Author Archives: apomeroy

IMAP mailstore migration .. again

Posted on by

So last weekend, I discovered that Spamhaus decided it would be a good idea to place all of the public IP addresses for Slicehost (my Linux VPS hoster) into their Spamhaus block list (SBL). This covered both my slice in Dallas and the one in St. Louis – meaning an impressive chunk of inbound mail to my domains was being trashed by the sending MTA and an even bigger chunk of my outbound mail was being outright rejected since the sending IP’s were on the SBL.  Slicehost worked hard to convince Spamhaus to recind the blocklist, so the Slicehost IP’s got moved over to the less-nasty-but-you’re-still-probably-a-spamming-dirtbag Policy Block list (PBL) assuming affected IP owners would request to be removed from that list.

Sample query to see if you’re on any Spamhaus block list:  http://www.spamhaus.org/query/bl?ip=10.11.12.13

It seems it’s time to relinquish the care and feeding of my own Postfix mail system and turn to a hosted solution.  This means I need to migrate about 5GB of IMAP store to another site (again).  Last time I did a wholesale migration, I used imapsync to make the transition painless. In the code example below, an SSL connection to the IMAPS server at imap-server.sourcedomain.com is made with username@sourcedomain.com and the password stored in the plaintext file secret1. An SSL connection is made to the target system (which happens to be the server on which the imapsync tool is running, but could just as easily be another IMAPS server somewhere on a network accessible to the host where imapsync is running). The –delete and –expunge1 arguments will clean the successfully moved messages from IMAP store #1 .. so be sure you have your messages on the target successfully! Imapsync can be run iteratively to ensure you have got all the messages from your source.


/usr/bin/imapsync \
--host1 imap-server.sourcedomain.com \
--ssl1 \
--authmech1 LOGIN \
--user1 username@sourcedomain.com --passfile1 secret1 \
--host2 127.0.0.1 --user2 username@targetdomain.com --passfile2 secret2 \
--ssl2 \
--delete --expunge1 \
--buffersize=128

And one can use the

--dry

option to just test the process but not actually move any of the messages.

So that’s it – I’m about half way though migrating my current IMAP stores over to a hosted mail solution, so that I don’t need to keep up with the increasing level of care and feeding that running your own mail service requires.  Before I get too many darts about that .. I first started running my own personal MTA in 1995, adding spam and av filtering over time, and adding substantial redundancy (servers, sites, storage) so I could rely on it and fix things that broke as I had time rather than right when they broke (which was always at a bad time).  My new hosted solution takes over from two VPS servers running Postfix, Spamassassin, ClamAV, Greylisting with the IMAP store replicated across data centers in different states (15 minute rsyncs).  So soon, the (hopefully) last Allen Pomeroy owned and operated MTA can be turned off, while I get to work on fun stuff, rather than figuring out why my email is bouncing.  🙂

Update 2012/12/17:

Sometimes manual manipulation of your mailstore via IMAP is needed, so here’s how I deleted a large number of folders I had trashed and were being synced to my new system from the old.  Kinda clunky, since I didn’t get the scripted version to work (just used a copy/paste in an interactive bash session), but got the job done for now.

Connect to the IMAP server using SSL:
openssl s_client -crlf -connect imap.emailsrvr.com:993

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Server ready director6.mail.ord1a.rsapps.net

Log in with your email credentials:
0 login user@domain.com Password

0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in

List the folders you want to remove:
0 list "" "Trash.*"

That didn’t return the list I was expecting, so I listed all folders
0 list "" "*"

… and realized the source mail system adds “INBOX” on the front of the folder names, so then this command worked to list the folders to be deleted:
0 list "" "INBOX.Trash.*"

I copied the output and edited it to insert the folder name into a delete command:
0 delete "INBOX.Trash.Folder1"
0 delete "INBOX.Trash.Folder2"
0 delete "INBOX.Trash.Folder3"

0 OK Delete completed.
0 OK Delete completed.
0 OK Delete completed.

Finish off the session by logging out:
0 logout

* BYE Logging out
0 OK Logout completed.
closed

How to secure your home PC

Posted on by

Whether you have a Mac or a Windows PC, there are some basic steps you can take to reduce the risk and personal impact of a malware infection.  This advise is especially impactful when you have just purchased a new Mac or Windows system. There are several steps that you can take to protect your new investment and more importantly your information. In the following detail, I mainly focus on Windows as that’s the main technology that my non-IT type friends ask about.

Basically what you should be doing is:

  1. Ensure that a hardware firewall/router is in between the internet and the PC (I’ll just call it a firewall from now on)
    • Use a recognized brand name like Linksys, avoid the no-name generics as they often have bad defaults and don’t implement the stateful-packet-inspection that you want to filter out most of the cruft on the Internet from reaching your PC
  2. Ensure all default passwords on the firewall and PC have been changed
    • When you initially turn on the power to your PC and to your firewall, do NOT have them connected to your cable or DSL modem initially.  Do the setup of your firewall and PC first in order to ensure malware doesn’t have a chance to get at your shiny new PC before you’ve turned on the needed protection
    • Point a browser to your firewall (likely 192.168.0.1 or 192.168.1.1) and change the default administrator password.  This is very important, as some malware will seek out your firewall and try to use the manufacturer default password to change things like your DNS server settings – inserting the bad guys in between you and the rest of the Internet (eg. forcing your traffic to them first before it goes to your bank)
  3. All normal accounts used for day-to-day business on the computer should NOT have administrator privilege (see my post on running without admin privileges)
    • On Windows XP, Vista (and I think 7), the default “user” that accesses the PC has full administrative privilege, that enables software  installation and configuration changes.  This is very dangerous, as malware that you come in contact with from infected emails or websites use this privilege to install their spyware, keyloggers, backdoors and other nasty stuff on your PC – without your explicit permission
    • Set a password for your Administrator account
    • Create a new user right away, before you setup your email, music, photos, documents, etc; ensure that new user is NOT a Computer Administrator
    • Always login with this non-Administrator username for your day-to-day use; only use the Computer Administrator username for software installation and configuration changes.
  4. Never surf the Internet with an account that has administrative privilege
  5. If this is a common PC for a business, ensure employees accounts are individually assigned (if practical). Ensure those employee accounts are not administrators (unless there is a need and a high degree of trust)
  6. Run a good commercial anti-virus program with annual software support (or a subscription)
    • There are some good free AV packages (AVG, Clamwin, Avast) .. Google them for the links
    • Sophos makes a good Mac AV package .. yes, Macs are vulnerable to malware as well; it’s just not as prevalent
  7. Finally ensure regular (daily) backups are being run to protect your business, financial, customer information from loss if there is a problem with the PC
  8. For setup of your wireless access point (if you have one .. sometimes it’s built into the router/firewall)
    • Chose wireless encryption of at least WPA or WPA2 .. never use WEP or no encryption
    • There is no significant increase in security by obscuring your network name (SSID)
    • Don’t use any personally identifiable information in your network name

If you are unsure of how to do any of these steps, get one of your computer knowledgeable friends to help you.  Of course if you are purchasing a new system right now, I’d strongly recommend you check out Apple’s Mac products.  They’re not immune to malware, but the architecture and core are by design much less vulnerable to the types of malware that plague Windows.

FreeMind mind mapping tool

Posted on by

Have you ever had a daunting task that just seemed like a nightmare to get your head around how to organize it? If you’re like me, you try to find some patterns in all the individual elements that make up whatever the topic is you’re trying to get a handle on. The patterns may not come easily, and even if they do, it’s usually a pain to try and re-categorize an element as you see fit (ever tried to create lists and categorize things in Excel??).

