Suramya's Blog : Welcome to my crazy life…

September 7, 2023

Youtube2Webpage: Create Websites with Text from Videos

Filed under: Emerging Tech,Interesting Sites,Linux/Unix Related,My Thoughts — Suramya @ 7:35 PM

In my last post, I had talked about preferring text content to videos and coincidentally my Hacker News feed happened to cover a tool that takes a video link and creates a webpage with a transcript generated from the video’s closed captions paired with screenshots of the video. The program is called Youtube-to-Webpage. It is a Perl script that uses yt-dlp & ffmpeg to do the processing.

I tried it out using the curl video I talked about in the previous command as the input and the software did a decent job capturing the details. The output is very plain and looks like the following:

Transcription of Curl Training video
Transcription of Curl Training video

Since the program uses the built-in YouTube captions for getting the text from the video, the transcription is only as good as how good the captions are. One enhancement, that could make it better is to use a Speech-to-Text engine and use that text in the output. The slightly tricky part would be to match the screenshots with the audio/transcription timestamps.

Check it out if you prefer to read text instead of videos. I wonder how the output would look if we feed this to a LLM and ask it to make it like an article. That can be something we can explore for the next post ๐Ÿ™‚

– Suramya

September 6, 2023

Mastering curl using an interactive text guide

Filed under: Knowledgebase,Linux/Unix Related,My Thoughts — Suramya @ 10:09 PM

Curl is a program that has slowly percolated across the entire internet and in places where you wouldn’t believe. Folks have found it installed in inverters, it is running in outerspace etc. I mostly used to use wget earlier because my needs were quite simple and usually I just wanted to download a page or file from a website, then as I started working on more advanced use cases I found that curl was more powerful and versatile than wget, so I use curl more than wget now. (for the most part).

The curl command is extremely versatile and has over 250 commandline options, even seasoned users don’t know what all the tool can do so Daniel Stenberg who is the author of curl created a 3.5 hours long video on how to master curl. While the video is really useful and goes in depth, I personally don’t like to watch video tutorials. Instead I prefer to read text based tutorials as I read quite fast and can also search for specific stuff in a text tutorial which is not really possible in a video (at least not easily).

So, I was quite pleased to find that Anton Zhiyanov had taken the effort to create a text version of the video for future reference and as a cherry on top they even made the whole thing interactive so that you can try out the commands directly from the website and see how they would work.

Do check out the tutorial if you want to learn more about curl and how to use it more efficiently.

– Suramya

September 4, 2023

Mashing Enter can allow you bypass full disk encryption in certain scenarios

Filed under: Computer Security,Linux/Unix Related,My Thoughts — Suramya @ 12:30 PM

When folks think about hacking and people bypassing secure systems they have this mental image of folks writing complex code or physically reading the data byte by byte but that is not always true. Sometimes, it is as simple as just keeping the enter key pressed while the system is booting up. Yes, you read that right. A few days ago a vulnerability was found in a TPM-protected system that is configured to implement unattended unlocking for LUKS full disk encryption using RedHatโ€™s Clevis and dracut software along with systemd.

Generally, a Linux computer using TPM-protected unattended disk encryption will still allow a user to view the output of the boot process and optionally manually enter a decryption password with the keyboard. This allows for situations where the computer fails to boot and needs someone to troubleshoot the startup process. While the unattended TPM unlocking is taking place, the user is still presented with the password prompt and an opportunity to enter input.

Thereโ€™s a limited window of time before the TPM will unlock the disk and the boot process will proceed automatically to the login prompt, so how can we effectively fuzz this input opportunity? What if we could type faster than a human being? Using an Atmel ATMEGA32U4 microcontroller (such as youโ€™d find in an Arduino Leonardo development board) we can emulate a keyboard that sends virtual keypresses at essentially the maximum rate that the computer will accept. The following short Arduino program sets up a Leonardo as a keyboard emulator:

#include "Keyboard.h"
void setup() {
delay(1000);
Keyboard.begin();
}
void loop() {
Keyboard.press(KEY_RETURN);
delay(10);
Keyboard.releaseAll();
delay(10);
}

One second after being plugged in this program begins to simulate pressing the Enter key on a virtual keyboard every 10 milliseconds. This is about 10x faster than the usual keyboard repeat rate youโ€™d get simply holding down a key, and Linux seems to recognise around 70 characters per second using this method, or one keypress approximately every 15 milliseconds.

