was going nowhere.

Today I started looking at the problem again and was going to raise a support ticket with the plugin author to have them take a look at the issue and decided to check the FAQs just to ensure I didn’t miss anything obvious. The first entry in the FAQ talked about what to do if the plugin was redirecting to a “Blank Page” or an error page, according to the FAQ this could be caused by certain plugins and the fix was to disable the plugin, authorize and then re-enable them.

The last plugin I had installed was to Autopost my blog posts to Mastodon so I disabled the plugin and then tried authorizing the app again. To my utter delight the system immediately authorized the connection and I was able to make a test post successfully.

The moral of the story is that you should always check the documentation when something is not working rather than trying various things randomly.

Well this is all for now. Will post more later.

– Suramya

October 21, 2022

Disable Dark Theme in the Private Browsing mode in Firefox 106

Filed under: Computer Software,Computer Tips,Knowledgebase,Tech Related — Suramya @ 10:09 AM

A lot of people like Dark themes for their apps but I am not one of them. For me the Dark mode strains my eyes more so I usually disable it as soon as possible. In the latest Firefox update (v106), Firefox changed a bunch of defaults and one of the changes is that when you open a window in incognito mode it uses the Dark theme by default. As per the release notes this is a conscious decision:

We also added a modern look and feel with a new logo and updated it so Private Browsing mode now defaults to dark theme, making it easier to know when you are in Private Browsing mode.

The dark theme really annoys me so I started looking for ways to disable it. Unfortunately, it can’t be disabled without having to change my default Theme (which is to use the System Defaults) which I didn’t want to do and a quick internet search didn’t return any useful results. So I decided to check out the about:config section to see if there is a hidden setting and lo-behold it was there. A quick change disabled the theme for the Private browsing mode and things were back to normal.

The steps to disable the dark theme in incognito mode are as follows:

  • Type about:config in the address bar and press Enter.
  • A warning page may appear. Click Accept the Risk and Continue to go to the about:config page.
  • Search for “theme” in the Search preference name box at the top of the page and you will see an entry for “browser.theme.dark-private-windows”
  • Double click on “True” for the entry to change the value to false.
  • The entry should look like the following. Then you can close the tab and you are done.


To revert the change, just repeat the steps and set the value back to True.

– Suramya

July 9, 2022

Some lesser known Useful Linux commands

Filed under: Computer Tips,Knowledgebase,Linux/Unix Related,Tech Related — Suramya @ 7:15 AM

In this post I am sharing some useful Linux commands originally posted by Traw on Twitter. As it is almost impossible to find stuff on Twitter (even if you favorite it) I am consolidating the entire thread here as a blog post for my reference:

lsmem:

lsmem lists the ranges of available memory with their online status. The listed memory blocks correspond to the memory block representation in sysfs. The command also shows the memory block size, the device size, and the amount of memory in online and offline state. The output looks like:

suramya@StarKnight:~$ lsmem
RANGE                                  SIZE  STATE REMOVABLE  BLOCK
0x0000000000000000-0x00000000cfffffff  3.3G online       yes   0-25
0x0000000100000000-0x000000052fffffff 16.8G online       yes 32-165

Memory block size:       128M
Total online memory:      20G
Total offline memory:      0B

lsusb

lsusb lists all the USB buses in the system and the associated devices connected to them. A good way to figure out what USB devices are connected and what the vendor ID and the product ID associated with them. The output looks like:

suramya@StarKnight:~$ lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 032: ID 03f0:3b17 HP, Inc LaserJet M1005 MFP
Bus 005 Device 029: ID 8564:4000 Transcend Information, Inc. microSD/SD/CF UHS-II Card Reader [RDF8, RDF9]
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 002: ID 0b05:18f3 ASUSTek Computer, Inc. AURA LED Controller
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 005: ID 8087:0029 Intel Corp. AX200 Bluetooth
Bus 001 Device 004: ID 05e3:0610 Genesys Logic, Inc. Hub
Bus 001 Device 003: ID 413c:2113 Dell Computer Corp. KB216 Wired Keyboard
Bus 001 Device 002: ID 0951:16bc Kingston Technology HyperX Pulsefire FPS Gaming Mouse
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

lsb_release

The lsb_release command displays LSB (Linux Standard Base) information about your specific Linux distribution, including version number, release codename, and distributor ID. The output looks like:

suramya@StarKnight:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux bookworm/sid
Release:        testing/unstable
Codename:       n/a

lsfd

lsfd is a replacement for lsof and lists the file descriptors On Linux systems, it is tailored to the Linux kernel and supports Linux-specific features such as namespaces etc. The output looks like:

suramya@StarKnight:~$ lsfd |more
COMMAND            PID    USER  ASSOC MODE TYPE              SOURCE MNTID      INODE NAME
syncthing         1134 suramya    exe  ---  REG                sda5     0     265927 /usr/bin/syncthing
syncthing         1134 suramya    cwd  ---  DIR                sda5     0          2 /
syncthing         1134 suramya    rtd  ---  DIR                sda5     0          2 /
syncthing         1134 suramya cgroup  ---  REG                 0:4     0 4026531835 cgroup:[4026531835]
syncthing         1134 suramya    ipc  ---  REG                 0:4     0 4026531839 ipc:[4026531839]
syncthing         1134 suramya    mnt  ---  REG                 0:4     0 4026533012 mnt:[4026533012]
syncthing         1134 suramya    net  ---  REG                 0:4     0 4026531840 net:[4026531840]
syncthing         1134 suramya    pid  ---  REG                 0:4     0 4026531836 pid:[4026531836]
syncthing         1134 suramya  pid4c  ---  REG                 0:4     0 4026531836 pid:[4026531836]
syncthing         1134 suramya   time  ---  REG                 0:4     0 4026531834 time:[4026531834]
syncthing         1134 suramya time4c  ---  REG                 0:4     0 4026531834 time:[4026531834]
syncthing         1134 suramya   user  ---  REG                 0:4     0 4026531837 user:[4026531837]
syncthing         1134 suramya    uts  ---  REG                 0:4     0 4026531838 uts:[4026531838]
syncthing         1134 suramya    mem  r-x  REG                sda5     0     265927 /usr/bin/syncthing
syncthing         1134 suramya    mem  r--  REG                sda5     0     265927 /usr/bin/syncthing
syncthing         1134 suramya    mem  rw-  REG                sda5     0     265927 /usr/bin/syncthing

lsof

The command lsof stands for List Of Open Files. This command displays a list of files that have been opened. Essentially, it provides information to determine which files are opened by which process. The output looks like:

root@StarKnight:/tmp# lsof |more
COMMAND      PID    TID TASKCMD               USER   FD      TYPE             DEVICE    SIZE/OFF       NODE NAME
systemd        1                              root  cwd       DIR                8,5        4096          2 /
systemd        1                              root  rtd       DIR                8,5        4096          2 /
systemd        1                              root  txt       REG                8,5     1841792     277271 /usr/lib/systemd/systemd
systemd        1                              root  mem       REG                8,5      161864     280226 /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.33.0
systemd        1                              root  mem       REG                8,5     3081088     264360 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
systemd        1                              root  mem       REG                8,5       26984     273912 /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
systemd        1                              root  mem       REG                8,5      633512     270536 /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.0
systemd        1                              root  mem       REG                8,5     1321424     264366 /usr/lib/x86_64-linux-gnu/libm-2.33.so
systemd        1                              root  mem       REG                8,5      158400     279628 /usr/lib/x86_64-linux-gnu/liblzma.so.5.2.5
systemd        1                              root  mem       REG                8,5      751840     263041 /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.2
systemd        1                              root  mem       REG                8,5      137568     269425 /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.3
systemd        1                              root  mem       REG                8,5       35280     262500 /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
systemd        1                              root  mem       REG                8,5     1332480     262198 /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.1
systemd        1                              root  mem       REG                8,5       18768     264301 /usr/lib/x86_64-linux-gnu/libdl-2.33.so
systemd        1                              root  mem       REG                8,5      202680     264320 /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
systemd        1                              root  mem       REG                8,5       38864     267169 /usr/lib/x86_64-linux-gnu/libcap.so.2.44

lscpu

lscpu gathers CPU architecture information from sysfs, /proc/cpuinfo, and any architecture-specific libraries that are applicable (e.g. librtas on Powerpc). The command output can be optimized for parsing or human readability. This can include the number of CPU’s, threads, cores, etc. The output looks like:

suramya@StarKnight:~$ lscpu
Architecture:            x86_64
  CPU op-mode(s):        32-bit, 64-bit
  Address sizes:         43 bits physical, 48 bits virtual
  Byte Order:            Little Endian
CPU(s):                  16
  On-line CPU(s) list:   0-15
Vendor ID:               AuthenticAMD
  Model name:            AMD Ryzen 7 3800X 8-Core Processor
    CPU family:          23
    Model:               113
    Thread(s) per core:  2
    Core(s) per socket:  8
    Socket(s):           1
    Stepping:            0
    Frequency boost:     enabled
    CPU(s) scaling MHz:  52%
    CPU max MHz:         4558.8862
    CPU min MHz:         2200.0000
    BogoMIPS:            7786.11
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse
                         3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_p
                         state ssbd mba ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rdpru wbnoinvd arat npt lbr
                         v svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif v_spec_ctrl umip rdpid overflow_recov succor smca sme sev sev_es
Virtualization features: 
  Virtualization:        AMD-V
Caches (sum of all):     
  L1d:                   256 KiB (8 instances)
  L1i:                   256 KiB (8 instances)
  L2:                    4 MiB (8 instances)
  L3:                    32 MiB (2 instances)
NUMA:                    
  NUMA node(s):          1
  NUMA node0 CPU(s):     0-15
Vulnerabilities:         
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Spec store bypass:     Mitigation; Speculative Store Bypass disabled via prctl
  Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:            Mitigation; Retpolines, IBPB conditional, STIBP conditional, RSB filling
  Srbds:                 Not affected
  Tsx async abort:       Not affected

lslogins

lslogins displays information about known users in the system. It examines the wtmp and btmp logs, /etc/shadow (if necessary) along with /etc/passwd to get the desired data.

