Category Archives: ubuntu

apache, encryption, fedora, kodi, linux, mysql, ubuntu, website building, xbmc

Making MySQL serve UTF8 correctly

If the MySQL server decides that its default environment is UTF8, and that its client actually wants Latin1, it will translate the return values.

I’ve never before had to be careful of the distinction. Perhaps once in a blue moon I would have a record with a “real” quotation mark or a character with an accent, but if it didn’t work correctly, it was never much of a bother.

Once it became important, I had to understand what was happening. I have a table that has filenames in it, and some of those filenames contain characters (a acute, e grave, o umlaut, etc). The actual files on disk have the names encoded in utf8. The records in the database are also recorded in utf8. But the records were being translated by mysql from utf8 to latin1 as they came in. So “Mamá” was recorded on disk as Mam\xc3\xa1 in the directory, and in the database, but when I got the row into memory, the filename field said Mam\xe1. The difference between latin1 and utf8 for this purpose, is that all these many “western/latin special characters” were actually mapped in latin1 to values within the 256 characters available with 1 byte. So the first 128 in the latin1 codespace were ordinary ascii, and the high order 128 had as many of the western/latin diacriticals as possible crammed in there. And in latin1, e9 is a-acute.

But on the web these days, utf8 is much preferred. Latin1 is ok if all you want is the carefully selected subset of 128 characters that can be shoehorned into the high end of the code-point space. But utf8 is a far more general solution. Using a multibyte sequence to represent over a million characters and special symbols.

Turns out mysql has a bunch of variables to control character set and collating sequence. With phpmyadmin, one can look at database->Variables and see characters_set_database, character_set_filesystem, character_set_result, character_set_server, character_set_system, and a bunch more. Or in mysql client one can show varaiables like ‘%character_set%’;

My problem was that the server had come up believing that some of these were set to utf8 and some were set to latin1. I haven’t tried to figure out the logic of how it figures out its default – I don’t want it to default, I want to tell it what I want. So the solution was to add the directive: “character-set-server=utf8” to the mysql configuration file (on cinnamon it was /etc/mysql/mysql.conf.d/mysqld.conf. After restarting all of the relevant character_set_xxx variables come up as utf8.

Update: 8/9/17

I used these changes also on oregano and tarragon, but it results in a different problem for me on blogforacure data. The blogforacure database, built a long time ago, has lots of tables in latin1. There are not a lot of non-ascii characters, but there are a few. One frequent source is people typing double space after a period, which the ckeditor tries to preserve by creating a non-breaking space, which is hex A0 in latin 1. When the site reads this back, if mysql is told that the database is actually utf8, then it displays this as Â. So if I see a bunch of A circumflex in the output, it means I actually have latin 1 characters in the database, which I am interpreting as if they were utf-8.

Removing the specification of character-set-server=utf8 causes the negotiation to give the right result, and the latin1 non-breaking space appears correctly in the output.

fedora, linux, ubuntu, virtualization

Reinstalling Libvirtd

I hosed up the configuration of libvirt on Cinnamon, trying to change the network definition.
It was so fouled up I decided to remove and reinstall libvirtd-bin, qemu, and virt-manager.
After the reinstall, the default network did not reappear, and I went looking for how to reinstall it. In the end I had to piece together various information, but the upshot is that the definition of networks for libvirt is in /usr/share/libvirt/networks. This directory was missing for me, and I had to recreated it:

root@cinnamon:~# mkdir /usr/share/libvirt/networks
root@cinnamon:~# cd /usr/share/libvirt/networks
root@cinnamon:/usr/share/libvirt/networks# touch default.xml
root@cinnamon:/usr/share/libvirt/networks# chmod 0777 default.xml
root@cinnamon:/usr/share/libvirt/networks# emacs default.xml

What I put into the file was:
<network>
<name>internal&lt;/name>
<bridge name=”virbr0″ />
<forward/>
<ip address=”192.168.122.1″ netmask=”255.255.255.0″>
<dhcp>
<range start=”192.168.122.2″ end=”192.168.122.254″/>
</dhcp>
</ip>
</network>

linux, ubuntu

Getting a Gnome desktop in VNC under Ubuntu

There is a lot of old and wrong data out on the net about this. I think it is because of the continuing evolution of the desktop environment/gnome/unity etc., most of which I don’t understand.

Below is the overall approach I use, and some things I had to do to make it work. I will use as an example getting up a vnc viewer screen on oregano showing a gnome desktop on cinnamon. Interestingly, it proved much harder on cinnamon (running Wily Werewolf) than on pepper or the Butcher box named kodi, both of which are running Trusty Tahr.