Sending keypresses this fast quickly hits the maximum number of password entry retries, while keeping the system from unlocking the disk automatically due to password guess rate limiting, and systemd eventually gives up trying to unlock the disk. It takes a minute or two but the recovery action in this failure scenario is to give us a root shell in the early boot environment

The simplest way to address the most immediate problem: Add rd.shell=0 and rd.emergency=reboot to the kernel command line. This ensures that if anything fails during the early boot process the computer will reboot immediately rather than dropping into a root shell.

However, this goes to show us that the old statement about security is still absolutely valid: “Physical access is root access. You can’t spend thousands on protecting the cyber threat landscape and ignore physical security such that people can just walk up to your computer and stick things inside. That being said, having a physical security program doesn’t necessarily protect your from an insider threat so that is also something to keep in mind.

Source: Pulsesecurity: Mashing Enter to bypass full disk encryption with TPM, Clevis, dracut and systemd

– Suramya

August 22, 2023

Getting my Pocket C.H.I.P. to finally work

Filed under: Knowledgebase,Linux/Unix Related,My Thoughts,Tech Related — Suramya @ 11:59 PM

Way back in 2016, I backed the Pocket C.H.I.P on Kickstarter opting to get 2 CHIP’s and one PocketChip. The C.H.I.P (or CHIP) was a single single-board computer costing $9 launched by Next Thing Co. It used open-source hardware running open-source software and was advertised as world’s first $9 computer as a direct competitor to the RaspberryPi . The device boasted the following configuration:

  • 1 GHz R8M/R8 (ARMv7)SoC processor
  • 512 MB DDR3 SDRAM
  • Built-in Wi-Fi 802.11b/g/n, Bluetooth 4.0
  • One USB host with type-A receptacle, one USB On-The-Go port
  • Composite video and stereo audio port via mini TRRS
  • Optional composite TRRS to RCA audio-video cable
  • Optional VGA adapter and HDMI adapter (I got both)
  • Up to 45 GPIO ports
  • Supports 1-Wire and I2C protocols, PWM output
  • Serial console and Ethernet via USB for quick headless operation
  • Power options include 5V via USB OTG, 5V via CHN pin, and by 3.7V battery
  • Onboard NAND storage, 4-8GB

The PocketChip was a handheld with a 4.3 inch 480ร—272 pixel resistive touchscreen, a clicky keyboard, GPIO headers on the top of the device, and GPIO soldering pads inside of the injection molded case powered by the CHIP processor. It looks clunky but is easier to connect to the device and setup using the PocketChip rather than doing it with just the CHIP.

Unfortunately the company shutdown in 2018 due to various issues. However, I was one of the lucky backers to receive the devices but once I received them I put them in a drawer and kind of forgot about them as life got busy and interesting. Over the years I did try to power on the device a couple of times but never really looked into getting it to work, so they just collected dust in my desk (literally).

Over the past weekend I decided to try getting it to work so I did some searching and with a lot of trial and error finally managed to get things to work and boot into a working OS. ๐Ÿ™‚ The main issue was that I was expecting it to work like the RaspberryPi where the OS was installed on an SD card but in this case the OS had to be flashed on to the onboard flash chip which was a bit more complicated process than installing to a SD card. I followed the instructions at NextThingCo Pocket C.H.I.P. Flashing Guide amongst other pages to get things to work. Here I will document some of the other things I had to do to get it to work. Please note that this was on a Debian setup, things might be a bit different for other OS’s

Install the Prerequisites

First we need to install the tools required by running the following command as root:

apt-get install git android-tools-fastboot sunxi-tools u-boot-tools

Download the CHIP SDK

Download the CHIP-SDK.zip from one of the following links:

Download and extract the CHIP Tools

Download CHIP-tools.zip from one of the following sites:

Download CHIP OS Images

Download the CHIP OS image from one of the following links:

Extract flash-collection.zip

When I tried extracting the contents of the zip file I got from the first link, I got an error that the file is not a Zip file. After a lot of searching I found out that you can run the following command to extract the file instead:

jar xfv flash-collection.zip

Since that seems unnecessarily complicated. I have extracted and re-compressed the file and shared it at the second link. You can extract it using the standard zip tools.