suramya@StarKnight:~$ lslogins
  UID USER              PROC PWD-LOCK PWD-DENY  LAST-LOGIN GECOS
    0 root               306                   Apr06/15:36 root

lspci

lspci is a command on Unix-like operating systems that prints detailed information about all PCI buses and devices in the system. It is based on a common portable library libpci which offers access to the PCI configuration space on a variety of operating systems. The output looks like:

suramya@StarKnight:~$ lspci
00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse Root Complex
00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Starship/Matisse IOMMU
00:01.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe Dummy Host Bridge
00:01.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse GPP Bridge
00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe Dummy Host Bridge
00:03.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe Dummy Host Bridge
00:03.2 PCI bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse GPP Bridge
00:04.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Starship/Matisse PCIe Dummy Host Bridge
...
0b:00.4 Audio device: Advanced Micro Devices, Inc. [AMD] Starship/Matisse HD Audio Controller

lsipc

lsipc shows information on the System V inter-process communication facilities for which the calling process has read access. The output looks like:

suramya@StarKnight:~$ lsipc
RESOURCE DESCRIPTION                                              LIMIT USED  USE%
MSGMNI   Number of message queues                                 32000    0 0.00%
MSGMAX   Max size of message (bytes)                                 8K    -     -
MSGMNB   Default max size of queue (bytes)                          16K    -     -
SHMMNI   Shared memory segments                                    4096    4 0.10%
SHMALL   Shared memory pages                       18446744073692774399 1728 0.00%
SHMMAX   Max size of shared memory segment (bytes)                  16E    -     -
SHMMIN   Min size of shared memory segment (bytes)                   1B    -     -
SEMMNI   Number of semaphore identifiers                          32000    0 0.00%
SEMMNS   Total number of semaphores                          1024000000    0 0.00%
SEMMSL   Max semaphores per semaphore set.                        32000    -     -
SEMOPM   Max number of operations per semop(2)                      500    -     -
SEMVMX   Semaphore max value                                      32767    -     -

lslocks

lslocks lists information about all the currently held file locks in a Linux system. It also lists OFD (Open File Description) locks which are not associated with any process (PID is -1). OFD locks are associated with the open file description on which they are acquired. The output looks like:

suramya@StarKnight:~$ lslocks |more
COMMAND            PID  TYPE  SIZE MODE  M      START        END PATH
pipewire          1483 FLOCK       WRITE 0          0          0 /run/user/1000/pipewire-0.lock
firefox-bin      18608 POSIX       WRITE 0          0          0 /mnt/data/Configs/.mozilla/firefox/6hzbxva3.default/.parentlock
firefox-bin      18608 POSIX       READ  0          0          0 /tmp/MozillaUpdateLock-CBDE0CC28E6567B7
plasmashell       1742 POSIX   88K READ  0 1073741826 1073742335 /home/suramya/.local/share/kactivitymanagerd/resources/database
plasmashell       1742 POSIX   32K READ  0        128        128 /home/suramya/.local/share/kactivitymanagerd/resources/database-shm
systemsettings    2116 POSIX   88K READ  0 1073741826 1073742335 /home/suramya/.local/share/kactivitymanagerd/resources/database
systemsettings    2116 POSIX   32K READ  0        128        128 /home/suramya/.local/share/kactivitymanagerd/resources/database-shm
cron               900 FLOCK       WRITE 0          0          0 /run...
kactivitymanage   1754 POSIX   88K READ  0 1073741826 1073742335 /home/suramya/.local/share/kactivitymanagerd/resources/database
kactivitymanage   1754 POSIX   32K READ  0        128        128 /home/suramya/.local/share/kactivitymanagerd/resources/database-shm
firefox-bin      18608 POSIX   75M WRITE 0 1073741826 1073742335 /mnt/data/Configs/.mozilla/firefox/6hzbxva3.default/places.sqlite
firefox-bin      18608 POSIX 74.3M WRITE 0 1073741826 1073742335 /mnt/data/Configs/.mozilla/firefox/6hzbxva3.default/favicons.sqlite
kactivitymanage   1754 POSIX   32K READ  0        124        124 /home/suramya/.local/share/kactivitymanagerd/resources/database-shm

lsmod

lsmod shows the current status of loaded modules in the Linux Kernel. It nicely formats the contents of the /proc/modules , showing what kernel modules are currently loaded. The output looks like:

suramya@StarKnight:~$ lsmod
Module                  Size  Used by
loop                   32768  0
dm_crypt               61440  0
dm_mod                172032  1 dm_crypt
mptcp_diag             16384  0
tcp_diag               16384  0
udp_diag               16384  0
raw_diag               16384  0
inet_diag              24576  4 tcp_diag,mptcp_diag,raw_diag,udp_diag
unix_diag              16384  0
af_packet_diag         16384  0
netlink_diag           16384  0
uinput                 20480  0
xfrm_user              49152  2
xfrm_algo              16384  1 xfrm_user
...
...
twofish_generic        20480  0
twofish_avx_x86_64     53248  0
twofish_x86_64_3way    32768  1 twofish_avx_x86_64

lsirq

lsirq is a utility to display kernel interrupt information. The output looks like:

IRQ     TOTAL NAME
LOC 438495596 Local timer interrupts
RES 395250211 Rescheduling interrupts
CAL 244198954 Function call interrupts
TLB  50704087 TLB shootdowns
 43  36669756 IR-PCI-MSI 2621443-edge enp5s0-tx-0
 44  33219249 IR-PCI-MSI 2621444-edge enp5s0-tx-1
 42  29631348 IR-PCI-MSI 2621442-edge enp5s0-rx-1
 41  24214613 IR-PCI-MSI 2621441-edge enp5s0-rx-0
 63   5830480 IR-PCI-MSI 3670016-edge ahci[0000:07:00.0]
 45   4564010 IR-PCI-MSI 3147776-edge xhci_hcd
105   4129317 IR-PCI-MSI 4718592-edge nvidia
 64   3354988 IR-PCI-MSI 4194304-edge ahci0
 69   1788338 IR-PCI-MSI 4194309-edge ahci5
 65    157846 IR-PCI-MSI 4194305-edge ahci1
104     27444 IR-PCI-MSI 5775360-edge snd_hda_intel:card1
..
..