On oregano the file /usr/local/bin/<remote hostname> contains a script to make an ssh connection to <remote hostname> and also to establish various ssh tunnels to that hostname (for example, to look at databases). In the case of hosts where I want to be able to open a graphical environment using vnc, the script will contain the following, among other things (here the remote host is cinnamon, and the port numbers in the command aren’t important, except that the “:3” has to match the “5903”. Selecting the port numbers carefully beccomes important if one has multiple such connections in play at once):

ssh uname@cinnamon vncserver -geometry 2400x1200 :3
ssh -L *:5901:localhost:5903 -g uname@cinnamon

which runs the vncserver command on cinnamon as user uname. The vncserver command looks for an xstartup file under ~/.vnc/xstartup. That file is the key. The (important) contents of the file are (line folding is not in the file):

#!/bin/sh
unset SESSION_MANAGER
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
gnome-session --disable-acceleration-check –session=gnome-flashback &

I think that the parameter –disable-acceleration-check is still required, as of this writing, but it is one thing I put in to try to solve the problem, and then had to do other things, and I haven’t yet gone back to test without it. In any case I’m pretty sure it can’t hurt, because acceleration is what we don’t have. (Update: I later found pepper didn’t work correctly till I put it in).
Continue reading Getting a Gnome desktop in VNC under Ubuntu

linux, mysql, ubuntu

MYSQL on Ubuntu 15.10

I haven’t researched whether this has changed, in 15.10, or whether it has been this way since ubuntu switched to systemd, which is probably the case.

Under systemd, ubuntu no longer uses the /etc/init.d/mysql script, but instead uses a systemd unit in /lib/systemd/system/mysql.service which invokes /usr/bin/mysqld_safe to start and stop mysqld.

I have had a lot of trouble with this, and had to do a lot of debugging to figure out what is going on. Probably I would not have had trouble if I were not trying to port over a running mysql installation manually, i.e. if I just installed mysql-server and proceeded to create new databases, new entries in mysql etc.

One issue is that a mysql install creates a file in /etc/mysql called debian.cnf which contains a user/password for user debian-sys-maint with a generated password, and this is put into the mysql users table, to enable various operations to be performed by mysqladmin using these credentials.

The first problem was that when I copied over the mysql table from the previous installation, I was copying in the old password for debian-sys-main, which didn’t match the debian.cnf file which was installed when I did the apt-get install mysql-server. So I had to read the debian.cnf file, extract the password and change the password in the mysql table.
Continue reading MYSQL on Ubuntu 15.10

backup, cloud, linux, ubuntu

S3cmd on ubuntu 15.04

After installing ubuntu 15.04 my backups to S3 stopped working.

I tried running them manually to see what was happening and I got errors – some goofy stuff about the url I was using net.wmbuck.backups….s3.amazonaws.com not being part of *s3.amazonaws.com. When I searched the net I found that there was a change in python 2.7.9 having to do with evaluating certificates, and some conflict with the wildcard cert being used by Amazon S3, with the result that there is an error which occurs whenever an S3 bucket happens to contain the “.” character in its title.

My buckets are all named net.wmbuck.x so I am vulnerable to this error.

There is a fix for this in S3cmd version 1.6.0 but the latest ubuntu as of this writing has only S3cmd 1.5.x and attempting to upgrade using apt-get doesn’t get anything new.

I did an apt-get remove of s3cmd, and then downloaded a tarball, and installed it into /usr/local/bin.

Ubuntu 15.10 will be coming out next month, and when I get around to installing that perhaps the version of s3cmd will have the fix.

top of page

kodi, linux, mac, ubuntu, video, xbmc

Notes on setup of HDHomeRun, tvheadend, kodi live tv

HDHomeRun provides a source of tv in htsp format. They provide an app for windows/linux/mac which enables watching the tv stream directly, and changing channels. They also provide a Kodi Add-on which allows watching the streamed material directly from there. However, this is just watching, and doesn’t enable the guide, PVR etc.

To use the built in features in Kodi for “live tv”, you have to have another piece of software, which Kodi calls the “backend”. There are apparently different backends supporting different hardware, but one of the backends is called “tvheadend”, and it supports HDHomeRun, and is supported by Kodi.

The tvheadend software has to be installed. apt-cache search tvheadend shows:
tvheadend – Tvheadend
tvheadend-dbg – Debug symbols for Tvheadend
kodi-pvr-tvheadend-hts – Kodi PVR Addon TvHeadend Hts – PVR API:1.9.2
kodi-pvr-hts – TVHeadEnd PVR for Kodi
kodi-pvr-hts-dbg – debugging symbols for TVHeadEnd PVR for Kodi

The “kodi-pvr” bits are kodi add-ons that have to be added to kodi (in linux only) in order to provide the api between kodi and the backend. Kodi for mac and windows has the pvr bits included, but they have to be added in linux.After the apt install, add-ons->my add-ons->PVR clients,  select TVHeadend HTSP Client and configure it, then Activate it.