Fix fastboot

The version of fastboot in the Debian repositories is newer than the one used in the setup scripts and if you try to flash with the version installed then fails with the following error message:

..
..
== Cached UBI located ==
Image Name:   flash server
Created:      Sun Aug 20 19:29:14 2023
Image Type:   ARM Linux Script (uncompressed)
Data Size:    1784 Bytes = 1.74 KiB = 0.00 MiB
Load Address: 00000000
Entry Point:  00000000
Contents:
   Image 0: 1776 Bytes = 1.73 KiB = 0.00 MiB
waiting for fel...OK
waiting for fastboot...fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'
.fastboot: invalid option -- 'i'

The easiest fix for this is to rollback to a previous version of the software that supports the -i parameter. You can try to search and download the older version from Debian’s repositories, but I found it easier to download the software from platform-tools_r26.0.0-linux.zip (as I was too tired to go search for it in the archives)

Once you download the file and extract the contents, follow these steps to rollback to the previous version of fastboot:

  • Backup the existing binary for fastboot
    • mv /usr/lib/android-sdk/platform-tools/fastboot /usr/lib/android-sdk/platform-tools/fastboot_old
  • Copy the extracted file from the zip file to the correct location
    • mv platform-tools/fastboot /usr/lib/android-sdk/platform-tools/fastboot

Put the CHIP in FEL mode

The FEL mode allows the software to flash the CHIP with a new firmware. This can be done by putting a jumper wire between GND and FEL. It will look something like the following:


Connecting a jumper wire between GND and FEL to enter FEL Mode

Once you have entered the FEL mode, connect the CHIP to the computer using the microUSB port on the CHIP, not the fullsize USB port.

Flashing the OS to CHIP

Once you have downloaded all the files and unziped them. Follow these steps to Flash the OS to CHIP.

  • Move the CHIP-tools directory to the CHIP-SDK directory
    • mv CHIP-tools CHIP-SDK/
  • Select the Image you want to install and move it into the CHIP-SDK directory. There are 8 Images to choose from, I tested with the testing-server-b543 and testing-pocketchip-b667 images as I have 2 CHIPS to play with. ๐Ÿ™‚
  • The original instructions on the site ask you to run the ./setup_ubuntu1404.sh script located in the CHIP-SDK directory but it failed most commands on my system. I think that you should be able to proceed without running it but haven’t tried it.
  • Switch to the CHIP-tools directory
    • cd CHIP-SDK/CHIP-tools
  • Run the firmware upgrade script, replacing Path/To/Chip/Image with the location where you extracted the Image you want to install
    • ./chip-update-firmware.sh -L ../../flash-collection/testing-server-b543/

    If you have done everything correctly and nothing is broken, you will get an output similar to the following:

    suramya@StarKnight:~/Media/Downloads/CHIP/CHIP-SDK/CHIP-tools$ ./chip-update-firmware.sh -L ../testing-pocketchip-b667/
== Local directory '../testing-pocketchip-b667/' selected ==
== preparing images ==
== Local/cached probe files located ==
== Staging for NAND probe ==
Image Name:   detect NAND
Created:      Sun Aug 20 20:24:50 2023
Image Type:   ARM Linux Script (uncompressed)
Data Size:    97 Bytes = 0.09 KiB = 0.00 MiB
Load Address: 00000000
Entry Point:  00000000
Contents:
   Image 0: 89 Bytes = 0.09 KiB = 0.00 MiB
waiting for fel...OK
waiting for fel......OK
NAND detected:
nand_erasesize=400000
nand_oobsize=680
nand_writesize=4000
== Cached UBI located ==
Image Name:   flash server
Created:      Sun Aug 20 20:24:58 2023
Image Type:   ARM Linux Script (uncompressed)
Data Size:    1784 Bytes = 1.74 KiB = 0.00 MiB
Load Address: 00000000
Entry Point:  00000000
Contents:
   Image 0: 1776 Bytes = 1.73 KiB = 0.00 MiB
waiting for fel...OK
waiting for fastboot...................OK
target reported max download size of 33554432 bytes
sending sparse 'UBI' 1/23 (28672 KB)...
OKAY [  2.016s]
writing 'UBI' 1/23...
OKAY [  2.069s]
sending sparse 'UBI' 2/23 (28672 KB)...
OKAY [  2.007s]
writing 'UBI' 2/23...
OKAY [  5.484s]
..
..

sending sparse 'UBI' 22/23 (28672 KB)...
OKAY [  1.916s]
writing 'UBI' 22/23...
OKAY [  9.079s]
sending sparse 'UBI' 23/23 (16384 KB)...
OKAY [  1.105s]
writing 'UBI' 23/23...
OKAY [  4.981s]
finished. total time: 300.744s
resuming boot...
OKAY [  0.000s]
finished. total time: 0.000s


FLASH VERIFICATION COMPLETE.


   #  #  #
  #########
###       ###
  # {#}   #
###  '%######
  #       #
###       ###
  ########
   #  #  #


CHIP is ready to roll!

    If you see the message that “FLASH VERIFICATION COMPLETE.” and that “CHIP is ready to roll!”, then the OS installation has completed successfully. Now you can disconnect the CHIP from the computer and remove the jumper cable.

    Booting into CHIP

    If you have the PocketCHIP, then you can just power up the device by pressing on the power button for a second (pressing it for 10 seconds shuts it down forcefully). If you just have the CHIP, you will need to connect it to a monitor and connect a keyboard as well. (I used the PocketCHIP to configure everything and then used it separately).

    The boot up process can take a minute or two, and assuming everything went well you should see the standard boot messages on the screen. Once you get to the login prompt you can log in using the username ‘chip’ (without the quotes) and ‘chip’ (without the quotes) as the password. The root account password is also ‘chip’ (without the quotes).

    Connecting to WiFi and configuring the CHIP

    The first thing that you should do now is connect the device to a WiFi network so that you can SSH into it for ease of configuration. The second thing should be to change the default passwords ๐Ÿ™‚

    The easiest way to configure WiFi is to use the nmcli tool. Run the following command as root to connect to the WiFi. More details on the command are available at How to Connect Wi-Fi from Linux Terminal Using Nmcli Command

    nmcli dev wifi connect <SSID of The Network to Connect With> password <password for the Wifi Network>

    Once the device is connected to the WiFi, get your IP address using the following command:

    ip address

    Then you can SSH into the device from any system using the IP address.

    CHIP is working!!!


    Running Debian 8 Testing


    Running the PocketCHIP customized version (Debian 8)

    Updating the OS to the latest version

    The system is running Debian 8 by default and you should upgrade it to the latest version. Unfortunately, I keep getting errors when I try to upgrade to the latest Debian version and haven’t yet fixed the problem. Basically, I think you need to update the /etc/apt/sources.list with the correct mirror details and then upgrade. Once I get some time to revisit the setup and resolve the issue I will post the fix on the blog as a followup post to this one.

    – Suramya

May 17, 2023

Request to advertise ‘Men’s Beauty’ topics on Linuxgazette.net

Filed under: Humor,Linux/Unix Related — Suramya @ 7:18 PM

As some of you might know, I host a mirror for Linuxgazette.net and this usually results in an email every couple of months for changes to the existing articles and requests to advertise. I recently received an email requesting information about linuxgazette.net for advertising. Now there are a few problems with this, firstly I don’t host linuxgazette.net I just host a mirror of the site. Second problem was the content/topic they want to advertise on the site:

Beards seem to have become popular again, but do you think they will stick? Time will tell, but personally, I wouldn’t mind seeing more men with a cleanly shaven face 😍

I’m getting in touch today because I have some clients looking for advertising opportunities that are related to Men’s Beauty (Should I call it Men’s “Beauty”). After I stumbled across linuxgazette.net I figured I’d reach out and see if you ever work with brands, or have a media kit available.