I came across a tool that one of my clients uses called FreeMind – it’s a Java app that allows you to enter a number of text elements and reorganize them in a hierarchical fashion.

FreeMind example

FreeMind example

Ok, one can do that with an unstructured word processor document or a spreadsheet, but FreeMind allows you to dump all these random ideas onto the page then drag and drop into categories or tags that make sense as you’re rearranging the elements.

So after about an hour of dropping in ideas around areas of improvement for the IT security of one of my clients, I had over 250 elements organized into 8 high level categories and about 18 subcategories. It was grouped well enough to lead discussions on what the current priorities for their programmes should be. If I had attempted this in a spreadsheet (and I had) it would have taken hours and untold frustration – not to mention I probably would have missed relationships that I could see in FreeMind.

If I had attempted this in a spreadsheet (and I had) it would have taken hours and untold frustration

FreeMind icons

FreeMind icons

You can add icons to each element to make labeling and categorization easier. Best to check out the FreeMind home page as it is a feature rich tool. From the project Wiki, typical uses include:

  • Keeping track of projects, including subtasks, state of subtasks and time recording
  • Project workplace, including links to necessary files, executables, source of information and of course information
  • Workplace for internet research using Google and other sources
  • Keeping a collection of small or middle sized notes with links on some area which expands as needed. Such a collection of notes is sometimes called knowledge base.
  • Essay writing and brainstorming, using colors to show which essays are open, completed, not yet started etc, using size of nodes to indicate size of essays. I don’t have one map for one essay, I have one map for all essays. I move parts of some essays to other when it seems appropriate.
  • Keeping a small database of something with structure that is either very dynamic or not known in advance. The main disadvantage of such approach when compared to traditional database applications are poor query possibilities, but I use it that way anyway – contacts, recipes, medical records etc. You learn about the structure from the additional data items you enter. For example, different medical records use different structure and you do not have to analyze all the possible structures before you enter the first medical record.
  • Commented internet favorites or bookmarks, with colors and fonts having the meaning you want

What a great tool .. I’m sure I’ll find more uses for it!

Windows/AD Notes

Posted on by

Find all the AD groups a particular user belongs to:
dsquery user -samid username | dsget user -memberof

Find all members of an AD group:
dsquery group -samid groupname | dsget group -members

Find all inactive users:
dsquery  user -disabled -inactive 12

 

Building a web security lab (with VMware Fusion)

Posted on by

Problem: VMware machines load boot loader immediately, no BIOS banner, so can’t get into BIOS to alter boot settings.
Solution: Edit the vm’s .vmx file and add the line:

bios.bootDelay = "5000"

which adds a 5000 millisecond (5 second) delay to the boot, or add:

bios.forceSetupOnce = "TRUE"

to make the VM enter the BIOS setup at the next boot.

Problem: VMware Fusion 3.0 doesn’t give a way to edit the virtual network settings via the GUI.
Solution: To change the subnet used by the NAT or HostOnly networks, go root in Mac OS X and edit

/Library/Application Support/VMware Fusion/networking

and set the following lines to the subnets desired:

answer VNET_1_HOSTONLY_SUBNET 192.168.35.0
answer VNET_8_HOSTONLY_SUBNET 10.10.1.0

To add additional custom isolated host only VLANs, also edit the networking file and add additional VNET definitions. There can apparently only be 8 VLANs with VLAN 1 and 8 already pre-defined.

answer VNET_2_DHCP no
answer VNET_2_HOSTONLY_NETMASK 255.255.255.0
answer VNET_2_HOSTONLY_SUBNET 10.10.21.0
answer VNET_2_VIRTUAL_ADAPTER yes
answer VNET_3_DHCP no
answer VNET_3_HOSTONLY_NETMASK 255.255.255.0
answer VNET_3_HOSTONLY_SUBNET 10.10.22.0
answer VNET_3_VIRTUAL_ADAPTER yes
answer VNET_4_DHCP no
answer VNET_4_HOSTONLY_NETMASK 255.255.255.0
answer VNET_4_HOSTONLY_SUBNET 10.10.23.0
answer VNET_4_VIRTUAL_ADAPTER yes

Now create your vm with as many network interfaces as you have separate VLANs (vnet) then edit the node.vmx vm configuration file and change the interfacename.connectionType to custom, and define the VLAN (vnet) that interface will attach to:

#ethernet0.connectionType = "nat"
ethernet0.connectionType = "custom"
ethernet0.vnet = "vmnet3"

Also realize that VMware will take the .1 host address on each vmnet – so you cannot assign .1 to any of your VMs.

Problem: Ubuntu 9.10 persistent network configuration (stores the MAC address of network adapters), so if you copy a machine, by default Ubuntu will setup a new logical adapter (eth1) since the MAC address has changed (when you answer I Copied It in VMware).
Solution: Tell VMware you copied the machine, so it will chose a unique MAC address. Boot Ubuntu into single user mode (another article on that to follow) then edit the MAC address associated with eth0.

sudo vi /etc/udev/rules.d/70-persistent-net.rules

find the stanza of the network interface in question (NAME=”eth0″) and set the following ATTR tag to the new MAC address:

ATTR{address}=="new-mac-address-here"

Electronic Health Records in Alberta

Posted on by

Thinking of the challenges associated with creating electronic healthcare records for all healthcare users in Alberta. Typical government projects don’t have the best track record for maintaining proper security architecture, much less implementation. Starting to dig into this for my next paper, and I’m somewhat underwhelmed with what I see. Do we have a choice to opt out? Is there any way to ensure our health records don’t get compromised and exposed publicly? I guess I’ll be searching for some answers.

Sifting through Checkpoint FW1 logs

Posted on by

Recently I found myself in the unhappy position of needing to sift through slightly more than a billion Checkpoint Firewall-1 log lines, looking for specific patterns of access. The problem was that many of the exported fwm log files had differing column positions and there had been many ruleset changes over the course of 11 months worth of log data. Many of the excellent FW1 log summarization tools (such as Peter Sundstrom’s fwlogsum) didn’t handle the hundreds of files and differing column positions.

The final scripted solution was processing over 11,000 lines/second .. and still took over 23 hours for the first run.

Log file exports via fwm logexport can have variable column positioning, except for record ID number “num”, which is *always* column number one.  I see three viable alternatives to the changing column position in the ASCII log files exported via fwm – so we can automate the log processing:

  • Export the FW1 log file to ASCII via
    fwm logexport -i fw1-binary-logfile -o fw1-ascii-logfile.txt -n -p
    1. Parse the header line (line #1) of every log file and dynamically map (rearrange) the columns to a pre-determined standard in memory before further processing (painful, expensive)
    2. Tell Checkpoint fwm to export in a fixed column ordering
        create
        logexport.ini
        and place in
        $FWDIR/conf directory
        eg. fwmgmtsrv:
        C:\WINDOWS\FW1\R65\FW1\conf
        logexport.ini:
        [Fields_Info]
        included_fields = num,date,time,orig,origin_id,type,action,alert,i/f_name,
        i/f_dir,product,rule,src,dst,proto,service,s_port,xlatesrc,xlatedst,
        nat_rulenum,nat_addtnl_rulenum,xlatesport,xlatedport,user,
        partner,community,session_id,ipv6_src,ipv6_dst,
        srckeyid,dstkeyid,CookieI,CookieR,msgid,elapsed,
        bytes,packets,start_time,snid,ua_snid,d_name,id_src,ua_operation,
        sso_type_desc,app_name,auth_domain,uname4domain,wa_headers,
        result_desc,r_dest,comment,url,redirect_url,enc_desc,e2e_enc_desc,
        auth_result,attack,log_sys_message,
        rule_uid,rule_name,service_id,resource,reason,cat_server,
        dstname,SOAP Method,category,ICMP,message_info,
        TCP flags,rpc_prog,Total logs,
        Suppressed logs,DCE-RPC Interface UUID,Packet info,
        message,ip_id,ip_len,ip_offset,fragments_dropped,during_sec
    3. Use OPSEC LEA tools to extract event log records instead of export via fwm logexport

