WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-*****/pkcs11


Turns out, a package upgrade (I was too lazy to identify which one) changed/reverted /etc/xdg/autostart/gnome-keyring-pkcs11.desktop and caused gnome-keyring-daemon to not load properly with XFCE. The fix was to find this line:

OnlyShowIn=GNOME;Unity

And append ;XFCE to it, making it:

OnlyShowIn=GNOME;Unity;XFCE

After a quick reboot everything worked as normal.

As a normal user, open a Terminal window and enter alsamixer. Press F6 and then unmute all of the audio channels (do so by selecting them with the arrow keys, and then pressing ‘m’. When done, press ESC to exit.

After this, su - to assume root, and then type aplay -l to get a list of your audio devices. In my case, I’ve disabled the onboard audio, so the only devices are the Nvidia ones. The output will look something like this:

root@wormwood ~]# aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: NVidia [HDA NVidia], device 7: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: NVidia [HDA NVidia], device 8: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: NVidia [HDA NVidia], device 9: HDMI 0 [HDMI 0]
Subdevices: 1/1
Subdevice #0: subdevice #0

Note that while there are four devices, the first one (which Pulseaudio selects by default) doesn’t do anything. To get this to work, we need to tell it to use the second device (#7). This isn’t horribly easy. If you have another sound card, note the device numbers listed for it above – you’ll need them in a minute.

Finally we can tell Pulseaudio to actually use the correct devices. Still as root, open up /etc/pulse/default.pa and find these lines:

### Automatically load driver modules depending on the hardware available
#.ifexists module-udev-detect.so
#load-module module-udev-detect
#.else
### Alternatively use the static hardware detection module (for systems that
### lack udev support)
#load-module module-detect
#.endif

Now, comment them all out as I have done above. This prevents Pulseaudio from trying to be smart. Now, scroll to the end of the file and add the following line (if you have more than one audio device, you will need to add it multiple times with the correct card and device numbers that you gathered from aplay above):

load-module module-alsa-sink device=hw:0,7

Now simply do a killall pulseaudio and try to play something. You should have audio output over HDMI now!

Edit: Just a bit of follow-up if you’re having trouble with the sound muting after every reboot. As root, enter the following in a shell:

touch /etc/asound.state

chmod 777 /etc/asound.state

Now, as a standard user, follow the instructions above to unmute the Nvidia device channels via alsamixer. Once you’ve confirmed sound is working again, from a shell (still not as root!) type:

alsactl store

Now go back as root and:

chmod 644 /etc/asound.state

When you reboot, you shouldn’t have to unmute through alsamixer anymore.

1. Browse to this page: http://www.java.com/en/download/manual.jsp
2. Copy the URL of the “Linux RPM (self-extracting file)” link.
3. On your CentOS box (assuming you’re SSH’d to it), use wget to download the file (eg, wget http://javadl.sun.com/webapps/download/AutoDL?BundleId=48333)
4. Note that, when the file finishes downloading you may need to rename it. Due to the redirect process Oracle uses, you may end up with a filename like “jre-6u25-linux-i586-rpm.bin\?AuthParam\=1306440404_3678aad28a7b9aae044da147678b211e\&GroupName\=JSC\&FilePath\=%2FESD6%2FJSCDL%2Fjdk%2F6u25-b06%2Fjre-6u25-linux-i586-rpm.bin\&File\=jre-6u25-linux-i586-rpm.bin\&BHost\=javadl.sun.com” (this happened to me). If this is the case, rename it to “jre-6u25-linux-i586-rpm.bin“
5. Use chmod to allow execute permissions: chmod +x jre-6u25-linux-i586-rpm.bin
6. Execute the binary: ./jre-6u25-linux-i586-rpm.bin
7. Verify the installation worked: java -version

That’s it. No extra compiling, no need to add extra repositories. Simple. (Disclaimer: because this is done without a package manager, you’ll have to remember to manually update the installation to keep your box secure.)

First off, you should download the driver binaries from Nvidia’s site. Save them in an easy-to-access place and then do a quick ‘chmod 777′ on the package so you can execute it later. Also, make sure you have the kernel-headers and kernel-devel packages installed, plus gcc so the Nvidia installer can make the kernel module.

Now that the driver is downloaded, we need to disable the Nouveau driver that comes with Fedora. This is a two-step process.