I mean historically Linux admins do have a reputation of keeping big beards but this is ridiculous. Of course I know that this mail was probably sent out by an automated bot but it did make me laugh .

– Suramya

March 11, 2023

Thoughts about a list explaining how Linux users are characterized by these properties

Filed under: Linux/Unix Related,My Thoughts — Suramya @ 10:44 PM

It is always amusing to me when I read these lists that claim to characterize people, in this case while I was researching about companies acquired by Microsoft I ended up at Rational Wiki: OS Wars section where there is a section that claims that “Linux users are characterized by the following properties: I found it amusing so I am going to list them out here with my comments and thoughts about each of them.

An unhealthy desire to recompile the kernel at every opportunity.

[ST] Compiling a kernel was something that we had to do in Linux back in early 2000’s, but even then I never really had to compile the kernel to get things to work. I did do it to understand the process, but was never forced to do so. In fact I can’t remember the last time I had to compile the kernel on my system.

A disdain for newcomers who don’t know how to recompile the kernel.
Constantly rebuilding their machines because a kernel recompile failed.

[ST] Since I never had to compile it, I don’t expect others to do so. If you want to do it then its your prerogative but I don’t care one way or another.

Thinking those who don’t compile on their own computers or don’t use shell scripts and terminals on a daily basis are not real Linux users.

[ST] Unfortunately, there are idiots who think this, and attempt to gatekeep others and put them down just because they don’t use the ‘proper tools’/command line etc. I did write about this earlier: Stop hating on people because they donโ€™t use the same tools as you because everyone has a different way of working and what works for you might not work for them and vice-versa. For example, I really dislike video tutorials and prefer text but I know plenty of folks who like video because it shows them what to do instead of having them imagine it. There is no one true way…

Constantly having incidents reported for not being in the sudoers file, but not being sure who they’re being reported to.

[ST] I don’t have incidents being reported constantly but did have to look up where the incidents are reported, which as expected was in the log files that an admin/root can audit.

Believing vowels are over rated, especially when it comes to naming important programs you expect to use every day.

[ST] Nope. I like my program names to be descriptive and really dislike SMS talk.

Cursing at Mac users for the number of shiny devices they can connect their computers to.

[ST] Again a nope. I can connect more things to my Linux machine and have them work off the bat than I could on a Mac. Sure some of the software is more polished on a Mac but from a connectivity perspective my Linux machine can connect to pretty much anything (sometimes a bit of tinkering might be required).

Either cursing that they need root, or cursing because they ran something as root that they really shouldn’t have.

[ST] Had this issue only when I was first starting out. After a little while things become automatic, if I run a root command as a non-root user, I just have to prepend sudo to it (or copy it to the root terminal). Accidentally running a command as root on the other hand is a much bigger issue. Haven’t done it in a while now but it is something to be careful of. I set the prompt to let me know what machine I am connected to and as what user so it makes it easier to spot if you are in the wrong window.

Believing a windowing system is a very clever way of having lots of command lines on screen at the same time. Like screen only less clever.

[ST] I really don’t get people who think like this and unfortunately there are folks who are like this. They think they are cleverer than everyone else and love putting others down.

Arguing with each other over which distribution to use.
Arguing with BSD users over their OS of choice.

[ST] This is a fight that I still see every once in a while but things have calmed down quite a bit from the earlier days where a question about which is the best distribution would ignite a flame war.

Arguing over whether to use a GUI or command line.

A lot of people think that using a command line makes you superior to other users, I think that you should use whatever works best for you at that point in time for the task you are doing. For example, if I am editing a video or sorting images I will prefer to use a GUI but for other tasks I prefer using the commandline. At the end of the day the idea is to get the work done, not argue about what is the best interface to do the work in.