    Once the ASCII log files are available for processing, my fw1logsearch.pl script can be used to find complex patterns of interest.  Any matching records found by fw1logsearch will be output with an initial FW1 header line so that fw1logsearch can be used iteratively, to build very complex search criteria.  fw1logsearch can also write out a discard file allowing completely negative logic searches resulting in 100% of the input data separated into a match file and a didn’t match file.  Some examples of how I’ve used it are shown here:

    gunzip -c fwlogs/2009*gz | \
    fw1logsearch.pl --allinclude \
    -S '10\.1\.1[1359]\.|10\.2\.1[01]\.|192\.168\.2[245]\.' \
    -d '10\.1\.1[1359]\.|10\.2\.1[01]\.|192\.168\.2[245]\.' \
    -p '^1310$|^1411$|^1812$|^455' | \
    fw1logsearch.pl -S '192\.168\.22\.14$|10\.2\.11\.12$' |\
    fw1logsearch.pl --allexclude \
    -S '^192\.168\.24\.12$' -P '^1310$' --rejectfile 192-168-24-12-port-1310.txt

    Line by line:
    1. Unzip the compressed ASCII log files, feed them to the first instance of fw1logsearch.pl
    2. First fw1logsearch – all conditions must be true for any events to match
    Source address must NOT be in any of the following regex ranges:
    10.1.11.* 10.1.13.* 10.1.15.* 10.1.19.*
    10.2.10.* 10.2.11.*
    192.168.22.* 192.168.24.* 192.168.25.*
    Destination address must be in one of the same following regex ranges.
    Service (destination port) must be one of:
    Exactly port: 1310, 1411, 1812, or any port starting with 455
    No protocol is specified, so it will match either TCP or UDP

    fw1logsearch.pl will output any matching events to stdout, including a FW1 log header line, so the next instance of fw1logsearch.pl continues filtering the result set.

    3. The second fw1logsearch.pl specifies Source Address must not be any of the following
    192.168.22.14

    10.2.11.12

    4. The last fw1logsearch.pl excludes port 1310 from 192.168.24.12, and puts all those records into a separate reject file, while writing the other records to stdout.

    This script has been used to process over 4 billion records within the project I wrote it for – and precisely found all the use of particular business cases I needed to modify.  The result was zero outages and no unintended business interruption.

    Basic syntax/help file:

    Usage:  fw1logsearch.pl
    [-a|–incaction|-A|–excaction <action regex>]
    [-p|–incservice|-P|–excservice <dst port regex>]
    [-b|–incs_port|-B|–excs_port <src port regex>]
    [-s|–incsrc|-S|–excsrc <src regex>]
    [-d|–incdst|-D|–excdst <dst regex>]
    [-o|–incorig|-O|–excorig <fw regex>]
    [-r|–incrule|-R|–excrule <rule-number regex>]
    [-t|–incproto|-T|–excproto <proto regex>]

    [–dnscache <dns-cache-file>]
    [–resolveip]
    [–allinclude]
    [–allexclude]
    [–rejectfile <file>]
    [–debug <level>]

    fw1logsearch.pl will search a fwm logexport text file for regex patterns specified for supported columns (such as service, src, dst, rule, action, proto and orig).

    Include and exclude regex matches may be specified on the same line, although they both will include (print) a line or exclude (reject) a line based on single matches.  Allinclude or Allexclude must be specified to force a match
    only on all specified column regex patterns.

    Regex patterns can be enclosed with single quotes to include characters that are special to the shell, such as the ‘or’ (|) operator.

    Header will be output only if there are any matching lines.

    Example invocations:
    $ cat 2008-07-07*txt | \
    fw1logsearch.pl \
    -p ’53|domain’ \
    -d ‘192.168.1.2|host1|10.10.1.2|host2’ \
    -o ‘192.168.2.3|10.10.2.4|10.10.4.5’ \
    -S ‘64.65.66.67|32.33.34.35|10.10.*|192.168.*’ \
    –resolveip
    Will require destination port (service) to be 53, destination IP to be any of 192.168.1.2, host1, 10.10.1.2, or host2  the reporting firewall (origin) to be any of 192.168.2.3, 10.10.2.4, or 10.10.4.5  and the source IP must not be
    any of 64.65.66.67, 32.33.34.35, 10.10.*, or 192.168.*  Any lines that match this criteria, will display and the orig, src, and dst columns will use the default DNS cache file (dynamically built/managed) to perform name resolution, replacing the IP addresses where possible.

    Include regex patterns:
    -a  –incaction    Rule action (accept, deny)
    -b  –incs_port    Source port (s_port)
    -p  –incservice   Destination port (service)
    -s  –incsrc       Source IP|hostname
    -d  –incdst       Destination IP|hostname
    -o  –incorig      Reporting FW IP|hostname
    -r  –incrule      Rule number that triggered entry
    -t  –incproto     Protocol of connection

    Exclude regex patterns:
    -A  –excaction    Rule action (accept, deny)
    -B  –excs_port    Source port (s_port)
    -P  –excservice   Destination port (service)
    -S  –excsrc       Source IP|hostname
    -D  –excdst       Destination IP|hostname
    -O  –excorig      Reporting FW IP|hostname
    -R  –excrule      Rule number that triggered entry
    -T  –excproto     Protocol of connection

    Other options:
    –debug {level} Turn on debugging
    –dnscache      Specify location of DNS cache file to be used with
    the Resolve IPs option
    –resolveip     Resolve IPs for orig, src, and dst columns AFTER filtering
    –rejectfile    Write out all rejected lines to a specified file

    Download fw1logsearch.pl

    Mac OS X Command Line notes

    Posted on by

    Encrypted Filesystems with Sparse Bundles
    Mac OS X offers encrypted filesystems through sparse bundles.  To mount up a sparse bundle, given the password used to create the bundle, use the hdiutil:

    hdiutil attach -verbose -readonly /path/to/sparse.bundle.directory

    This will mount up the sparse bundle located at the directory path specified.  To unmount the sparse bundle, use:

    hdiutil detach /Volume/sparse.bundle.name

    Adding entries to /etc/hosts
    Although simply editing /etc/hosts should work, there are times where the new entries may not be recognized, in these cases the OS X name cache daemon needs to be kicked:

    dscacheutil -flushcache

    Mac OS X Hostnames
    Although you can change the hostname of your Mac OS X device through the System Control Panel -> Sharing, the following command line can lock the name so DHCP and other dynamic networking protocols don’t mess up your hostname (from RichardBronosky):

    sudo hostname my-permanent-name

    sudo scutil –set LocalHostName $(hostname)

    sudo scutil –set HostName $(hostname)

    Handy Command Lines
    Command line short cuts:

    pmset -g batt   Show battery status

    launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist; sleep 1; launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist Reload syslog daemon

    SHA Hash on Mac OS X
    Mac OS X doesn’t have sha256sum, but does have openssl, so the following can compute a SHA256 hash:

    openssl dgst -sha256 Fedora-17-x86_64-DVD.iso

    How to build a MythTV PVR on Fedora Core 7

    Posted on by

    <Notes In Progress – many of these steps have been automated in scripts, I’m in the process of updating this doc to show those steps and include the scripts>

    Fresh install of OS and MythTV on n43

    Created 2007/09/05 – last revised 2008/01/06

    I needed to upgrade MythTV to 0.20.2 due to the demise of Zap2It schedules, but I didn’t have another system which matched the hardware used on my MythTV PVR.  So I installed a spare 120GB EIDE and started from scratch to build another MythTV instance from scratch.  Once I was satisfied the new instance would pass the SAT (spouse approval test), I used LVM to move everything over to the 320GB SATA disk which currently contains the old (production) MythTV sw and configuration.