1. As root, edit ‘/etc/modprobe.d/blacklist.conf’ and add the following lines to the bottom:

# Nouveau
blacklist nouveau

2. Now edit ‘/boot/grub/menu.lst’ and add the following to the end of the kernel line:

nouveau.modeset=0
e.g, “kernel /vmlinuz-2.6.35.9-64.fc14.x86_64 ro root=UUID=00311e4e-0043-498c-8532-7301b19eae76 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=us rhgb quiet nouveau.modeset=0“

With that done, reboot. As your computer boots, press the Tab key repeatedly before the Fedora splash screen appears to get the Grub Menu to appear. Press ‘a’ to do a one-time edit of the kernel options (you’ll see the line above appear) and add the number ’3′ (no quotes) to the end, like so:

kernel /vmlinuz-2.6.35.9-64.fc14.x86_64 ro root=UUID=00311e4e-0043-498c-8532-7301b19eae76 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=us rhgb quiet nouveau.modeset=0 3

This will do a one-time boot to Run Level 3, much like adding ‘single’ to the end of the above line would put you in to Single User Mode. Once you’re at the text-mode long prompt (at a really low screen resolution, I might add), login as root and browse to the folder you saved the driver binary to, then run it. Let it go through it’s process and create the files it wants to, and when it finishes, you’re almost done.

The last thing to do is make the framebuffer work on the correct resolution. In my case, my monitor uses 1680×1050 as it’s native resolution, so that’s what I want to set it to.

Reboot the computer again, and do the Tab key trick to get back to the Grub Menu. Once again, press ‘a’ to edit the kernel options and this time add ‘vga=ask’ in addition to the number ’3′ to the end of the line, and then press enter. You should get a list of the framebuffer modes. Find the one that matches your resolution, enter it (and make a note of it), and then press enter. When you get to the login prompt, you should see that everything is the correct size and resolution. If not, try again. For reference, 1680×1050 in 32bit colour for my GeForce 260 is mode 369.

Once you have the correct mode, we’re ready to make it permanent. Login as root and edit the ‘/boot/grub/menu.lst’ file again. Now add the following to the end of the kernel line:

vga=873 video=nvidiafb

eg, kernel /vmlinuz-2.6.35.9-64.fc14.x86_64 ro root=UUID=00311e4e-0043-498c-8532-7301b19eae76 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=us rhgb quiet nouveau.modeset=0 3 vga=873 video=nvidiafb

Where 873 is the the mode you entered above converted from hex to decimal (369 hex == 873 dec).

Save, reboot, and watch as both the framebuffer and Xorg now work at the proper resolution for your monitor. You’ll also now be able to turn on Desktop Effects in Gnome if you so choose.

For example, when I was setting my the nice new VPS that I’m running this site from I attempted to enable IPTABLES logging to monitor attempts to get to the standard SSH port (22), and the port that I actually use for SSH (I won’t post the real one, but for the example I’ll use port 1234) with the following lines in “/etc/sysconfig/iptables”:

<Snip other rules>

-A INPUT -m state --state NEW -p tcp -m tcp --dport 1234 -j LOG -m limit --limit 20/m --log-level warn --log-prefix "SSH Attempt on port 1234: "
-A INPUT -p tcp -m tcp --dport 1234 -j ACCEPT

<Snip even more rules>

-A INPUT -p tcp -m tcp --dport 22 -j LOG -m limit --limit 20/m --log-level warn --log-prefix "Dropped SSH on port 22: "

-A INPUT -j DROP

kern.=warn   /var/log/firewall

SSH Attempt on port 1234: IN=venet0 OUT= MAC= SRC=10.0.0.1 DST=10.0.0.2 LEN=48 TOS=0×00 PREC=0×00 TTL=116 ID=28979 DF PROTO=TCP SPT=35291 DPT=1234 WINDOW=8192 RES=0×00 SYN URGP=0

[root@vps ~]# ps aux|grep klogd

root     13632  0.0  0.1   7188   788 pts/0    S+   00:07   0:00 grep klogd

<snip>

passed klogd skipped #daemon klogd $KLOGD_OPTIONS

<snip>

passed klogd skipped #killproc klogd

[root@vps ~]# ps aux|grep klogd

root      7542  0.0  0.0   3808   424 ?        Ss   Oct11   0:00 klogd -x

root     15402  0.0  0.1   7188   788 pts/0    S+   00:13   0:00 grep klogd

[root@vps ~]# cat /var/log/firewall

Oct 11 23:47:06 vps kernel: SSH Attempt on port 1234: IN=venet0 OUT= MAC= SRC=10.0.0.1 DST=10.0.0.2 LEN=48 TOS=0×00 PREC=0×00 TTL=116 ID=28979 DF PROTO=TCP SPT=35291 DPT=1234 WINDOW=8192 RES=0×00 SYN URGP=0

Oct 12 00:13:03 vps kernel: Dropped SSH on port 22: IN=venet0 OUT= MAC= SRC=110.77.129.166 DST=10.0.0.2 LEN=60 TOS=0×00 PREC=0×00 TTL=45 ID=59383 DF PROTO=TCP SPT=33846 DPT=22 WINDOW=5840 RES=0×00 SYN URGP=0

TL;DR Version: If you want IPTABLES logging enabled on your VPS, follow the normal steps to enable IPTABLES logging and then make sure KLOGD is enabled in  ”/etc/rc.d/init.d/syslog”.