lsns

The lsns command lists information about all currently accessible namespaces or a given namespace. The namespace identifier is an inode number. The output looks like:

suramya@StarKnight:~$ lsns
        NS TYPE   NPROCS    PID USER    COMMAND
4026531834 time       87   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531835 cgroup     87   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531836 pid        87   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531837 user       75   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531838 uts        87   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531839 ipc        76   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531840 net        76   1134 suramya /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
4026531841 mnt        85   1454 suramya /lib/systemd/systemd --user
4026532954 user        1 267290 suramya /usr/local/firefox/firefox-bin -contentproc -parentBuildID 20220705093820 -prefsLen 44808 -prefMapSize 237085 -appDir /usr/local/firefox/browser 267229 true socket
4026532955 ipc         1 267290 suramya /usr/local/firefox/firefox-bin -contentproc -parentBuildID 20220705093820 -prefsLen 44808 -prefMapSize 237085 -appDir /usr/local/firefox/browser 267229 true socket
...
...

lsattr

lsattr lists the file attributes on a second extended file system. The chattr command modifies the attributes of files, and lsattr lists (displays) them. File attributes are flags which affect how the file is stored and accessed by the filesystem. They are metadata stored in the file’s associated inode. The output looks like:

suramya@StarKnight:~$ lsattr
--------------e------- ./node_modules
--------------e------- ./Temp
--------------e------- ./Screenshot_20220704_122444.png
--------------e------- ./go
--------------e------- ./LinkedIn

lsblk

lsblk is used to display details about block devices and these block devices(Except ram disk) are basically those files that represent devices connected to the pc. It queries /sys virtual file system and udev db to obtain information that it displays. And it basically displays output in a tree-like structure. This command comes pre-installed with the util-Linux package. The output looks like:

suramya@StarKnight:~$ lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda      8:0    0 111.8G  0 disk 
├─sda1   8:1    0   3.7G  0 part [SWAP]
├─sda2   8:2    0     1K  0 part 
├─sda5   8:5    0  18.6G  0 part /
└─sda6   8:6    0  89.4G  0 part /mnt/data
sdb      8:16   0   2.7T  0 disk 
└─sdb1   8:17   0   2.7T  0 part /mnt/Backup
sdc      8:32   0 223.6G  0 disk 
└─sdc1   8:33   0 223.6G  0 part /mnt/storage
sdd      8:48   0  12.7T  0 disk 
└─sdd1   8:49   0  12.7T  0 part /mnt/repository

There are a lot more useful Linux commands and no blog post can possibily list all of them. But some of these were new to me so I thought I should share.

– Suramya

March 7, 2021

Syncing data between my machines and phones using syncthing

Filed under: Computer Software,Computer Tips,Knowledgebase,Linux/Unix Related,Tech Related,Tutorials — Suramya @ 11:31 PM

I have talked about how my Backup strategy has evolved over the years. I am quite happy with the setup I explained in my previous post except for one minor point. I still had to manually sync the data from my laptop, Jani’s laptop and my phone to my desktop manually. Once it is there on the desktop the various backup processes make sure that it is backed up and secure. The issue is that I still had to manually sync the data between the devices.

For my laptop, I used Unison to manually check for changes and then sync them over which works great but I had to ensure that the sync happened in the correct direction. For Jani’s laptop I mounted my drive on her computer over ssh using these steps and then running robocopy to copy the files over. This worked intermittently well. For some reason the system would refuse to overwrite changed files randomly with permission denied errors even when the permission was set to 777. The only way to fix was to delete all the files on my computer and then do a fresh sync. This worked, but was not userfriendly and required me to manually kick off a backup which I did infrequently. My phone on the other hand was backed up manually to my computer using sftp. This was very crumbersome and I really disliked having to do it.

I have in the past looked into various technologies that allow multiple devices to sync data with each other. Unfortunately, all of them required an external connection with a copy of the data being stored in the cloud. Since that was a show-stopper for me, I never got around to setting up my systems to automatically sync with each other. Then a few weeks ago, I came across this great article on how to create A Simple, Delay-Tolerant, Offline-Capable Mesh Network with Syncthing (+ optional NNCP). In the article John talked about Syncthing, which allowed him to create a local serverless, peer-to-peer, open source alternative to Dropbox that allowed his machines sync directly with each other without a server. In other words a perfect fit for what I wanted and needed to do. So I spent a little bit of time researching syncthing and then decided to take the plunge and setup my laptop and desktop to sync with each other. Before starting the setup I backed up all my data so that in case something went wrong I still had a backup. Thankfully nothing did, but it is always good to have a backup.

Syncthing’s installation is pretty simple for all major operating systems, except for iPhones which are not supported. In Debian, installation just required the following steps

  • Run the following commands to add the “stable” channel to your APT sources:
    • echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
  • Once you have added it, run the following command to install syncthing
    • sudo apt-get update
sudo apt-get install syncthing

    Once the software is installed execute the syncthing binary. On my computer it is installed in /usr/bin/syncthing. Once the software starts, it will start the web interface automatically. There is also a Desktop application, but I prefer the web-ui. Instructions on how to configure the folders and nodes are available at the Getting Started Guide over on the project website so I am not going to repeat them here. Basically, you need to define the nodes and connect them to each other, if the devices are not added on both sites then the folders will not sync.