    This describes that build and migration process. 

    Hardware (n43):

    Antec Fusion HTPC case

    antec-fusion

    AMD Sempron processor (about 1.6GHz)
    512MB memory – good enough for single tuner and OS
    Hauppage PVR-350 standard definition capture card

    Integrated on to mainboard:
    Audio:
    ALC883 PCM nVidia MCP51 controller – kernel module snd-hda-intel (high definition audio)
    Video:
    nVidia C51 – Quadro NVS 210S / GeForce 6150LE
    nVidia EIDE and SATA controller – …

    1. Install OS

    Seems to be lots of hits on Fedora 7 and MythTV, as well the reading I’ve done on Fedora 7 seems to show it can be easily kept up to date (via yum) – and it has the OS clustering capabilities as part of the base now, which I’ll use when I split the current single system making it the back end and adding a silent (diskless) front end.

    Downloaded and burnt Fedora 7 i386 DVD. For future options, extracted and burnt boot.iso … also see notes on how to install Fedora 7 via boot.iso and NFS. (notes to be added)

    Disabled SATA hdd in BIOS (could have unplugged it, but easier to just disable via sw).
    Used DVD drive in n43 to install Fedora 7 on the temporary EIDE drive.
    Select packages for install:
    MySQL Server
    Web Server

    See scripts for automated Fedora 7 OS setup and package install (setup1.shl, setup2.shl) (scripts to be added)

    About 25 min off DVD for base load

    Setup (first time boot):
    Firewall – allow SSH and HTTP, otherwise no inbound services other than ESTABLISHED,RELATED are needed at this point. Will open MySQL and ICMP for monitoring purposes later. When this system becomes the MythTV backend, will have to add MythTV ports (see FAQ).
    SELinux – disable, will add SE configuration at some future point.
    NTP – use default Fedora 7 NTP service configuration, time sync is obviously very important (unless you don’t want your recordings to start/end at the right times).

    MythTV seems to heavily use KDE, so although Gnome is default, may need to use KDE. I selected Gnome this time. And KDE this time. And RatPoison is a compact window manager which may be easier to configure for mythtv. Finally I’m using fvwm2 .. more on that later.

    Update /etc/hosts
    192.168.2.143 mythtv.networkforensics.org mythtv n43

    Manually set the interface speed/duplex (gigabit interface doesn’t do well in autonegotiate – poor performance, but no interface errors). Will come back and setup an init script.
    # ethtool -s eth0 speed 100 duplex full

    Add ATrpms repository into yum configuration:
    NOTE: other ATrpm yum configurations on the net don’t work!
    – add the following into /etc/yum.conf
    [atrpms]
    name=Fedora Core $releasever – $basearch – ATrpms
    baseurl=http://dl.atrpms.net/f$releasever-$basearch/atrpms/stable
    gpgkey=http://ATrpms.net/RPM-GPG-KEY.atrpms
    gpgcheck=1

    Import ATrpms key
    # rpm –import http://ATrpms.net/RPM-GPG-KEY.atrpms

    Disable ATrpms repository, so we only get mythtv packages from it:
    – add the following to the atrpms section just added to the /etc/yum.conf:
    enabled=0

    Update the packages to current using the standard Fedora repositories

     

    When following the Fedora / MythTV HOWTO (http://wilsonet.com/mythtv), they use variable KVER which is just uname -r

     

    # echo “export KVER=\\`uname -r\\`” >> /etc/profile.d/kver.sh

     

    Do yum upgrade to get latest kernel and system

    # yum upgrade

    464MB 265 packages

     

    <odd>

    Kernel panic during reboot after upgrade

    Searched on “2.6.22 fedora 7 kernel panic noapic” – lots of suggestions but doing a single boot again, while interrupting the grub boot and adding noapic to the end of the kernel boot line seemed to fix it. Now the grub.conf looks like (note the vga=791 arg):

    default=0
    timeout=5
    splashimage=(hd0,0)/grub/splash.xpm.gz
    hiddenmenu
    title Fedora (2.6.22.4-65.fc7)
    root (hd0,0)
    kernel /vmlinuz-2.6.22.4-65.fc7 ro root=/dev/VolGroup00/LogVol00 rhgb quiet vga=791
    initrd /initrd-2.6.22.4-65.fc7.img
    title Fedora (2.6.21-1.3194.fc7)
    root (hd0,0)
    kernel /vmlinuz-2.6.21-1.3194.fc7 ro root=/dev/VolGroup00/LogVol00 rhgb quiet vga=791
    initrd /initrd-2.6.21-1.3194.fc7.img

     

    Add window manager fvwm here – comes from Fed
    ora repo

    # yum install fvwm2

     

     

    2. No mouse cursor in Gnome

    Seems the nVidia graphics are broken somehow. Must disable hardware cursor?

     

    <URL>

    ok add this line to your xorg.conf

    Option “HWCursor” “off”

    so it looks something like this

    Code:

    Section "Device"
      BoardName    "GeForce 6600/GeForce 6600 GT"
      BusID        "1:0:0"
      Driver       "nvidia"
      Identifier   "Device[0]"
      Option       "HWCursor" "off"
      Screen       0
      VendorName   "NVidia"
    EndSection

    logged out from Gnome, causes an X restart then the mouse cursor showed up properly.

     

     

    3. Set Monitor and Resolution

    In gnome, I manually set the monitor, it could not autodetect the Viewsonic Optiquest V75. Restarted X, had to set the resolution (it defaulted to way too high of a setting)

     

    HOLD:

    As per Fedora MythTV setup guide, install the nVidia drivers:

    # yum -y install nvidia-graphics9755-kmdl-$KVER
    # yum -y install nvidia-graphics9755-libs nvidia-graphics9755

     

    Actually, this is done now by copying in a revised xorg.conf

    [root@mythtv grub]# cat /etc/X11/xorg.conf.1024×768-monitor-only-V75-BEST

    # Xorg configuration created by system-config-display
    Section “ServerLayout”
    Identifier “single head configuration”
    Screen 0 “Screen0” 0 0
    InputDevice “Keyboard0” “CoreKeyboard”
    EndSection
    Section “InputDevice”
    Identifier “Keyboard0”
    Driver “kbd”
    #Option “XkbModel” “pc105”
    Option “XkbModel” “pc101”
    Option “XkbLayout” “us”
    EndSection
    Section “Monitor”
    Identifier “Monitor0”
    ModelName “Monitor 1280×1024”
    HorizSync 31.5 – 79.0
    VertRefresh 50.0 – 90.0
    Option “dpms”
    EndSection
    Section “Device”
    Identifier “Videocard0”
    Driver “nv”
    Option “HWCursor” “off”
    EndSection
    Section “Screen”
    Identifier “Screen0”
    Device “Videocard0”
    Monitor “Monitor0”
    DefaultDepth 24
    SubSection “Display”
    Viewport 0 0
    Depth 24
    Modes “1024×768” “800×600” “720×400” “640×480” “640×400” “640×350”
    EndSubSection
    EndSection


    Turn off screen saver

    Disable unnecessary services

    services=”avahi pcps bluetooth”
    for service in $services; do chkconfig $service off; service $service stop; done

    avahi – DNS service discovery
    pcps – smart card daemon
    bluetooth

     

    4. Set mysql to start on boot

    chkconfig mysqld on

     

    5. Start up MySQL

    service mysqld start

     

    6. Set MySQL root password

    mysql –uroot

    mysql> grant all on *.* to root@localhost identified by “rootpassword” with grant option;

    mysql> grant all on *.* to root@n43 identified by ‘rootpassword’ with grant option;

     

    7. Create MythTV database

    Test out mysql connection, user, password

    # mysql -uroot -prootpassword

    mysql>

     

    Run MythTV database setup

    # mysql -uroot -prootpassword < /usr/share/mythtv/sql/mc.sql

     

    /usr/share/mythtv/sql/mc.sql:
    CREATE DATABASE if not exists mythconverg;
    GRANT ALL ON mythconverg.* TO mythtv@localhost IDENTIFIED BY “mythtv”;
    FLUSH PRIVILEGES;
    GRANT CREATE TEMPORARY TABLES ON mythconverg.* TO mythtv@localhost
    IDENTIFIED BY “mythtv”;
    FLUSH PRIVILEGES;
    ALTER DATABASE mythconverg DEFAULT CHARACTER SET latin1;

    8. Install MythTV Suite

     

    # yum –enable=atrpms install mythtv-suite

    122 packages, 105MB

     

    Create directory for recordings

    # mkdir /storage/recordings

    # chown mythtv:mythtv /storage/recordings

     

    9.
    Install ivtv drivers and firmware for PVR-350

    # yum –enable=atrpms install ivtv-firmware
    # yum –enable=atrpms install ivtv-kmdl-$KVER

     

     

    10. Update modprobe.conf to enable TV Out on PVR-350

     

    # load ivtv-fb for PVR-350 output
    install ivtv /sbin/modprobe –ignore-install ivtv; /sbin/modprobe ivtv-fb

     

    Manually load ivtv

    # /sbin/depmod -a
    # /sbin/modprobe ivtv

     

    Manually tried to load ivtv-fb – segfaulted … see the part of the howto on modifying grub boot loader…

     

    We’re going to make little modification to the kernel boot line in your grub.conf file that should force the ivtv frame buffer to load on /dev/fb1, as well as allow the ivtv-fb module to be loaded and unloaded. Without doing this, unloading the ivtv-fb module would probably crash your system. To the end of all ‘kernel /vmlinuz…’ lines in /boot/grub/grub.conf, append ‘vga=791’, then reboot your system. This tells the kernel to load a frame buffer for your video card at 1024×768, 16-bit color. I use this all the time myself, simply so I can see more when I’m not in X. I’d always done this on my 350-equipped box without even thinking about it, which could explain some of why I’ve not run into some of the problems other folks have…

     

    Note video device:

    [root@mythtv ~]# ls -l /dev/video*

    lrwxrwxrwx 1 root root 6 2007-09-09 18:17 /dev/video -> video0

    crw——- 1 root root 81, 0 2007-09-09 18:17 /dev/video0

    crw——- 1 root root 81, 16 2007-09-09 18:17 /dev/video16

    crw——- 1 root root 81, 24 2007-09-09 18:17 /dev/video24

    crw——- 1 root root 81, 32 2007-09-09 18:17 /dev/video32

    crw——- 1 root root 81, 48 2007-09-09 18:17 /dev/video48

    [root@mythtv ~]#

     

    From dmesg:

    ivtv0: Registered device video0 for encoder MPEG (4 MB)

    ivtv0: Registered device video32 for encoder YUV (2 MB)

    ivtv0: Registered device vbi0 for encoder VBI (1 MB)

    ivtv0: Registered device video24 for encoder PCM audio (1 MB)

    ivtv0: Registered device radio0 for encoder radio

    ivtv0: Registered device video16 for decoder MPEG (1 MB)

    ivtv0: Registered device vbi8 for decoder VBI (1 MB)

    ivtv0: Registered device vbi16 for decoder VOUT

    ivtv0: Registered device video48 for decoder YUV (1 MB)

     

     

    11. Test out PVR-350 TV Out

    As per https://help.ubuntu.com/community/MythTV_Edgy_hardware_pvr-350_TV-out

     

    Try to display the TV test pattern by putting the saa7127 module into test mode:

    # /sbin/rmmod saa7127
    # /sbin/modprobe saa7127 test_image=1

     

    Works!

    Resume normal operation:

    # rmmod saa7127
    # modprobe saa7127

     

     

    Test video capture

    # /usr/bin/v4l2-ctl -i 0

     

     

    12. Manually compile ivtv module for X

    Had to manually compile ivtv driver for x to enable tv out .. due to some 2.6.22 issue.

     

    As per README in ivtv x driver package – must install xorg sdk to allow compile:

    # yum install xorg-x11-server-sdk

     

    Then compile the new ivtv xdriver:

    # sh ./configure

    # make

    # make install

     

    Copy into xorg directory:

    # cp /usr/local/lib/xorg/modules/drivers/ivtv_drv.so /usr/lib/xorg/modules/drivers

    if gdm failed, ps -ef , then kill it to restart

     

    copy in new xorg.conf (with TV Out section) and do <ctrl><alt><backspace> to restart x server

    [root@mythtv ~]# cat /etc/X11/xorg.conf.tvout

    # XFree86 4 configuration created by pyxf86config

    Section “ServerLayout”

    Identifier “Default Layout”

    Screen 0 “Screen0” 0 0

    InputDevice “Mouse0” “CorePointer”

    InputDevice “Keyboard0” “CoreKeyboard”

    EndSection

    Section “Files”

    # RgbPath is the location of the RGB database. Note, this is the name of the

    # file minus the extension (like “.txt” or “.db”). There is normally

    # no need to change the default.

    # Multiple FontPath entries are allowed (they are concatenated together)

    # By default, Red Hat 6.0 and later now use a font server independent of

    # the X server to render fonts.

    RgbPath “/usr/X11R6/lib/X11/rgb”

    # ModulePath “/usr/X11R6/lib/modules/extensions/nvidia”

    # ModulePath “/usr/X11R6/lib/modules/extensions”

    # ModulePath “/usr/X11R6/lib/modules”

    FontPath “unix/:7100”

    EndSection

    Section “Module”

    Load “dbe”

    Load “extmod”

    Load “fbdevhw”

    Load “glx”

    Load “record”

    Load “freetype”

    Load “type1”

    EndSection

    Section “InputDevice”

    # Specify which keyboard LEDs can be user-controlled (eg, with xset(1))

    # Option “Xleds” “1 2 3”

    # To disable the XKEYBOARD extension, uncomment XkbDisable.

    # Option “XkbDisable”

    # To customise the XKB settings to suit your keyboard, modify the

    # lines below (which are the defaults). For example, for a non-U.S.

    # keyboard, you will probably want to use:

    # Option “XkbModel” “pc102”

    # If you have a US Microsoft Natural keyboard, you can use:

    # Option “XkbModel” “microsoft”

    #

    # Then to change the language, change the Layout setting.

    # For example, a german layout can be obtained with:

    # Option “XkbLayout” “de”

    # or:

    # Option “XkbLayout” “de”

    # Option “XkbVariant” “nodeadkeys”

    #

    # If you’d like to switch the positions of your capslock and

    # control keys, use:

    # Option “XkbOptions” “ctrl:swapcaps”

    # Or if you just want both to be control, use:

    # Option “XkbOptions” “ctrl:nocaps”

    #

    Identifier “Keyboard0”

    Driver “keyboard”

    Option “XkbRules” “xfree86”

    #Option “XkbModel” “pc105”

    Option “XkbModel” “pc101”

    Option “XkbLayout” “us”

    EndSection

    Section “InputDevice”

    Identifier “Mouse0”

    Driver “mouse”

    Option “Protocol” “IMPS/2”

    Option “Device” “/dev/input/mice”

    Option “ZAxisMapping” “4 5”

    Option “Emulate3Buttons” “no”

    EndSection

    Section “InputDevice”

    # If the normal CorePointer mouse is not a USB mouse then

    # this input device can be used in AlwaysCore mode to let you

    # also use USB mice at the same time.

    Identifier “DevInputMice”

    Driver “mouse”

    Option “Protocol” “IMPS/2”

    Option “Device” “/dev/input/mice”

    Option “ZAxisMapping” “4 5”

    Option “Emulate3Buttons” “no”

    EndSection

    Section “Monitor”

    Identifier “NTSC Monitor”

    HorizSync 30-68

    VertRefresh 50-120

    Mode “720×480”

    # D: 34.563 MHz, H: 37.244 kHz, V: 73.897 Hz

    DotClock 34.564

    HTimings 720 752 840 928

    VTimings 480 484 488 504

    Flags “-HSync” “-VSync”

    EndMode

    EndSection

    Section “Device”

    Identifier “Hauppauge PVR 350 iTVC15 Framebuffer”

    #Driver “ivtvdev”

    # 2007/09/09 ACP – changed to ivtv

    Driver “ivtv”

    ### change fb1 to whatever your card grabbed

    Option “fbdev” “/dev/fb1”

    Option “ivtv” “/dev/fb1”

    ### change the BusID to whatever is reported by lspci,

    ### converted from hex to decimal

    BusID “PCI:4:6:0” # lspci says 00:08.0

    ### More examples

    #BusID “PCI:0:10:0” # lspci says 00:0a.0

    #BusID “PCI:1:14:0” # lspci says 01:0e.0

    #BusID “PCI:0:5:1” # lspci says 00:05.1

    EndSection

    Section “Screen”

    Identifier “Screen0”

    Device “Hauppauge PVR 350 iTVC15 Framebuffer”

    Monitor “NTSC Monitor”

    DefaultDepth 24

    DefaultFbbpp 32

    Subsection “Display”

    Depth 24

    FbBpp 32

    Modes “720×480”

    EndSubsection

    EndSection

    Section “DRI”

    Group 0

    Mode 0666

    EndSection

     

     

    13. Run mythtv-setup

     

    Blank menu ..

    Check out http://www.gossamer-threads.com/lists/mythtv/users/286856

    I found this simple set of directions to add in a base set of true

    type fonts (which includes Ariel) to Fedora 7 and it solved the problem.

     

    1. Open a Terminal and cd to a directory you can work in

    2. Become root

    3. Download the MS Core Fonts Smart Package File

    wget http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec

    4. Make sure that the rpm-build and cabextract packages are installed

    yum install rpm-build cabextract

    5. Build the Core Fonts package:

    rpmbuild -ba msttcorefonts-2.0-1.spec

    6. Install the Core Fonts package

    rpm -Uvh /usr/src/redhat/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm

     

    The web site I found this one was: http://www.fedorafaq.org/#installfonts

     

    Sign in as mythtv

    $ mythtv-setup

     

    Setup Video Capture cards, listing source, channel setup

     

    $ mythfilldatabase

     

    Setup remote control

    Go get the LIRC packages from ATrpms

    # yum –enable=atrpms install lirc-0.8.3

     

    And get the kernel modules:

    # yum –enable=atrpms install lirc-kmdl-2.6.22.4-65.fc7-0.8.3-70_cvs20070827.fc7

    resulted in:

    Installed: lirc-kmdl-2.6.22.4-65.fc7.i686 0:0.8.3-70_cvs20070827.fc7

    Dependency Installed: lirc-devices.noarch 0:0.8-4.fc7

     

    Manual test:

    # modprobe lirc_mceusb2

     

    Update modprobe.conf to load LIRC

     

     

    /dev/lirc was symlinked to /dev/lirc/0 (which is the PVR-350 …) so re-linked to /dev/lirc/1 and restarted lircd

    # service lircd restart

    then irw showed button presses!

    Updated /etc/init.d/lircd to relink the /dev/lirc symlink to /dev/lirc/1

     

     

     

    Get MythTV to use remote:

    Copy lircrc file into ~mythtv/.mythtv/lircrc and ~mythtv/lircrc (no dots)

     

     

    Install lirc kernel modules

    NO yum –enable atrpms install lirc-kmdl-2.6.22.4-65.fc7

    Had to uninstall all the modules I installed then re-install lirc 0.8.3 from atrpms

     

     

    Page on the Microsoft MCE remote: http://www.mythtv.org/wiki/index.php/MCE_Remote

     

     

    Setup (tune) screen size

     

    Overscan (image off the screen)

    http://www.mythtv.org/wiki/index.php/Overscan

     

    on Toshiba tv (pixels):

    width 632

    height 436

    GUI x offset 36

    GUI y offset 16

     

     

    Setup auto-login, auto-start of mythfrontend

     

    URL http://www.mythtv.org/wiki/index.php/Frontend_Auto_Login

     

    Tried ratpoison, Gnome and KDE – ratpoison I couldn’t get working without troubleshooting and Gnome and KDE are too heavy weight. fvwm works well, although the font sizes are a bit small – haven’t found where to adjust them yet.

     

    Use fvwm window manager:

     

    Add to inittab:

    c7:12345:respawn:/sbin/mingetty --autologin=mythtv tty7

     

    ~mythtv/.bash_profile

    if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty7 ]; then
    while [ 1 == 1 ]
         do
              startx
              sleep 10
         done
    fi

     

     

     

    HOLD

     

    Use ratpoison window manager:

     

    Add to inittab:

    c7:12345:respawn:/sbin/mingetty --autologin=mythtv tty7

     

    ~mythtv/.bash_profile

    if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty7 ]; then
    while [ 1 == 1 ]
         do
              startx
              sleep 10
         done
    fi

     

    .xinitrc:

    xset -dpms s off
    xsetroot -solid black
    ratpoison &
    x11vnc -many -q -bg -rfbauth .vnc/passwd
    mythfrontend > /home/mythtv/mythfrontend.log 2>&1
    for i in 5 4 3 2 1 ; do
      if [ -f mythfrontend.log.$i ]; then
        mv -f mythfrontend.log.$i  mythfrontend.log.$(($i + 1))
      fi
    done
    mv mythfrontend.log  mythfrontend.log.1

     

    .ratpoisonrc:

    # This is a sample .ratpoisonrc file
    #
    # Set the prefix key to that of screen's default
    escape C-a
     
    # put something informative on the screen while we load stuff
    exec xloadimage -onroot -quiet -center /home/mythtv/.mythtv/mythtvstart.jpg
     
    # Gets rid of that ugly crosshairs default cursor and set the background to black
    exec xsetroot -cursor_name left_ptr
     
    # Use the name of the program rather than the title in the window list
    defwinname name
     
    ### fire up an xterm with ctrl-A x
    bind x exec xterm -j -fn '*-courier-*-r-*-14-*'
     
    # Since running a 720x576 definition the ratpoison screens are too big for the
    # display so we reduce the size of them with defpadding to make them fit
    #defpadding 25 25 25 25
     
    keystate_numlock = enable

     

     

     

     

     

    KDE application file into ~mythtv/.kde/Autostart

     

    Had to setup desktop for mythtv (all black, no screen saver)

     

     

    Migrate from 120GB disk back to 320GB SATA

    2007/10/20 Fedora 7

    Use LVM to move the data, including /root, swap and /storage

     

    In BIOS, enable SATA drive, position as HDD #2 (120GB IDE as HDD #1)

     

    Boot single user (interrupt grub, select first kernel <e>dit, select kernel spec line, <e>dit, add “single” on the end of the line, <b>oot the system (off the old IDE disk)

     

    Display partition table for both drives just to be sure that the 320GB (new) disk is /dev/sbd and the current ‘production’ IDE disk is /dev/sda

    # fdisk -l /dev/sda

    # fdisk -l /dev/sdb

     

    Zero out the partition table and MBR on the SATA disk as we had previously installed Fedora 7, and that data will confuse the migration process.

    # dd if=/dev/zero of=/dev/sdb bs=1024k count=100

     

    Partition new disk to add similar partition structure, including LVM partition

    sdb1 100MB ext3 /boot (0x83)

    sdb2 <the rest> LVM (0x8e)

     

    Set the disk bootable (option a)

     

    [root@mythtv ~]# fdisk -l /dev/sdb

     

    Disk /dev/sdb: 250.0 GB, 250059350016 bytes

    255 heads, 63 sectors/track, 30401 cylinders

    Units = cylinders of 16065 * 512 = 8225280 bytes

     

    Device Boot Start End Blocks Id System

    /dev/sdb1 * 1 13 104391 83 Linux

    /dev/sdb2 14 30401 244091610 8e Linux LVM

     

    Zero out the LVM partition as we had already setup a fresh Fedora 7 install, and the LVM information will still be there (and called VolGroup00, it will confuse LVM on the old IDE disk)

    # dd if=/dev/zero of=/dev/sdb2 bs=1024k count=100

     

    Copy the /boot contents across:

    # mkfs.ext3 /dev/sdb1

    # mkdir /tmp/new

    # mount /dev/sdb1 /tmp/new

    # cd /boot

    # find . –print | cpio –pmd /tmp/new

     

    Now update (install) boot loader on new 320GB disk:

    # mount /dev/sdb1 /tmp/new (if not still mounted)

    # mv /tmp/new/grub/device.map /tmp/new/grub/device.map.old

    # /sbin/grub-install /dev/sdb

    # umount /tmp/new

     

    Label this filesystem as /boot to match /etc/fstab:

    # e2label /dev/sdb1 /boot

     

    Now ‘create’ the new physical volume in LVM and display the pv’s to ensure all’s good:

    # pvcreate /dev/sdb2
    # pvdisplay

     

    Add the new physical volume into the VolGroup00 volume group

    # vgextend VolGroup00 /dev/sdb2

     

    Move all the physical extents from the old IDE disk to the new SATA disk (this will tell lvm to move the physical extents from PV /dev/sda2 to some other free physical volume – the only other volume is the SATA disk we just added). Note this will take a LONG time and will display it’s progress:

    # pvmove /dev/sda2

     

    Remove the old disk:

    # pvremove /dev/sda2

     

    Power off and disconnect power to the old IDE disk, boot to ensure all comes up ok

     

    Power off and remove IDE

     

    HOLD Get firmware for Hauppauge PVR-350

    http://ivtvdriver.org/index.php/Firmware

     

    Firmware files (Video 4 Linux):

    v4l-cx2341x-enc.fw

    v4l-cx2341x-enc.fw

    v4l-cx2341x-init.mpg

     

    Place in hot plug directory for ivtv to get and load into the PVR-350 on boot:

    /lib/firmware/v4l-cx2341x-dec.fw

    /lib/firmware/v4l-cx2341x-enc.fw

    /lib/firmware/v4l-cx2341x-init.mpg

     

    Example of missing fw in dmesg:

    Sep 5 16:02:29 mythtv kernel: ivtv: ==================== START INIT IVTV ====================

    Sep 5 16:02:29 mythtv kernel: ivtv: version 1.0.0 (2.6.22.4-65.fc7 SMP mod_unload 686 4KSTACKS ) loading

    Sep 5 16:02:29 mythtv kernel: eth0: forcedeth.c: subsystem: 01462:7252 bound to 0000:00:14.0

    Sep 5 16:02:29 mythtv kernel: ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 19

    Sep 5 16:02:29 mythtv kernel: ACPI: PCI Interrupt 0000:04:08.0[A] -> Link [LNKA] -> GSI 19 (level, low) -> IRQ 20

    Sep 5 16:02:29 mythtv kernel: firewire_ohci: Added fw-ohci device 0000:04:08.0, OHCI version 1.10

    Sep 5 16:02:29 mythtv kernel: ivtv0: Autodetected Hauppauge card (cx23415 based)

    Sep 5 16:02:29 mythtv kernel: ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 18

    Sep 5 16:02:29 mythtv kernel: ACPI: PCI Interrupt 0000:04:06.0[A] -> Link [LNKC] -> GSI 18 (level, low) -> IRQ 21

    Sep 5 16:02:29 mythtv kernel: firewire_core: created new fw device fw0 (0 config rom retries)

    Sep 5 16:02:29 mythtv kernel: ivtv0: unable to open firmware v4l-cx2341x-enc.fw (must be 376836 bytes)

    Sep 5 16:02:29 mythtv kernel: ivtv0: did you put the firmware in the hotplug firmware directory?

    Sep 5 16:02:29 mythtv kernel: ivtv0: Retry loading firmware

    Sep 5 16:02:29 mythtv kernel: ivtv0: unable to open firmware v4l-cx2341x-enc.fw (must be 376836 bytes)

    Sep 5 16:02:29 mythtv kernel: ivtv0: did you put the firmware in the hotplug firmware directory?