Since the kodi I watch is on coriander (the mac mini), the pvr stuff is already installed with kodi. I only needed to install the tvheadend piece somewhere, and I put it on cinnamon where the large file media array is, so that PVR recorded material can be stored there too.
Continue reading Notes on setup of HDHomeRun, tvheadend, kodi live tv

fedora, linux, ubuntu

Cyrus-Imap Administration

Every time I have to mess with cyrus-imap mailboxes I spend a half hour trying to figure out how to get cyradm to run. While I have by no means figured it all out, I do have one piece of lore worthy of being written down.

My imap server forbids plaintext logins unless they are within a TLS session, so /etc/imapd.conf has the setting allowplaintext: 0

But, cyradm uses imap authentication (witness all the failed attempts to get cyradm to authenticate putting entries in the /var/log/secure log using pam_unix imap:auth). The problem of course is that cyradm doesn’t have a tls session, so allowplaintext rejecting the plaintext password.

Reset /etc/imapd.conf to allowplaintext:1 temporarily, systemctl restart cyrus-imapd, and then, as root,  cyradm tarragon. Make all the mailboxes you want. Then reverse and turn plaintext back off.

cloud, encryption, fedora, linux, ubuntu, website building

Managing passwords on this server

This blog is running on my wmbuck.net server, tarragon, in the Amazon cloud. This server, in addition to hosting this blog, hosts about 20-25 websites (for friends, most of them very low traffic), including my own. It also operates mail for myself and a few others, and provides some other services.
One of the weaknesses has been that most of the people who use the server aren’t really very unix literate, and they don’t really WANT to be. Perhaps they want a website, or they want to have a good place to manage their mail. But in general, the last thing they want is to learn how to ssh into the server to change their password.
So, for most of them, they just use whatever password I set up for them.
One of my friends, who just began using mail on the server, was surprised that it was not convenient to change his password. That spurred me to address the long standing problem. How to let people manage their password for access to services.
The blog now has a new menu on the left, for access to the backend, and for linking to the reset-password screen. There is also a reset password link on the login page https://wmbuck.net/index/login.
The same password is used for all the wmbuck.net stuff: the password for access to mail, the password to get access to protected websites in apache, and the password for logging in to the wmbuck.net backend website.
Continue reading Managing passwords on this server

boinc, fedora, linux, ubuntu

Boinc client: No usable GPUs

The first thing I had to do to get this to work was to obtain the updates for GPUs, for ubuntu this was boinc-amd-opencl.

Then I had to add into /etc/init.d/boinc-client the xhost command, which would give access to the GPU to the boinc username.

The information on the web was wrong about this. The command I had to add was:

xhost si:localuser:boinc

si means server interpreted, and the kinds of strings accepted are described in man xsecurity. Localuser implies a local username. The web articles I found claimed one needed to do xhost local:boinc, but the description of xhost:local is that it doesn’t take a username, and it makes LOCAL connections available. Which sounds good, but didn’t work. After doing xhost local:boinc it was the same as if I had just done xhost local, and I got an entry “LOCAL” when I did xhost, but it didn’t work.

fedora, javascript, linux, ubuntu, website building, zend_framework

Apache Configuration Issues

Trying to set up a new Zend Framework (ZF) website, I struggled once again with getting the setup correct. I learned some lessons, and this post is supposed to help me remember them.

First, the requirements.

1) ZF websites need rewrite rules to force all the urls through index.php so the can be picked apart. Also, ZF websites using the ZF config mechanisms need an APPLICATION_ENV php variable set somewhere in the site configuration, so the website can figure out where it is running and make hosting specific decisions (like, e.g. where the database will be, whether to turn on debugging, etc.).

2) I want to keep the website in a repository, and check it out onto different web-hosts  for testing, development, production. So any configuration stuff which is web-host specific should not be in the repository but in the host configuration files.

3) Although the urls for the ZF website need to be rewritten to index.php, there may be other urls (like phpmyadmin) that should not be rewritten. So the configuration has to allow for this. In particular on some websites (like wmbuck.net) the website itself redirects non-logged in users to the blog (this blog) with a redirect to /blog/. The rules need to allow normal handling of this url (to select /blog/index.php) in the normal way.

The rewrite rules and application environment stuff can be put in an .htaccess file within the DocumentRoot. Most ZF documentation describes doing it this way. But for me, at least the application environment variable can’t be here because everything under DocumentRoot is in the repository. So I want APPLICATION_ENV oregano on one box, APPLICATION_ENV tarragon on another box, and if I put this in .htaccess, and .htaccess is in the repository the file can only have one or the other setting.
Continue reading Apache Configuration Issues