I’d like to thank my host, TDRevolution, for their quick response to the issues and their dedication to security. For anyone looking for a low-cost VPS, I highly recommend them.

help

I’m no fan of browser redirects in any form, and I’m even less of a fan of Yahoo which Rogers partners with to, among other things, provide results on their hijacked landing page. But what can you do? It’s their service, and there’s no opt-out link on the page.

Well, the answer is to manually opt-out. Unfortunately, you need to have a rooted/jail-broken phone to do this. As stated above, I have a Google Nexus One which runs CyanogenMod, but this should work with any other rooted Android phone and even jail-broken iPhones (although the paths are different — you’ll need to alter them as applicable).

To manually opt-out, do the following (assumes Android phone):

1. Open a shell on your phone. You can use ConnectBot, Terminal Emulator, or adb shell.
2. Assume root (su command).
3. Remount the system partition in to read/write mode —  mount -o rw,remount /system
4. Browse to /system/etc.
5. Use your favourite text editor to open hosts.
6. Add the following to the bottom of the hosts file — 127.0.0.1 www20.search.rogers.com
7. Save and quit!

You’re done! You’ve just manually opt’ed-out of Rogers Wildcard DNS hijack. Now you’ll just get the normal ‘Not Found’ errors, as when Rogers see that the domain you’ve entered doesn’t exist and tried to redirect you to their search page, your phone will point that domain to itself and fail as it isn’t running a webserver.

TL;DR Version: To prevent getting directed to Rogers’ Search Page when you mistype an address, edit your hosts file to point www20.search.rogers.com to the 127.0.0.1 loopback address.

Update (05/01/2011): You can now officially opt-out using this link: http://searchassist.teoma.com/templates/rogers/optout

http://globalwarming.house.gov/spillcam

Of course, unless you’re using Windows, that link is no good to you. Why? Because, in this age of HTML5 video and Flash streaming, the video uses the Windows Media plugin – specifically, the Windows Media 9 Codec. There are ways to get it working short of a Virtual Machine running Windows, but it shouldn’t be difficult. The video should be in an open, available format to allow everyone easy access.

Now, I’m no Microsoft-hater, and I’m not a Linux fanboy. All I want is to be able to watch video on whatever platform I want, be it Windows, *Nix, or even OS X. I don’t think this is too much to ask, yet apparently it is.

Update: A Flash-based stream is available here: http://www.npr.org/templates/story/story.php?storyId=127258287&ft=1&f=1003

I love my Android phone, but the root side of it still has some quirks. The default shell, for example, is pretty bare-bones. Fortunately, there are ROMs out there like CyanogenMod that help with that side of things by providing little extras like, for example, the BASH shell. BASH is incredibly handy on an Android phone as the default shell doesn’t allow you to scroll back through your command history using the track ball.

So while BASH is included in some ROMs, it’s not the default shell. Typically, I’ve been using ConnectBot (available on the Android Market) which works well, however I’d usually end up starting out every session like this:

su -c bash

It’s only one line, but really, it’s annoying to have to type it out every time. I’m in the IT field, so my nature is to be lazy and automate everything. Enter Terminal Emulator.

Available for free from the Android Market, Terminal Emulator is very basic. It doesn’t allow you to SSH to remote systems or anything like that – instead, it just immediately opens a local shell. As an added bonus, the preferences let you specify the Command Line to the shell executable.

I thought this was my answer. I set the Command Line preference to “/system/xbin/bash -” (the location on CyanogenMod 5.x.x — this may differ depending on your ROM. Make sure the path is correct before hand, as if you set it incorrectly it’s nearly impossible to get Terminal Emulator back up and running) and re-launched it.

Success! I was in the BASH shell! However, I wasn’t root, and this did cause a problem. As soon as I typed su to become root, my shell was changed back to the default one. After doing a little more digging, though, I found my solution.

In the Terminal Emulator preferences, there’s another option for Initial Command - Terminal Emulator will execute this immediately on open. So, I inserted the line I was using in ConnectBot (su -c bash) and voilà! Terminal Emulator now immediately opens with a BASH shell as root.

The TL;DR version: Install Terminal Emulator from the Android Market, open it, hit the Menu button, then Preferences. Tap Initial Command and enter “su -c bash” — now it will always open with BASH running as root.

Extra Note: If you are using an Android phone without a physical keyboard, simply hold the Menu button on your phone for a few seconds in Terminal Emulator to force the virtual keyboard to appear.

UPDATE: As it turns out, you can do this in ConnectBot as well. Tap-and-hold on the local connection, then choose ‘Edit Host’ and ‘Post-login automation’. Note that if you do this, though, ConnectBot will enter the command, but you still have to press enter to active it.