    Sep 5 16:02:29 mythtv kernel: ivtv0: Error initializing firmware

    Sep 5 16:02:29 mythtv kernel: ivtv0: Error -19 on initialization

    Sep 5 16:02:29 mythtv kernel: ivtv: ==================== END INIT IVTV ====================

     

    Example of initialization of fw in dmesg:

    Linux video capture interface: v2.00

    ivtv: ==================== START INIT IVTV ====================

    ivtv: version 1.0.0 (2.6.22.4-65.fc7 SMP mod_unload 686 4KSTACKS ) loading

    eth0: forcedeth.c: subsystem: 01462:7252 bound to 0000:00:14.0

    ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 19

    ACPI: PCI Interrupt 0000:04:08.0[A] -> Link [LNKA] -> GSI 19 (level, low) -> IRQ 20

    firewire_ohci: Added fw-ohci device 0000:04:08.0, OHCI version 1.10

    ivtv0: Autodetected Hauppauge card (cx23415 based)

    ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 18

    ACPI: PCI Interrupt 0000:04:06.0[A] -> Link [LNKC] -> GSI 18 (level, low) -> IRQ 21

    firewire_core: created new fw device fw0 (0 config rom retries)

    ivtv0: loaded v4l-cx2341x-enc.fw firmware (3730290280 bytes)

    ivtv0: loaded v4l-cx2341x-dec.fw firmware (3730290288 bytes)

    ivtv0: Encoder revision: 0x02060039

    ivtv0: Decoder revision: 0x02020023

    tveeprom 2-0050: Hauppauge model 48132, rev K268, serial# 9868627

    tveeprom 2-0050: tuner model is LG TAPE H001F MK3 (idx 68, type 47)

    tveeprom 2-0050: TV standards NTSC(M) (eeprom 0x08)

    tveeprom 2-0050: audio processor is MSP4448 (idx 27)

    tveeprom 2-0050: decoder processor is SAA7115 (idx 19)

    tveeprom 2-0050: has radio, has IR receiver, has no IR transmitter

    ivtv0: Autodetected Hauppauge WinTV PVR-350

    tuner 2-0043: chip found @ 0x86 (ivtv i2c driver #0)

    tda9887 2-0043: tda988[5/6/7] found @ 0x43 (tuner)

    tuner 2-0061: chip found @ 0xc2 (ivtv i2c driver #0)

    saa7115 2-0021: saa7115 found (1f7115d0e100000) @ 0x42 (ivtv i2c driver #0)

    saa7127 2-0044: saa7129 found @ 0x88 (ivtv i2c driver #0)

    msp3400 2-0040: MSP4448G-A2 found @ 0x80 (ivtv i2c driver #0)

    msp3400 2-0040: MSP4448G-A2 supports radio, mode is autodetect and autoselect

    tuner 2-0061: type set to 47 (LG NTSC (TAPE series))

    ivtv0: Registered device video0 for encoder MPEG (4 MB)

    ivtv0: Registered device video32 for encoder YUV (2 MB)

    ivtv0: Registered device vbi0 for encoder VBI (1 MB)

    ivtv0: Registered device video24 for encoder PCM audio (1 MB)

    ivtv0: Registered device radio0 for encoder radio

    ivtv0: Registered device video16 for decoder MPEG (1 MB)

    ivtv0: Registered device vbi8 for decoder VBI (1 MB)

    ivtv0: Registered device vbi16 for decoder VOUT

    ivtv0: Registered device video48 for decoder YUV (1 MB)

    ivtv0: loaded v4l-cx2341x-init.mpg firmware (3730291512 bytes)

    ivtv0: Initialized Hauppauge WinTV PVR-350, card #0

    ACPI: PCI Interrupt Link [LAZA] enabled at IRQ 22

    ACPI: PCI Interrupt 0000:00:10.1[B] -> Link [LAZA] -> GSI 22 (level, low) -> IRQ 18

    PCI: Setting latency timer of device 0000:00:10.1 to 64

    ivtv: ==================== END INIT IVTV ====================

     

    As per http://wilsonet.com/mythtv/fcmyth.php?SID&expandables=closed&ivtv=open&pvr350out=open#capture:

     

    Alternatively, use yum to install from the ATrpms repository

    # yum install ivtv-firmware

     

     

     

    Get DVD libraries

     

    Download from ATrpms:

    libdvdcss-1.2.9-3.fc7.i386.rpm

    # rpm –install libdvdcss-1.2.9-3.fc7.i386.rpm

     

    Vendors for PVR computing parts in Canada:
    As a convenience to the Canadian members of our community, I’d like to start a list of retailers that sell harder-to-find components.

    New Type: www.ntcw.com — Zalman, Thermalright, Swiftech, Vantec, Alpha, Seasonic, Nexus updated Mar 23 03
    RP Electronics: www.rpelectronics.com — DIY Electronic supplies
    Digikey: http://canada.digikey.com — DIY Electronics, Panaflo, etc
    E-Compuvision: www.e-compuvision.com — Vantec, Alpha, Swiftech, Zalman updated Dec 31 03
    Bigfoot: www.bigfootcomputers.com — Thermalright, Panaflo, Swiftech, Zalman, Alpha & more updated Dec 31 03
    Tweakbox: www.tweakbox.com — Panaflo, tails & more
    QuietPC: www.quietpc.ca — Fortron, Zalman, Nexus, I-Style, PowerSnooze, VIA, AcoustiPak, Molex, Papst, moreupdated Dec 31 03
    Maxibyte: www.maxibyte.biz/cat4_1.htm — Zalman, Q-Technology, Papst
    MutePC: www.mutepc.net — Koolance, Zalman, Q-Technology, Papst, Akasa, Molex, Noiseblocker updated Dec 31 03
    Genitech: www.genitechcomputers.com/parts-cpu.shtml — Zalman
    autodeletepro: www.adpmods.coml — Panaflo, Evercool, Thermalright updated Dec 31 03
    Techniche SilentPC: www.silentpc.net — Silent PC retrofitting: Seasonic, Nexus, Thermalright, Panaflo, Zalman, etc. added Mar 19 03
    NCIX: www.ncix.com — Zalman, Alpha, ThermalRight, Antec, Papst, Panaflo, Vantec, Ahanix updated Dec 30 03
    FrontierPC: www.fronet.com — Zalman, Thermalright, Evercase, Nexus, Seasonic, NoVibes, Arctic Cooler, Antec, Panaflo, Samsung w/8MB buffer updated Jan 1 04
    Vibe Computers: www.vibecomputers.com — Thermalright, Zalman, Swiftech, Panaflo, Antec, Papst updated Dec 31 03
    Memory Express: www.memoryexpress.com — Panaflo, Samsung, Thermalright, Zalman, Ahanix/Nikao, updated Dec 31 03
    Canada Computers: www.canadacomputers.com — Zalman, Antec, etc. updated Dec 30 03
    La centrale informatique: www.shoplci.com — Evercase, Antec, Vantec. added Dec 30 03
    CIPC: www.cipc-info.com — Antec, Asaka, Panaflo,Papst, Vantec, Zalman. added Dec 30 03
    Lux-Design: www.lux-design.com — Panaflo, Thermalright. added Dec 31 03
    ByteWize: www.bytewizecomputers.com — Antec, Sparkle, Zalman, Samsung added Dec 31 03
    shopRBC: www.shoprbc.com — Thermalright, Antec, Zalman, Swiftech, Alpha added Dec 31 03
    Atop Online: www.atoponline.com — Samsung, Zalman added Dec 31 03
    Ajump: www.ajump.ca — Evercase, Ahanix, Antec, Sparkle added Dec 31 03
    myCableShop: www.mycableshop.ca added Dec 31 03
    Canadian Tire: — TrimBrite Door Edge Molding (see this posting) added Dec 31 03

    If I missed anything post a reply to this thread & I’ll add your updates.

    Synchronizing directories

    Posted on by

    Fast way to synchronize the content of your iTunes libraries – this doesn’t sync the playlists or any iTunes meta information (and you may need to perform an Add to Library .. to import any new content). This was just a quick and dirty way to sync up my iTunes downloads with another iTunes library at home. This assumes that you’ve opened up the ability to Remote Login (ssh) to the target Mac (topic for another time).

    rsync -av -e ssh "Music/iTunes/iTunes Music/" ahull@10.20.1.103:"/Users/ahull/Music/iTunes/iTunes\ Music"