    The software has a cool feature of discovery, which makes it easy to add devices on a given node. As soon as you connect to the same network they detect each other and give you the option of connecting both. After the devices are connected, you configure the folder you want to sync and select the devices you want it synced with. The best part is as soon as you configure one node, the other nodes will get a message stating that Node 1 is attempting to share a folder with them. Clicking on accept, allows you to configure the folder path etc on the node and that’s it. The system will detect the files which need to get synced over and will copy them quickly. You can configure the sync to be bi-directional or one way. Most of the folders in my setup are set as that, the only exception are Jani’s files which is a one-way sync because I know that I am not going to modify the files on the server.

    Below is what the setup looks on my desktop, as you can see I am syncing data from 3 different computers/phones to it and the sync’s are really fast. I have copied files over to the folder on one computer and within minutes (depending on the size) they were replicated on the other computers/phone.


    My Syncthing setup

    I have the android client running on my phone as well, and it instantly syncs any new photos etc from my phone to the desktop. All I need to do is connect to the same LAN network (can be over wired or wireless) and the devices connect and sync automagically. There is an option to do so even over the WAN using relay server but since I didn’t want that I disabled it in the setup.

    Now all my data is synced to the desktop machine without me having to worry about anything or manually copying files around. Check it out if you want to sync your devices without using an external server.

    – Suramya

February 20, 2021

Fixing boinc (code=exited, status=108) error

Filed under: Computer Tips,Knowledgebase,Linux/Unix Related,Tech Related — Suramya @ 2:01 AM

Earlier today I noticed that my CPU was not as active as usual and the boinc (World Community Grid) processes were no longer active on my computer. This has happened in the past when the client crashed so I restarted the client using the following command as usual:

/etc/init.d/boinc-client restart

Unfortunately, that didn’t resolve the problem and I thought that it could be because of the recent OS update that I did to my Debian system. In the past there have been rare cases when libraries were updated that some programs act strangely till the computer is rebooted, so I restarted the machine expecting to see the process start up without issues. Sadly, that didn’t happen so I had to debug the problem and I tried all sorts of things to resolve.

First, I tried starting the program manually as the root user and that worked. So I knew it was something to do with the startup script. Then I searched for and removed all the lock files in the boinc and the boinc-client directory. That should have resolved the problem but it didn’t and then I tried running the status command which gave the following output:

root@StarKnight:/var/lib/boinc-client# /etc/init.d/boinc-client status
boinc-client.service – Berkeley Open Infrastructure Network Computing Client
Loaded: loaded (/lib/systemd/system/boinc-client.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2021-02-20 01:26:50 IST; 9s ago
Docs: man:boinc(1)
Process: 7420 ExecStart=/usr/bin/boinc (code=exited, status=108)
Process: 7455 ExecStopPost=/bin/rm -f lockfile (code=exited, status=0/SUCCESS)
Main PID: 7420 (code=exited, status=108)
CPU: 19ms

Feb 20 01:26:40 StarKnight systemd[1]: Started Berkeley Open Infrastructure Network Computing Client.
Feb 20 01:26:50 StarKnight boinc[7420]: 20-Feb-2021 01:26:50 Another instance of BOINC is running.
Feb 20 01:26:50 StarKnight systemd[1]: boinc-client.service: Main process exited, code=exited, status=108/n/a
Feb 20 01:26:50 StarKnight systemd[1]: boinc-client.service: Failed with result ‘exit-code’.

This meant that the system thought that another instance of the software was running but that wasn’t the case as I verified it using ps. A search for the status=108 code on the internet returned a few results but nothing that resolved my problem. One user who faced this issue resolved it by uninstalling everything and installing back but that wasn’t a step I wanted to take without trying everything else first so I kept researching. Then I saw a post where a user was facing the same issue after they had moved the data directory to another partition and symlinked it to the original location. I had done the same thing a few weeks ago so I moved the directory back to it’s original location but that didn’t resolve anything either.

Then I thought about checking the file ownerships of the directory and they were owned by my user (suramya) and a post on the internet said that they should be owned by root. I checked on my laptop as I have the same setup there and found that the directories were owned by the ‘boinc‘ on the laptop. Then I remembered changing the ownership of all files in one of my drive partitions last night to suramya. What I didn’t realize at that time was that the boinc-client directory was also located on that partition (after I had moved it there to recover space on my root partition).

I immediately changed the ownership of both directories back to boinc:boinc using the following command 

chown boinc:boinc /var/lib/boinc* -R

Then I restarted the daemon and that fixed the problem. I then moved the directory back to it’s original location (on the other partition), symlinked it to the original location and the software still worked after I restarted the process.

I am documenting this in case others hit the same issue.

