Nightmare: Pulseaudio, Nvidia HDMI Audio, and CentOS

27. February 2012 · Write a comment · Categories: Hack, Hardware, Linux, Troubleshooting · Tags: , , , ,

I’m in the process of converting my home server in to a CentOS SMB server and XBMC combination box. In the process, though, I ran in to a problem where PulseAudio would recognise the HDMI audio capabilities of the video card (after installing the Nvidia binary drivers), but wouldn’t output any sound. After a lot of digging and swearing, I finally fixed it by doing the following:

As a normal user, open a Terminal window and enter alsamixer. Press F6 and then unmute all of the audio channels (do so by selecting them with the arrow keys, and then pressing ‘m’. When done, press ESC to exit.

After this, su - to assume root, and then type aplay -l to get a list of your audio devices. In my case, I’ve disabled the onboard audio, so the only devices are the Nvidia ones. The output will look something like this:

root@wormwood ~]# aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: NVidia [HDA NVidia], device 7: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: NVidia [HDA NVidia], device 8: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: NVidia [HDA NVidia], device 9: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0

Note that while there are four devices, the first one (which Pulseaudio selects by default) doesn’t do anything. To get this to work, we need to tell it to use the second device (#7). This isn’t horribly easy. If you have another sound card, note the device numbers listed for it above – you’ll need them in a minute.

Finally we can tell Pulseaudio to actually use the correct devices. Still as root, open up /etc/pulse/default.pa and find these lines:

### Automatically load driver modules depending on the hardware available
#.ifexists module-udev-detect.so
#load-module module-udev-detect
#.else
### Alternatively use the static hardware detection module (for systems that
### lack udev support)
#load-module module-detect
#.endif

Now, comment them all out as I have done above. This prevents Pulseaudio from trying to be smart. Now, scroll to the end of the file and add the following line (if you have more than one audio device, you will need to add it multiple times with the correct card and device numbers that you gathered from aplay above):

load-module module-alsa-sink device=hw:0,7

Now simply do a killall pulseaudio and try to play something. You should have audio output over HDMI now!

Edit: Just a bit of follow-up if you’re having trouble with the sound muting after every reboot. As root, enter the following in a shell:

touch /etc/asound.state

chmod 777 /etc/asound.state

Now, as a standard user, follow the instructions above to unmute the Nvidia device channels via alsamixer. Once you’ve confirmed sound is working again, from a shell (still not as root!) type:

alsactl store

Now go back as root and:

chmod 644 /etc/asound.state

When you reboot, you shouldn’t have to unmute through alsamixer anymore.

Make SEP Manager Console Suck a Little Less

27. June 2011 · Write a comment · Categories: Hack, Software · Tags: , , ,

My biggest complaint about Symantec End Point is that the manager console is slow. On a dual quad-core server with 16GB of RAM, it simply crawls. Sometimes, even when the system load is basically zero, the console is almost unusable. I did a little digging and found that the manager console is, in fact, written in Java –  that explains a lot.

Fortunately, because it’s written in Java there’s a little trick you can you to speed things up a little, assuming you have a decent amount of free RAM. The manager console is typically launched through sesm.bat, which is located (in a default install on an x64 server) in “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\”. Open that .bat file in notepad, and you’ll see this:

@start “SESM” “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\jdk\bin\javaw.exe” -Xms128m -Xmx1024m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRatio=40 -Dscm.console.conf=”C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties” -jar “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\scm\clientpkg\scm-ui.jar”

Note the bit that I’ve highlighted above in red. Boost that up a little (I set it to 512m), save, and then re-open the management console. You should notice a significant difference in how fast the console operates now.

HDD Replacement: Acer Aspire One and ZIF Drives

27. May 2011 · 9 comments · Categories: Hack, Hardware · Tags: , , , ,

I ordered a 30GB 1.8″ ZIF drive to replace the crappy 8GB SSD drive in my old Acer Aspire One netbook. When I got the drive (a Samsung HS030GB) I very quickly discovered that the ZIF ribbon cable that came stock with the netbook didn’t work with it. The problem, it seems, is that Samsung uses a non-standard ZIF connector that is incompatible with 0.35mm ZIF cables (which are the standard). So, I shaved down one end of the ribbon and promptly broke it. Then, being an idiot, ordered a replacement set of cables on eBay without checking the thickness first (the listing stated they were for Samsung drives, although I should have known better than take that at face value).

I got the new set of cables today and, of course, they were all 0.35mm thick as well. I tried a few techniques to try to make the ends thinner but eventually just ended up with a bunch of butchered ribbons.

ZIF Drive and Cable

Remember kids, always review the specs of the drive and cable *before* ordering!

So I’ve ordered another batch of cables, this time making sure that one end has the correct thickness. Hopefully I’ll have a working netbook in a few weeks.

Update: The new ZIF cable came in (ProTip: when ordering ZIF ribon cables, if you need a smaller-than-0.35mm end, look for one where one end is blue (as pictured above), and the other end is white. The white end will be the smaller size)! Surprisingly, it fit, and after making a few modifications to the case (mainly removing the screw mounts for the old SSD) the new drive just dropped right in to place. Xubuntu is now installing, so I finally have a functional netbook again!

Shaw Cable Pulls a Rogers; Hijacks NX Records

01. May 2011 · 5 comments · Categories: "It's a Feature", Hack, Networking · Tags: , , ,

Shaw CableThe last time I wrote about NX Domains, it was because I noticed that Rogers wireless was hijacking them on my phone. Now, it appears that Shaw Cable is doing the same.

I use OpenDNS, so I’m used to search pages coming up when I mistype URLs, however that is something I’d opt’ed in to. You can imagine my surprise when, after mistyping a URL, I was directed to this instead:

http://assist.shaw.ca/shawcaassist/dnsassist/main/?domain=www.example.com

(original URL redacted).

It appears that, even if you aren’t using Shaw’s DNS servers they are still checking your DNS requests and, in the case of NX domains (at least – they could technically do this for any traffic), hijacking the result and forwarding your browser to their page instead.

I’ve sent a barrage of messages to Shaw’s PR team on Twitter, but haven’t had a response yet. I’ll update this article when (or if) they reply.

For the time being, though, it appears you can opt-out of the ‘service’ using this page: http://nxr.shaw.ca/optout/

Update: I’ve had a reply from Shaw saying “We do not modify any DNS traffic going to our customers from other sources”. They’re currently looking in to the issue apparently, so another update will be in order when I hear back.

Additional Update: I received a reply from Shaw asking me to do some further troubleshooting, all of which would have been useless (eg, using the ‘dig’ and ‘nslookup’ commands to confirm my DNS settings and what the NX response was), however as I opted out of the ‘service’ I can’t actually complete the steps as everything is working correctly. Additionally, there doesn’t appear to be a way to opt back in to the ‘service’, so that’s also a bust. I guess I won’t be getting an answer as to what happened. Also, I was linked on Reddit Canada.

Server 2008 R2 and Windows 7 Client SMB2 Share Refresh Issue

31. January 2011 · 15 comments · Categories: Hack, Microsoft, Networking, Servers, Software, Troubleshooting, Windows · Tags: , , ,

That’s one heck of a long post title, but it at least describes the issue. Here’s the setup:

  • 1x Windows Server 2008 R2 with Hyper-V/AD/File Server roles, and two shared folders. Server has dual onboard NICs, one with full access to the client network below, the other to a separate network to allow the server to be managed remotely (no gateway configured on this NIC).
  • 18x Windows 7 x86 clients
  • Standard network setup (read: no VLANs, bridging, etc…. Just one network switch).

The previous server used by these clients worked perfectly. However, upon replacing the server with the one above, my users began noticing an odd issue. If they copy one or more files/folders to a share that is visible to all of the computers, the file(s) don’t immediately show up on all of the computers – usually 3/4 of the computers will see the file(s). On the 1/4 that don’t, users either have to wait ~10 minutes before the files will appear, or they can reboot to force a refresh. Simply pressing F5, or right-clicking in the shared folder and choosing ‘Refresh’ doesn’t work – only waiting or rebooting does.

In terms of a solution, I’ve seen a number of suggestions, but none seem to work. The server has dual-onboard Broadcom Gigabit NICs, and a number of forum posts have suggested disabling Checksum Offload and Large Send Offload, but this made no difference. Neither did disabling IPv6 on the client and server side. Disabling firewalls on the client and server side made no difference, nor did this post suggesting a few registry settings to change.

What did fix the issue, though, was disabling SMB2. Once all of the clients were connecting using the old SMB protocol the issue disappeared. I have no idea why SMB2 is an issue as I haven’t take the time to troubleshoot further with SMB2-specific settings, however this at least has things running normally.

TL;DR Version: If you have clients connecting to a Windows Server 2008 R2 box and the contents of file shares aren’t refreshing immediately or until reboot, disable SMB2 on the server.

Cheat: How to get Custom Routes on Google Maps for Android

16. December 2010 · 3 comments · Categories: "It's a Feature", Android, Google, Hack, howto, Short · Tags: , ,

One of my few complaints about the Maps app on Android, even the newly released 5.0 version, is that if you use the Directions feature there is no Alternate Route option. There isn’t even an option to manually re-draw the route, or to enter a second destination like in the web version.

So I found myself faced with an issue – I was about to go on a fairly long trip, however I was planning on taking a route different from the one Google had suggested. While I could use the web version of Google Maps on my phone, I wanted to use the actual app. The solution, as it turns out, is very simple.

The trick is to set everything up on the web version of Maps first. This gets tricky, depending on how sever the changes to the route are. I my case, I only needed to drag one route marker to change the route to go where I wanted it. Here’s the before route, and the after (not my real start and destination, just an example).

So the cheat is actually very straight forward – after finalizing your route in web Maps, copy the link for the map (don’t use the address bar – use the Link button in the top-right corner of the map) and paste it in to a URL shortener like Is.Gd, then enter that URL on your Android phone. The browser will ask if you want to open the link in Maps or another program, so just choose maps and your custom route will appear, with full directions, right before your eyes.

Edit: I should clarify that Google Navigation for Android has a ‘Recalculate Route’ option, however if you aren’t planning on using it, or it isn’t available in your area, this is the solution.

A PHP-Based Server Monitor

22. October 2010 · Write a comment · Categories: Hack, howto, Servers · Tags: , ,

The other day I decided that the little ‘Network Monitor’ desktop gadget I was using to monitor my few servers just wasn’t cutting it. Instead, I wanted to make use of a spare iMac and have something a little flashier. A Google search for Server Monitors brought up a plethora of options that were either horribly ugly, platform specific, or just didn’t work the way I needed (most required that the target server be running some form of web server, such as IIS or Apache to retrieve headers to see if the server was up – most of my servers don’t run those). As such, I decided to write a small script from scratch.

I figured the easiest way to accomplish my goal of a platform-independent monitoring script was to use PHP. After enabling Apache2/PHP5 on my Snow Leopard-running iMac (a topic for another blog post later), I searched through the PHP.net function list until I found fsockopen(). This function is quite ideal, as it will work with any open port. The first step was to make a quick function to utilize fsockopen and return some testable results:

function checkServer($ip,$port)
{
$fp = fsockopen($ip,$port,$errno,$errstr,1);
if (!$fp)
{
return ‘Down’;
} else {
return ‘Up’;
}
}

I added this to a <?php ?> block in the <head></head> of the document – to call the function and perform the test, I used the following line below:

$servername = checkServer(’192.168.1.100′,’53′);

In this example I’m checking the availability of a DNS server, so I use port 53. When this runs, the $servername is set to either ‘Up’ or ‘Down’ depending on whether or not a connection can be opened on that port.

The only thing left now was to display this output. I made a fancy table-based page with graphics where each server is a cell and the background changes between green and red depending on the $servername value. However, all you really need is the code below in a <?php ?> block in the body of the page:

echo(‘Server Example Status: ‘.$servername);

Changing Example to the name of your server. If you have more than one server to check, just make another variable, use the checkServer function to give it a value (make sure to change the IP address and use an open port!), and then add another echo line.

That’s it! To be fancy, you can add a javascript automagic page refresh to – just change the <body> tag to:

<body onLoad=”Javascript:timedRefresh(30000); display();”>

And put the following in the <head></head> section:

<script type=”text/Javascript”>

<!–

function timedRefresh(timeoutPeriod) {

setTimeout(“location.reload(true);”,timeoutPeriod);

}

//  –>

</script>

And you’re done! If the server is up, every 30 seconds your page will refresh and show:

Server Example Status: Up

Exchange 2007 OWA/ActiveSync with Two SSL Certificates

20. July 2010 · Write a comment · Categories: Hack, howto, Microsoft, Servers, Software, Troubleshooting, Windows · Tags: , , , ,

Yes, it is possible. It’s not pretty by any means (a proper Class 2 SSL Certificate is the best way to go), but it can be done. Click Continue Reading for the process.

More »

Rogers Wireless Hijacks Wildcard DNS Records

07. June 2010 · 2 comments · Categories: "It's a Feature", Android, Apple, Hack, howto, iPhone, Linux, Rants · Tags: , , , , , ,

Rogers LogoAlthough I can’t confirm when this happened (it may have happened a while ago and I just never noticed), I was browsing the internet last night on my Google Nexus One and noticed that, when I mistyped http://imdb.com, I was redirected to http://www20.search.rogers.com (which doesn’t work outside of Rogers’ network) instead of receiving a normal Not Found error. This all smacks of the infamous VeriSign Site Finder fiasco.

I’m no fan of browser redirects in any form, and I’m even less of a fan of Yahoo which Rogers partners with to, among other things, provide results on their hijacked landing page. But what can you do? It’s their service, and there’s no opt-out link on the page.

Well, the answer is to manually opt-out. Unfortunately, you need to have a rooted/jail-broken phone to do this. As stated above, I have a Google Nexus One which runs CyanogenMod, but this should work with any other rooted Android phone and even jail-broken iPhones (although the paths are different — you’ll need to alter them as applicable).

To manually opt-out, do the following (assumes Android phone):

  1. Open a shell on your phone. You can use ConnectBot, Terminal Emulator, or adb shell.
  2. Assume root (su command).
  3. Remount the system partition in to read/write mode —  mount -o rw,remount /system
  4. Browse to /system/etc.
  5. Use your favourite text editor to open hosts.
  6. Add the following to the bottom of the hosts file — 127.0.0.1 www20.search.rogers.com
  7. Save and quit!

You’re done! You’ve just manually opt’ed-out of Rogers Wildcard DNS hijack. Now you’ll just get the normal ‘Not Found’ errors, as when Rogers see that the domain you’ve entered doesn’t exist and tried to redirect you to their search page, your phone will point that domain to itself and fail as it isn’t running a webserver.

TL;DR Version: To prevent getting directed to Rogers’ Search Page when you mistype an address, edit your hosts file to point www20.search.rogers.com to the 127.0.0.1 loopback address.

Update (05/01/2011): You can now officially opt-out using this link: http://searchassist.teoma.com/templates/rogers/optout

« Older articles