ScratchDrive

The following blog post is a plug, feel free to ignore it if you don’t want to be advertised to.

Web Hosting
I have recently completely overhauled and redesigned the ScratchHosting.com website and added many new updates. Web Hosting accounts now start at $1.99 with 5000MB of storage and unmetered transfer. Unlimited domains, subdomains, databases, and email accounts are now included for free! We also have a beefy new server that is drastically being under-utilized, this needs to change!

WebHosting Features:

• cPanel control panel
• PHP, MySQL, CGI, PERL, SSI
• Unlimited MySQL Databases!
• Unlimited Domains / Subdomains
• Unlimited FTP Accounts
• Fantastico Auto Installer
• Unlimited POP3, SMTP, IMAP, WebMail

ShoutCast Servers
With the launch of the new site I also launched Shoutcast streaming servers at competitive prices. Again all packages now come with unmetered bandwidth, no caps, and no overage fees. Plans start at $2.99 and come with intuitive DJing software from WHMSonic to keep your mixes going non-stop.

Shoutcast Features:

• WHMSonic control panel
• 2000MB local storage
• AutoDJ with full administration, AutoMix, and Shuffle.
• Realtime radio statistics
• sc_serv.conf management GUI

Game Servers
I have also just added Game Server hosting at 75¢ per slot. Packages start at $6.00 and include 10000MB of storage for maps and mods, as always bandwidth is unmetered. Our servers are located in a premium Chicago location featuring low latency (ping times) and direct peering with all Comcast subscribers.

Games Supported:

• Call Of Duty
• Call Of Duty 2
• Call Of Duty 4
• America’s Army
• Unreal Tournament 2004
• Unreal Tournament 3
• Half Life — Counter Strike
• Half Life 2 — Counter Strike
• Wolfenstein Enemy Territory
• Battlefield 1942
• Battlefield 2142
• Battlefield 2
• Battlefield Vietnam
• …And more to come.

Don’t forget to use the coupon code “scratchdrive” when checking out to receive 10% off your order, and ALL subsequent payments!

I don’t know if it’s bad marketing or if I’ve just been living under a rock but back in the first quarter of 2007 PayPal released a dual layer authentication login device called the “PayPal Security Key”. The Security Key is a simple, cheap, and effective way of increasing the security of your online shopping transactions through PayPal and eBay. The device costs a mere $5 and is retard-proof-easy. After activating the device every time you login to your PayPal or eBay account you will be asked to press the button on your Security Key and enter the confirmation code in to the online form. Brilliant! I don’t understand why anyone who uses PayPal on a regular basis wouldn’t jump on this great product.

Get yours:
https://www.paypal.com/securitykey

Ever since I made the move from OS X to Linux on my main desktop machine there has been one lingering application I have missed and missed dearly in Leopard. Time Machine. I am, always have been, and always will be a backup whore. We all know how important it is to backup your files, but hardly any of us really do it consistently. Time Machine changed that skepticism lingering in my mind and presented an easy to use automatic backup solution that even my mother could figure out. I like how it was run every hour and only copied files with changes, using system links for the remaining files in the directory. I have been in search for an application this easy and well put together for Linux and up to now I haven’t been impressed with what’s been out there. Sure I could write a script to use rsync to do what I want and cron it accordingly but this doesn’t cater very well to the consumerist or novice user. Also why should I when the fine folks at macantoni.de already have?

Eloy:
Eloy is an incredibly easy to use command line backup system which works very similar to Time Machine. You simply edit one conf file defining the directories to backup and the directories to ignore and let Eloy take care of all the backups and changes. Eloy also uses system links so you can easily list the changes from backup to backup and restore older versions of files and directories. Definitely check it out if you’re in need of a lightweight easy to use backup solution similar to Time Machine for your Linux box.