– Suramya

November 28, 2020

My Backup strategy and how it has evolved over the years

Filed under: Computer Software,Computer Tips,Knowledgebase,Linux/Unix Related,My Thoughts,Tech Related — Suramya @ 4:03 AM

I am a firm believer in backing up my data, some people say that I am paranoid about backing up data and I do not dispute it. All my data is backed up on multiple drives and locations and still I feel that I need additional backup. This is because I read the news and there have been multiple cases where people lost their data because they hadn’t backed it up. Initially I wasn’t that serious about it but when I was in college and working at the helpdesk, a phd student came in crying because her entire PHD thesis was on a Zip Drive and it wasn’t working anymore. She didn’t have a backup and was basically screwed. We tried a bunch of stuff to recover the data but didn’t manage to recover anything. That made me realize that I needed a better backup procedure so started my journey in creating recoverable backups.

My first backup system was a partition on my drive called backup where I created a copy of all my important data (This is back in 2000/2001). Then I realized that if the drive died then I would loose access to the backup partition as well, and I started looking for alternatives. This is around the time when I had bought a CD Writer so all my important data was backed up to CD’s and I was confident that I could recover any lost data. Shortly afterwards I moved to DVD’s for easier storage. However, I didn’t realize till a lot later that CD’s & DVD’s start becoming unreadable quite easily. Thankfully I didn’t loose any data but it was a rude awakening to find that the disks I had expected to keep my data safe were starting to become unreadable within a few years.

I then did a bunch of research online and found that the best medium for storing data long term is still Hard Drives. I didn’t want to store anything online because I want my data to be in my control so any online backup system was out of the question. I added multiple drives to my desktop and started syncing the data from the desktop & laptop to the backup drive using rync. This ensured that the important data was in three locations at any given time: My Desktop, My Laptop and the Backup drive. (Plus a DVD copy that I made of all my data every year)

I continued with this backup strategy for a few years but then realized that I had no way to go back to a previous version of any given document, if I deleted a file or wanted to go back to an older version of a file I only had 24 hours before the changes were synced to the backup drive before it was unrecoverable. There was a case where I ended up having to dig through my DVD backups to find the original version of a file that I had changed. So I did a bit of research and found rdiff-backup. It allows a user to back up one directory to another and generates an incremental backup. So we can recover/restore files based on date range. The best part is that the software is highly efficient, once the initial backup is done it only transmits the changes to the files in subsequent runs. Now that I have been using it I can restore a snapshot of my data going back to 2012 quite easily.

I was quite happy with this setup for a while, but while reading an article on best backup practices I realized that I was still depending only on 1 location for the backup data (the rdiff-data snapshots) and the best practices stated that you should also store it in an external drive or offsite location to prevent viruses/ransomware from deleting backups. So I bought a 5TB external drive and created an encrypted partition on the same to store all my important data. But I was still unhappy because all of this was still stored at my home so if I had a fire or something I would still end up loosing the data even though my external drive was kept in a safe. I still didn’t want to store data online but that was still the best way to ensure I had offsite backup. I initially thought about setting a server at my parents place in Delhi and backup there but that didn’t work out for various reasons. Plus I didn’t want to have to call them and troubleshoot backup issues over the phone.

Around this time I was reading about encrypted partitions and came up with the idea of creating an encrypted container file to store my data and then backup the container file online. I followed the steps I outlined in my post How to encrypt your Hard-drive in Linux and created the encrypted container. Once I finished that I had to upload the container to my webhost since I had unlimited storage space as per my contract. Initially I wasn’t able to because they had restricted my account’s quota but a call to their customer support sorted it out after a bit of argument and explaining what I was doing. The next hurdle I faced was uploading the file to the server because of the ridiculously low upload speed I was getting from Airtel. I had a 40 mbps connection at the time but the upload speed was restricted to 1 mbps because of ‘reasons’. After arguing with their support for a while, I was complaining about it at work and one of the folks suggest I check out ACT Internet. I checked out their plans and was quite impressed with the offerings so I switched over to ACT and was able to upload the container file quickly and painlessly.

Once the container was uploaded, I had to tackle the next problem in the process which was on how to update the files in the container without having to upload the entire container to the host. I experimented with a few solutions and then came up with the following solution:

1. Mount the remote partition as a local mount using sshfs. I mounted the partition locally using the following command: (please replace with the correct hostname and username before using)

/usr/sbin/runuser -l suramya -c "sshfs -o allow_other @hostname.com:. /mnt/offsite/"

2. Once the remote partition was mounted locally, I was able to use the usual commands to mount the encrypted partition to another location using the following command:

/usr/sbin/cryptsetup luksOpen /mnt/offsite/container/Enc_vol1.img enc --key-file /root/UserKey.dat
mount /dev/mapper/enc /mnt/stash/

In an earlier iteration of the code I wasn’t using the keyfile so had to manually enter the password everytime I wanted to backup to the offsite location. This meant that the backup was done randomly as and when I remembered to run the command manually. A few days ago I finally configured it to run automatically after adding the keyfile as a decryption key. (Obviously the keyfile should be protected and not be accessible to others because it allows users to decrypt the data without entering a password.) Now the offsite backup runs once a week while the local backup runs daily and I still backup the Backup partition to the external drive as well manually as and when I remember to do so.

In all I was quite happy with my setup but then I was updating the encrypted container and a network issue made be believe that my remote container had become corrupted (it wasn’t but I thought it was). At the same time I was fooling around with Microsoft One Drive and saw that I had 1TB of storage available over there since I was a Office 365 subscriber. This gave me the idea of backing up the Container to OneDrive as well as my site hosting.