Arguing about whether Emacs or vi is better. (Obviously vi is way better. No question. Unless you’re Richard Stallman or another member of the Church of Emacs.)

[ST] I prefer vi because it is installed by default on all Linux systems so if I ever have to recover from a crashed system I have an editor that I can use to edit files. Emacs is fine but I prefer vi / Notepad++ / kwrite for general editing.

Arguing about which language is the best for writing scripts (essentially the modern-day equivalent of the Tcl Wars between Tcl and GNU Guile’s implementation of Scheme).

[ST] I have no idea about the TCL wars and don’t really care what language you use for writing scripts. I have written scripts in Bash, Perl and Python for the automation and scripting I had to do and the language was chosen based on 1) What I was trying to do and how complicated the logic was 2) If I was trying to learn a new language the script was written in that language.

Complaining that we’re calling it Linux and not GNU/Linux.
Interjecting for a moment to explain why it’s actually GNU/Linux
Complaining that we’re calling it Open Source and not Free Software.

[ST] Complaining about the fact that someone calls it Linux and not GNU/Linux is just annoying and doesn’t make you look knowledgeable it makes you annoying. Technically they are correct but Linux is the expected usage and no, I am not about to start calling it GNU Linux just because some idiot thinks I should do so.

Constantly complaining about virtually all sorts of random, obscure problems such as their computer randomly shutting itself off at 9 pm on Mondays.

[ST] This is not just Linux users, any person who is a power user will face these kinds of issues and will ask around on how to fix them. General users will just get the helpdesk to come fix their systems for them.

Complaining that this list is not indexed from 0.

No, I don’t number my lists from 0. Just because Arrays are indexed from 0 doesn’t mean that I have to number everything starting from 0. However, I do prefer that the ground floor (1st floor in the US) be called the 0th Floor (or G Floor) instead of 1st floor like they do in the US because that’s how they do it in the rest of the world.

Believing that time started on January 1970.

๐Ÿ™‚ No comments ๐Ÿ™‚

Being able to understand this list.

Ha ha… I think any person actively working with computers like a sysadmin/programmer would understand this list.

I think the list should be updated but it did make me smile so I guess that is a win ๐Ÿ™‚

– Suramya

February 21, 2023

Fixing problems with nvidia-driver on Debian Unstable after latest upgrade

Filed under: Computer Software,Linux/Unix Related,Tech Related — Suramya @ 10:54 PM

Earlier today I ran my periodic update of my main desktop that is running Debian Unstable. The upgrade finished successfully and since a new kernel was released with this update I restarted the system to ensure that all files/services etc are running the same version. After the reboot the GUI refused to start and I thought the problem could be because of a NVIDIA kernel module issue so I tried to reboot to an older kernel but that didn’t work either. Then I tried running apt-get dist-upgrade again which gave me the following error:

root@StarKnight:~# apt-get dist-upgrade 
Reading package lists...
Building dependency tree...
Reading state information...
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 nvidia-driver : Depends: nvidia-kernel-dkms (= 525.85.12-1) but 515.86.01-1 is installed or
                          nvidia-kernel-525.85.12 or
                          nvidia-open-kernel-525.85.12 or
                          nvidia-open-kernel-525.85.12
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

So I ran the apt –fix-broken install command as recommended and that failed as well with another set of errors:

root@StarKnight:/var/log# apt --fix-broken install
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Correcting dependencies... Done
0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.85.12-1) | nvidia-kernel-525.85.12 | nvidia-open-kernel-525.85.12 | nvidia-open-kernel-525.85.12; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  Package nvidia-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.

dpkg: error processing package nvidia-driver (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 nvidia-driver
E: Sub-process /usr/bin/dpkg returned an error code (1)

Looking at the logs, I didn’t see any major errors but I did see the following message:

2023-02-21T19:48:27.668268+05:30 StarKnight kernel: [    3.379006] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  515.86.01  Wed Oct 26 09:12:38 UTC 2022
2023-02-21T19:48:27.668286+05:30 StarKnight kernel: [    4.821755] NVRM: API mismatch: the client has the version 525.85.12, but
2023-02-21T19:48:27.668287+05:30 StarKnight kernel: [    4.821755] NVRM: this kernel module has the version 515.86.01.  Please
2023-02-21T19:48:27.668287+05:30 StarKnight kernel: [    4.821755] NVRM: make sure that this kernel module and all NVIDIA driver
2023-02-21T19:48:27.668288+05:30 StarKnight kernel: [    4.821755] NVRM: components have the same version.