Links:
Max Antoni Software Development
Eloy project homepage

Shortly after purchasing my new Quickcam Pro 9000 off of eBay for $60 (before shipping charges) I became increasingly annoyed with it’s performance on my main Desktop machine running Ubuntu. As always I checked hardware compatibility before buying, and sure enough the Ubuntu team lists the Logitech Quickcam Pro 9000 in their supported webcam hardware. As with most devices with Ubuntu the install was deceivingly not as easy as you would hope out of a distribution claiming to be the “Linux for human beings”.

Upon unpackaging and plugging it in Ubuntu recognized with no configuration. dmesg shows it has loaded the UVC driver and everything seems to be working well. Programs like cheese, luvcview, and Camorama are working moderately well with no further configurations needed. However the quality from the device was nothing near what I was getting when using with Vista. Something was wrong. To top it off using the camera with Skype was a disaster. As shown in the following gif the bottom third of the video feed would become “stuck” while the top 2/3 were not affected.

Browsing the Ubuntu Forums I found fixes that claimed to have worked for other people, but didn’t satisfy my problems. In the end what really stabilized my Skype experience was SVN’ing the most current UVC drivers and compiling them myself, along with a configuration fix to Skype.

svn checkout svn://svn.berlios.de/linux-uvc/linux-uvc/trunk
cd trunk
make

Edit the makefile and change “INSTALL_MOD_DIR := usb/media” to “INSTALL_MOD_DIR := ubuntu/media/usbvideo”

sudo make install
sudo modprobe -r uvcvideo
sudo modprobe uvcvideo

The quality of my overall Quickcam greatly improved, especially when using luvcview and upping the resolution to 960×720. But even after switching to the newest UVC driver Skype was still having problems. Video would now simply get stuck and the call would be dropped. The fix for this was Skype specific, go figure.

Edit ~/.Skype/<your username>/config.xml and add the following before <config/>:
<Video>
<AutoSend>1</AutoSent>
<CaptureHeight>600</CaptureHeight>
<CaptureWidth>800</CaptureWidth>
<Device>/dev/video0</Device>
<Fps>25</Fps>
</Video>

Video in Skype doesn’t get stuck now and it has been very stable. The quality is still not on par when using the camera with Vista/XP but at least it’s working.

Jailkit simply put is a way to ‘jail’ shell users to a limited environment with a specific list of commands.

Jailkit is a great solution for the Linux admin who wants to confine his/her users to a certain list of commands, and also a very confined and secured user directory. Jailkit automates chrooting users to their home directory and in doing so gives the admin full control over what they can and cannot do in their own private environment. Jailkit is perfect for hosting secure shell or IRC accounts to the general public without all the stress of having your users in the same working environment as the fully privileged users. This also could be used as a very half-assed ghetto version of allowing users their own virtual environments, or VPSes.

I’ll leave the documentation up the developers here but definitely look in to it if you want a free and easy way to offer secure shells to your users.

Links:
Jailkit Homepage
Download Jailkit
Gentoo Jailkit Howto

vnStat is a cute and simple network monitoring CLI application for Linux/BSD that I have grown to love over the years. vnStat is not comparable to it’s big brothers mrtg or ntop as it is much simpler and displays only bare-bone transfer statistics but what vnStat lacks in features it makes up in aesthetics and ease of use. vnStat is the perfect solution if you are merely looking for rough transfer counts without all the fancy hoopla.

vnStat works by pulling information from the /proc filesystem so there’s no fancy traffic sniffing going on and your CPU doesn’t take a hit. Best of all you don’t need root privileges to run!

Download Source:
http://humdi.net/vnstat/

Installing:
Gentoo:
“sudo emerge -av net-analyzer/vnstat”
Debain/Ubuntu:
“sudo apt-get install vnstat”

“vnstat -u -i eth0 (or whatever your network interface is)”
“crontab -e” and add “*/5 * * * * ~/bin/vnstat -u”

That’s it! Let your logs grow and have fun.

I have a system monitoring script for my UNIX administration class due for Thursday.. If I plan on getting fancy I might just create a similar front-end for CPU load, IO wait times, memory usage, etc. We’ll see.