I first tried copying the entire container to the drive and hit a limit because the file was too large. So I thought I would split the file into 5GB parts and then sync them to OneDrive using rclone. After installing rclone. I configured it to connect to OneDrive by issuing the following command and following the onscreen prompts:

rclone config

I then created a folder on OnDrive called container to store the split files and then tried uploading a test file using the command:

rclone copy $file OneDrive:container

Where OneDrive is the name of my provider that I configured in the previous step. This was successful so I just needed to create a script that did the following:

1. Update the Container file with the latest backup
2. Split the Container file into 5GB pieces using the following command:

split --verbose -d -b5GB /mnt/repository/Container/Enc_vol1.img /mnt/repository/Container/Enc_vol_

3. Upload the pieces to Ondrive. 

for file in `ls /mnt/repository/Container/Enc_vol_* |sort`; do  echo "$file";  /usr/bin/rclone copy $file OneDrive:container -v &> /tmp/oneDriveSync.log; done

This command uploads the pieces to the drive one at a time and is a bit slow because it maxes out the upload speed to ~2mbps. If you split the uploads and run the command in parallel then you get a lot faster speed. Keep in mind that if you are uploading more than 10 files at a time you will start getting errors about too many open connections and then you have to wait for a few hours before you can upload again. It took a while to upload the chunks but now my files are stored in yet another location and the system is configured to sync to Onedrive once a month.

So, as of now my files are backed up as following:

  • /mnt/Backup: Local Drive. All changes are backed up daily using rdiff-backup
  • /mnt/offsite: Encrypted Container stored online. All changes are backed up weekly using rsync
  • OneDrive: Encrypted Container stored at Microsoft OneDrive. All changes are backed up monthly using rsync
  • External Drive: Encrypted backup stored in an External Hard-drive using rsync. Changes are backed up infrequently manually.
  • Laptop: All Important files are copied over to the laptop using Unison/rsync manually so that I can access my data while traveling

Finally, I am also considering backing up the snapshot data to BlueRay disks but it will take time so haven’t gotten around to it yet.

Since I have this elaborate backup procedure I wasn’t worried much when one of my disks died last week and was able to continue work without issues or worries about loosing data. I still think I can enhance the backups I take but for now I am good. If you are interested in my backup script an extract of the code is listed below:

function check_failure ()
{
	if [ $? == 0 ]; then
		logger "INFO: $1 Succeeded"
	else
		logger "FATAL: Execution of $1 failed"
		wall "FATAL: Execution of $1 failed"
		exit 1
	fi
}

###
# Syncing to internal Backup Drive
###

function local_backup ()
{
	export BACKUP_ROOT=/mnt/Backup/Snapshots
	export PARENT_ROOT=/mnt/repository

	logger "INFO: Starting System Backup"

	rdiff-backup -v 5 /mnt/data/Documents/ $BACKUP_ROOT/Documents/
	check_failure "Backing up Documents"

	rdiff-backup -v 5 /mnt/repository/Documents/Jani/ $BACKUP_ROOT/Jani_Documents/
	check_failure "Backing up Jani Documents"

	rdiff-backup -v 5 $PARENT_ROOT/Programs/ $BACKUP_ROOT/Programs/
	check_failure "Backing up Programs"

	..
	..

	logger "INFO: All Backups Completed Successfully."
}

### 
# Syncing to Off-Site Backup location
###

function offsite_backup
{
	export PARENT_ROOT=/mnt/repository

	# First we mount the remote directory to local
	logger "INFO: Mounting External Drive"
	/usr/sbin/runuser -l suramya -c "sshfs -o allow_other username@remotehost:. /mnt/offsite/"
	check_failure "Mounting External Drive"

	# Open the Encrypted Partition
	logger "INFO: Opening Encrypted Partition. Please provide password."
	/usr/sbin/cryptsetup luksOpen /mnt/offsite/container/Enc_vol1.img enc --key-file /root/keyfile1
	check_failure "Mounting Encrypted Partition Part 1"

	# Mount the device
	logger "INFO: Mounting the drive"
	mount /dev/mapper/enc /mnt/stash/
	check_failure "Mounting Encrypted Partition Part 2"

	logger "INFO: Starting System Backup"
	rsync -avz --delete  /mnt/data/Documents /mnt/stash/
	check_failure "Backing up Documents offsite"
	rsync -avz --delete /mnt/repository/Documents/Jani/ /mnt/stash/Jani_Documents/
	check_failure "Backing up Jani Documents offsite"
	..
	..
	..

	umount /mnt/stash/
	/usr/sbin/cryptsetup luksClose enc
	umount /mnt/offsite/

	logger "INFO: Offsite Backup Completed"
}

This is how I make sure my data is backed up. All of Jani’s data is also backed up to my system using robocopy as she is running Windows and then the data gets backed up by the scripts I explained above as usual. I also have scripts to backup my website/blog/databases but that’s done using a simple script. Let me know if you are interested and I will share them as well.

This is all for now. Let me know if you have any questions about the backup strategy or if you want to make fun of me. 🙂 This is all for now. Will write more later.