Searching on the web didn’t give me a solution but since I am running the Debian Unstable branch it is expected that once in a while things might break and sometimes they break quite spectacularly… So I started experimenting and tried removing and reinstalling the nvidia-driver but that was failing as well because the package was expecting nvidia-kernel-dkms version 525.85.12 but we had 515.86.01-1 installed. 

root@StarKnight:~# apt-get install nvidia-driver
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  nvidia-driver
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 0 B/494 kB of archives.
After this operation, 1,398 kB of additional disk space will be used.
Selecting previously unselected package nvidia-driver.
(Reading database ... 439287 files and directories currently installed.)
Preparing to unpack .../nvidia-driver_525.85.12-1_amd64.deb ...
Unpacking nvidia-driver (525.85.12-1) ...
dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.85.12-1) | nvidia-kernel-525.85.12 | nvidia-open-kernel-525.85.12 | nvidia-open-kernel-525.85.12; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  Package nvidia-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.

Now I had a couple of options, first was to wait for a couple of days (if I am lucky) for someone to upload the correct versions of the packages to the channel. The second option was to remove the package and installed the Open Source version of the Nvidia driver. I didn’t want to do that because that package is a memory hog and doesn’t work that well either. The last option was to try to manually install the older version (525.85.12) of the nvidia-kernel-dkms package and this is what I decided to go with, a search on the Debian Packages site gave me the .deb file for nvidia-kernel-dkms and firmware-nvidia-gsp (a dependency for the dkms package). I downloaded both the packages and installed them using the following command:

root@StarKnight:/home/suramya/Media/Downloads# dpkg -i firmware-nvidia-gsp_525.85.12-1_amd64.deb 
root@StarKnight:/home/suramya/Media/Downloads# dpkg -i nvidia-kernel-dkms_525.85.12-1_amd64.deb

Once the packages were successfully downgraded I rebooted the system and the GUI came up without issues post the reboot.

Moral of the story is that you need to be prepared to have to troubleshoot your setup if you are running Debian Unstable or Debian Testing on your system. If you don’t want to do that then you should stick to Debian Stable which is rock solid or one of the other distributions such as Ubuntu or Linux Mint etc.

– Suramya

February 20, 2023

Fixing SSL error 61 on Citrix Workspace on Debian

Filed under: Computer Security,Computer Tips,Linux/Unix Related,Tech Related — Suramya @ 9:38 PM

Was trying to connect to a Citrix Workspace and kept getting the following error “You have not chosen to trust “Entrust Root Certification Authority – XX”, the issuer of the security certificate (SSL error 61)“. I have hit this error in the past and had fixed it but couldn’t find my notes from how I had fixed it back then, so I had to resort to searching on the web based on vague memories of how I had fixed. After a bit of effort I found two solutions that people had suggested:

Solution 1:

Create a symbolic link pointing the /opt/Citrix/ICAClient/keystore/cacerts directory to /usr/share/ca-certificates/mozilla/ , using the command below as root:

mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts.bak
ln -s /usr/share/ca-certificates/mozilla/ /opt/Citrix/ICAClient/keystore/cacerts

Unfortunately, this didn’t resolve the problem for me.

Solution 2:

The second solution people recommended was to link /opt/Citrix/ICAClient/keystore/cacerts directory to the /etc/ssl/certs/ directory, using the command below as root:

mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts.bak
ln -s /etc/ssl/certs/ /opt/Citrix/ICAClient/keystore/cacerts

After I linked the directory to /etc/ssl/certs things immediately started working without errors. This time I am blogging about it so that the next time I don’t waste time trying to find the solution.

– Suramya

December 21, 2022

“Linux is a meme and only autistic people use it” brainstorm from an anonymous coward

Filed under: Humor,Linux/Unix Related,My Thoughts — Suramya @ 8:28 PM

It is funny how people will make up stuff to explain why Linux (or any other OS) is difficult and why the person making the pronouncements can’t get it to do what they want it to do. Recently, the screenshot below came up in my feed and it made me laugh. As per the author only autistic people use Linux and everyone else “has just fallen for the meme”.


Linux is only for Autistic People

I have been using Linux almost full time since 2001 and am definitely not autistic. I can’t identify trains by their sounds and instead of not being able to talk to girls, according to some I sometimes talk too much. I have no interest in learning the names of the cast for any TV show and as far as I can tell I am leading a pretty normal life.

The genius who penned this (and I am of half a mind that this is just someone trolling Linux users) doesn’t seem to know that it is used to power 96.3% of the world’s top web servers and Android is based on Linux as well. It is the world’s 3rd most popular OS (after Windows and Mac) and while it has its own quirks it def doesn’t need you to know the in’s and out of the computer in order to use it. In fact in my experience, it is easier to install Linux and have a functional setup than it is to install Windows as Windows requires a lot of extra stuff to be installed in order to be productive while in Linux most of that is already pre-installed or built-in.

This was good for a laugh so I wanted to share it here.

– Suramya

November 15, 2022

Extracting Firefox Sites visited for archiving

Filed under: Computer Software,Linux/Unix Related,Tech Related — Suramya @ 3:01 AM

I have been using Firefox since it first version (0.1) launched back in 2003. At that time it was called Phoenix but had to change its name due to a trademark claim from Phoenix Technologies to Firebird which was then renamed to Firefox. Over the years I have upgraded in place so I had assumed that all my Browser History etc was still safely stored in the browser. A little while ago I realized that this wasn’t the case as there is a history page limit defined under the about:config. The property is called 

places.history.expiration.transient_current_max_pages: 137249

and on my system it is configured for 137249 entries. This was a disappointment as I wanted to save an archive of the sites I have visited over the years so I started looking at how to export the history from Firefox from the command line so that I can save it in another location as part of my regular backup. I knew that the history is stored in a SQLite database so I looked at the contents of the DB using a SQLite viewer. The DB was simple enough to understand but I didn’t want to recreate the wheel so I searched on Google to see if anyone else has already written the queries to extract the data and found this Reddit post that gave the command to extract the data into a file.

I tried the command out and it worked perfectly with just one small hitch. The command would not run unless I shutdown Firefox as the DB file was locked by FF. This was a big issue as it meant that I would have to close the browser every time the backup ran which is not feasible as the backup process needs to be as transparent and seamless as possible.

Another search for the solution pointed me to this site that explained how to connect to a locked DB in Read Only mode. Which was exactly what I needed, so I took the code from there and merged it with the previous version and came up with the following command:

sqlite3 'file:places.sqlite?immutable=1' "SELECT strftime('%d.%m.%Y %H:%M:%S', visit_date/1000000, 'unixepoch', 'localtime'),
                                                   url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER BY visit_date;" > dump.out

this command gives us an output that looks like:

28.12.2020 12:30:52|http://maps.google.com/
28.12.2020 12:30:52|http://maps.google.com/maps
...
...
14.11.2022 04:37:17|https://www.google.com/?gfe_rd=cr&ei=sPvqVZ_oOefI8AeNwZbYDQ&gws_rd=ssl,cr&fg=1

Once the file is created, I back it up with my other files as part of the nightly backup process on my system. In the next phase I am thinking about dumping this data into a PostgreSQL DB so that I can put a UI in front of it that will allow me to browse/search through the file. But for now this is sufficient as the data is being backed up.

I was able to get my browsing history going back to 2012 by restoring the oldest Firefox backup that I have on the system and then extracting the data from it. I still have some DVD’s with even older backups so when I get some time I will restore and extract the data from there as well.

Well this is all for now. Will write more later.

– Suramya

Older Posts »

Powered by WordPress