Examples:

I recently purchased/built my new desktop computer after selling my long admired PowerMac G5. Over the years I have found myself slowly drifting away from the Apple scene and becoming more accustomed to the Linux side of things. The dual 2.0GHz G5 has preformed well over the years but as software has become more intensive I’ve found the Mac to no-longer be cut out for what I wanted to do. Stuttering while decoding even the most minimalistic H.264 720p content on Apple’s own trailer website and barely being able to play Unreal Tournament 2004 above 35FPS was not a very enjoyable experience. The long awaited Leopard, although improved esthetically, taxed my old-world PPC hardware even more, leaving my experience mixed.

But enough about my old computer, let’s talk about what’s under the hood of my new machine.

All hardware was purchased from NewEgg.com and the order at the time totaled $1273.

Case: Antec p182 — Link
Coming in with a NewEgg newsletter $30 promo code and a $50 mail-in-rebate this case was an amazing buy. I cannot find any cons to this case outside of the fact it didn’t ship with a midget entertainer. It’s elegant, has amazing cable management, and is the perfect size.

Motherboard: GIGABYTE GA-EP35-DS3P — Link
With 8 SATA ports, 4 DDR2 1200 slots, 2 PCI Express X16 slots, and 8 channel onboard audio this board was an amazing buy. Plenty of BIOS options for the overclocker enthusiast and out-of-the-box Linux support made this purchase enjoyable.

Processor: Intel Core2Quad Q6600 — Link
It’s fast. Do I really have to say anymore? Teamed up with the Zalman CNPS9500 heatsink this baby easily overclocks from 2.4 to 3.2GHz. You won’t be disappointed if you choose to purchase this processor.

Graphics card: MSI NX8800GT 512M OC — Link
This card screams. Playing UT2004 on Linux at over 200FPS, UT3 on Vista at the max 60FPS, and Crysis with all settings on high at 30FPS this card packs an amazing punch for it’s price.

Memory: Corsair XMS2 (2 x 2GB) – Link
It’s RAM, it overclocks nicely, and it looks good.

Hard drives: Western Digital WD740ADFD 74GB Raptor — Link
Western Digital WD5000AAJS 500GB – Link
The Raptor obviously screams. Load times are amazing and I don’t find myself walking away from the computer while it’s booting to go take a piss anymore.
The WD5000AAJS 500GB so far has performed well. Just your standard 7200RPM disk, nothing special. A good buy from a reliable manufacture.

Other components, no problems here.
Antec NeoPower Power Supply -- Link
Sony 20X DVD±R Burner — Link

Pictures:

Software:
As many of you know, I’m usually an excessive Gentoo pusher. All of my home Linux systems up to now have run Gentoo, and I love it dearly. It’s still running on 3 of the 4 Linux systems in my house, but we now have a new edition to my OS family.

I started off the Install with a Vista/Gentoo dualboot on the raptor with the 500GB drive mounting as /home in Linux and as a K: drive in Vista using Ext2IFS, a kernel module that ads ext2 support to the Windows operating system. Everything outside of X11 was working fine. I was running Gnome/Compiz Fusion on the latest nVidia 8800GT driver (169.12) and numerous other GTK applications which were running unusually sluggish. Although it was working, something was wrong. Xorg was using up to 1 processing core sitting idle. I’m not an idiot, I know how to set up Xorg, and I ensure you everything was done correctly. Upgrading to the masked Portage beta version of Xorg (7.3) didn’t seem to help. Frustrated after a days work of Gentoo compiling I said “fuck it”, backed up my /etc directory and installed Ubuntu.

Anyone who has known me for more than a day knows that I have a profound hate for Ubuntu. I’ve stated in the past that it’s utter bloatware and disregarded it as a newbie distribution with no ground in the enthusiast’s or power-users marketshare. Obviously the install was easy, used the SAME nVidia driver installer and my previous Gentoo Xorg config and what do you know? — Everything works as it should. I’m running the same version of Xorg as I was on Gentoo with identical configurations. My USE flags on my Gentoo Xorg were nothing out of the normal, I have setup Xorg on numerous occasions in Gentoo with no problem. I still have no idea what was going wrong and why the Gentoo compiled X11 was eating so many CPU cycles, but I do plan on installing Gentoo on another partition in the near future to see if I have the same problem again; perhaps after they release 2008.0.