– Suramya

September 30, 2020

How to fix vlc’s Core dumping issue while playing some videos

Filed under: Computer Software,Computer Tips,Knowledgebase,Linux/Unix Related,Tech Related — Suramya @ 11:37 PM

Over the past 2 days I found that the VLC install on my computer was suddenly having issues playing some of the video files on my computer. Initially I thought that it was a problem with the video file, then I realized that this was also happening with videos that had be playing fine earlier. When I ran vlc from the command line to play the problem video it gave the following output on screen when it crashed:

[00005587b42751b0] dummy interface: using the dummy interface module…
[00007f00c4004980] egl_x11 gl error: cannot select OpenGL API
[00007f00c4004980] gl gl: Initialized libplacebo v2.72.0 (API v72)
[00007f00c402a310] postproc filter error: Unsupported input chroma (VAOP)
[00007f00bd986e50] chain filter error: Too high level of recursion (3)
[00007f00c4028d40] main filter error: Failed to create video converter
[00007f00bd986e50] chain filter error: Too high level of recursion (3)
[00007f00c4028d40] main filter error: Failed to create video converter
[00007f00bd986e50] chain filter error: Too high level of recursion (3)
[00007f00c4028d40] main filter error: Failed to create video converter
[00007f00bd986e50] chain filter error: Too high level of recursion (3)


[00007f00c44265c0] chain filter error: Too high level of recursion (3)
[00007f00c4414240] main filter error: Failed to create video converter
[00007f00bd9020d0] main filter error: Failed to create video converter
[00007f00cc047d70] main video output error: Failed to create video converter
[00007f00cc047d70] main video output error: Failed to compensate for the format changes, removing all filters
[00007f00c4004980] gl gl: Initialized libplacebo v2.72.0 (API v72)

A google search told me that a possible solution was to disable hardware acceleration in the Video settings but that didn’t fix my problem. So I took a look at the kernel.log file in /var/log and I got the following error when the program crashed:

Sep 30 21:11:44 StarKnight kernel: [173399.132554] vlc[91472]: segfault at 28000000204 ip 00007f2d8916c1d8 sp 00007f2d8aa69db0 error 4 in libpostproc.so.55.7.100[7f2d8915c000+1d000]
Sep 30 21:11:44 StarKnight kernel: [173399.132568] Code: 98 48 8d 44 07 20 0f 18 08 8b 44 24 08 4d 8d 0c 1a 4d 8d 04 2b 85 c0 0f 85 cb fd ff ff 4c 8b 6c 24 28 4b 8d 04 29 4b 8d 14 20 <41> 0f 6f 01 43 0f 6f 0c 29 41 0f 7f 00 43 0f 7f 0c 20 43 0f 6f 04

Spent about an hour searching for the solution using the details from the kernel.log but got nowhere. Finally I found a forum post where one of the solutions offered was to remove the vlc configuration files, since I didn’t have any other bright idea’s I renamed the vlc config folder by issuing the following command:

mv ~/.config/vlc ~/.config/vlc_09302020

Then I started vlc and just like that everything started working again. 🙂 Not sure what caused the settings to get borked in the first place but the issue is fixed now so all is well.

– Suramya

September 29, 2020

Mounting a Network drive over ssh in Windows using WinFsp & SSHFS-Win

Filed under: Computer Software,Computer Tips,Knowledgebase,Linux/Unix Related,Tech Related — Suramya @ 1:16 PM

I have computers running both Windows & Linux and at times I need to share files between them and I have been looking for a convenient way to access the files from my Linux machine from my Windows machine without having to run SAMBA on the Linux. This is because historically SAMBA has been a security nightmare and I don’t want to run extra services on the computer if I can avoid it. Earlier this week I finally found a way to mount my Linux directories on Windows as a network mount over SSH using WinFsp & SSHFS-Win and I have been running it for a couple of days so far without any issues. (So far)

Follow these steps to enable SSHFS-Win on your windows machine:

Install WinFsp (Windows File System Proxy)

WinFsp is a set of software components for Windows computers that allows the creation of user mode file systems similar to FUSE (Filesystem in Userspace) in the Unix/Linux world. You can download it from the project’s GIT repository. The Installation file is available by clicking on the download link under ‘Releases’ near the top right corner of the page. The latest version is WinFsp 2020.1 at the time of this writing.

You install the software by running the MSI file you downloaded and the default options worked for me without modification.

Install SSHFS For Windows

SSHFS-Win is a minimal port of SSHFS to Windows. It is available for download from the project’s Git repository. You can compile from source or download the installation file by clicking on the download link under ‘Releases’ near the top right corner of the page. The latest version is SSHFS-Win 2020 at the time of this writing.

Please note that you will need to have WinFsp installed already before you can install SSHFS-Win successfully.

Usage:

Once you have installed both the software you can start using them and map a network drive to a directory using Windows Explorer or the net use command. Instructions for use are as below (Taken from the project Documentation):

In Windows Explorer select This PC > Map Network Drive and enter the desired drive letter and SSHFS path using the following UNC syntax:

\\sshfs\REMUSER@HOST[\PATH]

The first time you map a particular SSHFS path you will be prompted for the SSH username and password which can be saved using the Windows Credential Manager so that you don’t get prompted for it again. In order to unmap the drive, right-click on the drive icon in Windows Explorer and select Disconnect.


Visual demo of how to Map a Network drive using SSHFS-Win

You can map a network drive from the command line as well using the net use command:

net use X: \\sshfs\suramya@StarKnight

You will then be prompted for the password and once you authenticate you can use the new drive as usual. You can unmap the drive as follows:

net use X: /delete

I find this quite useful and hope you do as well.

Thanks to MakerLab, Department of Computer Science, HKU for pointing me in the correct direction

– Suramya

Older Posts »

Powered by WordPress