Upon using Ubuntu I’ve also taken a step out of my Enlightenment DR17 adoration to try out a Gnome/Compiz Fusion setup, and so far I’ve been, well, enlightened. I won’t bother going in to detail about Compiz as I’m sure you’re all familiar with it but so far it’s been a superb Expose replacement/killer. View my example video below. Good night.

Video:

This guide will teach you the basics of DVD encoding using MEncoder, the H.264 and AAC encoders, and the Matroska wrapper. Take note that H.264 is a very hardware intensive codec and this guide’s purpose is to output extremely high quality rips.

What you will need:
MPlayer compiled with encoding support (MEncoder)
Matroska media wrapper
faac AAC audio encoder

How to compile with Gentoo:
echo "media-video/mplayer* a52 aac amr divx4linux dts live mad matroska theora win32codecs xvid alsa arts esd oss dvd dvdread encode gtk truetype aalib dv mp2 quicktime srt vobis x264 xinerama xv v4l v4l2 mp3 vorbis" >> /etc/portage/package.use && emerge media-video/mplayer media-video/mkvtoolnix media-libs/faac

Using these Portage USE flags in Gentoo will be more than enough to encode DVDs to H.264 with AAC 5.1 channel audio as well as playback most any video/audio with MPlayer.

Other distributions installation:
MPlayer/MEncoder
Matroska
faac

Step 1, Inspect DVD structure.
A) Insert/mount DVD
B) Use mplayer to locate desired media titles and chapters you want to encode.
mplayer dvd:// -identify
– Notice the title, chapter, audio, and subtitle streams listed. You will want to jot these down for later use.
C) Construct your MPlayer playback command.
– For my example DVD (The Matrix) I want to skip over the beginning Warner Brothers and Village Roadshow ads. Since these ads aren’t located in their own chapter I have to use the -ss option (skip seconds) to skip the first 29 seconds of bullshit.
mplayer dvd://1 -chapter 1 -ss 00:00:29
D) Get cropping information.
mplayer dvd://1 -chapter 1 -ss 00:00:29 -vf cropdetect
– Check crop
mplayer dvd://1 -chapter 1 -ss 00:00:29 -vf rectangle=YOUR_CROP
E) Combine results
mplayer dvd://1 -chapter 1 -ss 00:00:29 -vf crop=YOUR_CROP

Step 2, Encoding video (2 passes) to H.264
A) Encode the first pass of the video. This will take quite some time depending on how fast your processor is. Keep patient. You may want to tweak the bitrate setting depending on how big you want your output file to be.
mencoder dvd://1 -chapter 1 -ss 00:00:29 \
-ovc x264 -nosound -sws 2 -vf crop=YOUR_CROP,pullup,softskip,harddup \
-x264encopts bitrate=1500:ref=16:bframes=16:subq=6:me=esa:mixed-refs=1: \
direct=auto:weightb=1:brdo=1:bime=1:merange=32: \
analyse=all:no-fast-pskip=1:pass=1 -ofps 24000/1001 -o /dev/null


B) Encode the second pass.
– Change “pass=1″ to “pass=2″ and “-o /dev/null” to “video.mp4″
mencoder dvd://1 -chapter 1 -ss 00:00:29 \
-ovc x264 -nosound -sws 2 -vf crop=YOUR_CROP,pullup,softskip,harddup \
-x264encopts bitrate=1500:ref=16:bframes=16:subq=6:me=esa:mixed-refs=1: \
direct=auto:weightb=1:brdo=1:bime=1:merange=32: \
analyse=all:no-fast-pskip=1:pass=2 -ofps 24000/1001 -o video.mp4


Step 3, Audio track encodes.
A) Extract audio channel to raw wav. (Select aid from Step 1. The first audio track is usually 128, secondary 129, etc.
mplayer dvd://1 -chapter 1 -ss 00:00:29 -aid 128 -vc dummy -vo null -ao pcm -channels 6 <--- Set the channel parameter to how many channels the audio source has. (6 channels for 5.1 surround, 2 for stereo sound)
B) Encode raw wav using faac.
faac -q 100 -I 5,6 -R 48000 -C 6 -X audiodump.wav -o 128.mp4 <--- Again change the "-C" parameter to how many channels your audio dump has.
C) Repeat steps A/B for subsequent audio tracks.

Step 4, Extract subtitles.
mencoder dvd://1 -chapter 1 -ss 00:00:29 -vobsubout subtitles -vobsuboutindex 0 -sid 0 -nosound -ovc copy -o /dev/null

Step 5, muxing with Matroska
mkvmerge -o video.mkv -A video.mp4 --language 1:eng 128.mp4 --language 0:eng subtitles.idx

Step 6, enjoy.
You now should have a functional .mkv wrapped H.264/AAC rip. Playback using VLC or your mplayer binary.

My Matrix rip quality example:

I realize that I left a lot of information out and skipped some basic steps that may seem trivial to me but I hope this gives you a good base guide on encoding a DVD to H.264 and AAC using MEncoder. I’d also like to throw some thanks towards reikon as he taught me most of what I know about MEncoder and encoding in general. For more information on encoding using MEncoder check out the following guides:
http://www.mplayerhq.hu/DOCS/HTML/en/mencoder.html
http://www.mplayerhq.hu/DOCS/HTML/en/menc-feat-dvd-mpeg4.html
http://gentoo-wiki.com/HOWTO_Mencoder_Introduction_Guide

Recently I got fed up with the Broadcom (bcm43xx) minipci chip that came with my notebook for it’s lack of usable native Linux drivers and having to constantly mess with ndiswrapper upgrades and fixes that I decided to buy a new Atheros based chip (AR5004X series). The chip went for $18.95 on eBay and runs at an impressive 108MBPS; it works very well with my Netgear WGT624 access point. The install was painless as all Atheros based chips seem to be. Just plug in the chip and install the madwifi drivers.

For Gentoo:
emerge net-wireless/madwifi-ng
Yey! Now I actually have monitor support!

Short from using it for basic home networking I wanted to test this baby out in the field. What better way than to go on a basic wardriving trip? — Oh wait with GPS.

I also recently purchased a Garmin SteetPilot C320 off of eBay for $85.01. It’s an older model but still preforms quite well; reception is fairly decent and it hasn’t lead me driving into a lake, yet.

The Garmin GPS Linux driver is an easy install as it is included with newer 2.6 kernels. Just cd into your kernel directory and “make menuconfig” or “genkernel –menuconfig” if you’re using Gentoo and Genkernel.

Enable the Garmin USB driver as shown below.

Device Drivers-->
USB Support–>
USB Serial Converters–>
[*] USB_Garmin

Exit the menuconfig to invoke the compile, update your grub.conf if needed. It is also wise to backup your previous kernel and config just in case something goes horribly wrong.

Reboot in to your new kernel and plug in your GPS. Run dmesg to make sure everything is working correctly.

dmesg

usb 2-2: new full speed USB device using ohci_hcd and address 2
usb 2-2: configuration #1 chosen from 1 choice
usbcore: registered new interface driver usbserial
drivers/usb/serial/usb-serial.c: USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
drivers/usb/serial/usb-serial.c: USB Serial Driver core
drivers/usb/serial/usb-serial.c: USB Serial support registered for Garmin GPS usb/tty
garmin_gps 2-2:1.0: Garmin GPS usb/tty converter detected
usb 2-2: Garmin GPS usb/tty converter now attached to ttyUSB0
usbcore: registered new interface driver garmin_gps
drivers/usb/serial/garmin_gps.c: garmin gps driver v0.31

Note where the device has been attached to. Mine is located at /dev/ttyUSB0, but yours might be different depending on what else you have running, check and make sure.

Now to install the programs we will be needing.
gpsd
kismet

These packages are very common and are included in most default repositories, Google around to find how to install on your distribution. Make sure that the gpsd binary has USB support.

On Gentoo run:
echo "sci-geosciences/gpsd* X usb" >> /etc/portage/package.use && emerge gpsd kismet
Configure your /etc/kismet.conf file for your wireless chip and be sure to enable gps support as well as logging information.

Change your "suiduser" to your normal account name
Change your “source” to reflect your wireless chipset and device. (source=madwifi_g,wifi0,kismet) for me
Change the “gps” parameter to “true”
Finally change your “logtemplate” to save the logs where you want them, this is important as we will be using these later.

Finally start everything up and make sure it works!
Turn on your GPS, make sure it has signal, and plug it in.
gpsd -p /dev/ttyUSB0 -d localhost:2501
If you get no error continue on to starting up kismet.

If all is working right you will see your local wireless access points as well as GPS coordinates within kismet. Here’s a screenshot of Kismet/GPS from my toilet.

Notice the GPS coordinates at the bottom of kismet, if you don’t see these you have something set up wrong.

Once you’re done wardriving use “shift+Q” in Kismet to exit and save the logfiles. This is VERY important, don’t just “ctrl+c”.

Next we will download/run kismet-earth on our log files:
http://www.niquille.com/kismet-earth/

Make sure you have php compiled with xml support!

On Gentoo run:
echo "dev-lang/php* xml xmlreader xmlwriter simplexml" >> /etc/portage/package.use && emerge php
The script will output a Google Earth compatible file (kml).

You can even upload the information to Google Maps!

Feel free to download my kml file kismet-earth generated.
Click.

Isn’t it annoying when you open your secure.log file to see hundreds of failed shell connections coming from some Russian asshole who thought it would be a good idea to randomly brute force not only your password, but your username?

One way to prevent this is to limit the amount of SSH connections using iptables. The following iptables rules will limit the amount of connections on port 22 to 5. If this number of connections is reached iptables will deny access to the user’s IP for 2 minuets.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set;
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 120 –hitcount 5 -j DROP;

Another more aggressive method would be to install knockd on your server.

For those of you who are unfamiliar with knockd it is basically a tactic to keep ports closed unless the proper ‘knock’ is received. This can be very effective for masking a server from an outsider’s eyes.

For demonstration purposes I will be using Gentoo Linux as my distribution of choice to further explain this concept.

First you need to make sure that iptables support has been compiled in to your kernel. If iptables is not compiled in cd to your kernel directory and run “make menuconfig” or “genkernel –menuconfig” depending on which method you use for compiling your kernel. Add support for “Network packet filtering”, compile your kernel, edit your grub.conf if necessary, and reboot your system.

Networking-->
Networking options–>
[*] Network packet filtering (replaces ipchains)

Now that your kernel has the added iptables support you can install the needed packages. (Again I am demonstration on a Gentoo system, use whatever package managing system that fits your distribution.)

$ emerge net-firewall/iptables
$ emerge net-misc/knock

Once iptables and knockd have been installed the next step is to write your daemon confs. Bellow is an example for securing SSH on port 22.

/etc/knockd.conf

[opencloseSSH]
sequence = 5578,4687,3123 #Change this sequence for a custom knock
seq_timeout = 5
tcpflags = syn
start_command = /sbin/iptables -A INPUT -s %IP% -p tcp –dport 22 -j ACCEPT
cmd_timeout = 10 #This is the amount of time the knocker has to connect, change it accordingly.
stop_command = /sbin/iptables -D INPUT -s %IP% -p tcp –dport 22 -j ACCEPT

In Gentoo to add knockd to your bootup sequence run “rc-update add knock default”.
Start knockd by using “/etc/init.d/knock start”.

knock clients are available for Linux, Windows, and OS X at the knockd homepage (http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki)