Meanwhile in the Linux world…
Category Archives: Uncategorized
Enroll failed with error -22
I use pam_fprint on my laptop. Somehow my fingerprints disappeared and I could not enroll them back with pam_fprint_enroll. I had this error message:
Enroll failed with error -22
To fix this I switched from pam_fprint to fprintd which uses D-Bus. I also had to change /etc/pam.d/system:
-auth sufficient pam_fprint.so +auth sufficient pam_fprintd.so
Then I could enroll my fingerprints with fprint-enroll.
Fingerprint and XScreenSaver
Today I configured the fingerprint reader on my Thinkpad X201. I will not describe the process of configuring the fingerprint reader on FreeBSD as it has been documented many times on the Internet. Though if you want I may describe the process in a separate article, just tell me.
After the configuration, everybody from the display manager to su asked to authenticate with the reader. So it was fine. Except for xscreensaver which still confined itself password authentification. There were no configuration for xscreensaver in /etc/pam.d so I initially thought that it fell back on the “other” configuration. Therefore I added one for xscreensaver but it didn’t change anything.
However I installed xscreensaver as a package, and not from the ports. It turns out that the xscreensaver package does not enable the PAM option. You can check that via pkg info xscreensaver
or use ldd /usr/local/bin/xscreensaver
to check if xscreensaver is effectively linked with libpam.so.
So you can reinstall xscreensaver from the ports and configure it with the PAM option enabled. However I still wonder why they disabled this by default. I still have a problem with PAM which sometime does not detect the reader and cannot even authenticate with pam_unix. I don’t know what is the cause of this, but I’ll find out.
Sigma lenses durability
I question the durability of the Sigma low end zoom lenses. We have two Sigma lenses (18-125/200mm) that got stuck in aperture f5.6 / f22. I somehow managed to free up the first one. The second one, however, is plain dead. Some of the connectors are wandering around between the lenses so I guess this is it.
So which one is better in term of durability for a low end zoom lens? Canon, Sigma or Tamron? I don’t know what duration I should expect for such lenses. They were both 5 years old. I will give a try with a Tamron 18-200mm Di-II instead.
No protocol specified
When using a laptop, it is frequent that you have to switch from one network interface to another. As you do so on FreeBSD, you may find that your X server retreats itself into total mutism, refusing any command (xhost, xrandr…) or any new window. The only message it tells you, if by chance you still had a terminal open, is “No protocol specified”.
The reason behind this? When you switched from one interface to another, dhclient did not send your hostname to the DHCP server. Your ISP provided box-modem-router (connected directly because the gateway is down) wants to play the Good Samaritan and offers you a brand new hostname, say “new-host-7”. The DHCP client dutifully updates your hostname and as a result drives the X server completely nuts.
We can fix this in two ways. By default, the FreeBSD dhclient configuration (/etc/dhclient.conf) is empty. This means that dhclient does not send your hostname and that it requests an hostname from the DHCP server. What we want here is that the DHCP server knows about our hostname and that even if it supplies an hostname value, we supersedes this option with our real hostname. To achieve this, add two lines in /etc/dhclient.conf:
send host-name "monty-bsd-laptop"; supersede host-name "monty-bsd-laptop";
These two lines are pretty self explanatory. It seems that FreeBSD does not expect you to aggressively switch between multiple interfaces, although it can. An example among others that FreeBSD is not originally intended for laptop usage.
ChangeLog
So I just wanted to post about a few things to come on this blog and my projects. I’m confident this is a better place to tell you about these things than changes coming out without notice on my website. So here it is, a series of bulleted list of things to come, a glimpse on a possible future:
- I might post more often than I previously did. In particular on different subjects than what I usually posted.
- I might post more often about FreeBSD (duh…)
- Some changes in the licensing of my projects (more details in a following post).
- GCalc becomes RPNC (more details in a following post).
- If I have time (which I have not) some projects might undergo a major rewrite.
- Some older projects got nearer to the top of my TODO list.
Hello FreeBSD!
It’s been more than two weeks now that I switched from Linux to FreeBSD. There are multiple reasons behind this change and I will not dwell on all of them. If you read this blog (do you? :)), you probably know that I am a long time advocate of Debian. One particular thing that I like with Debian is that it doesn’t tie your hand with a large set of packages. It is an universal operating system that you can tailor to better suit your needs.
However, as time passes it became harder to modify anything. More and more I find myself patching programs that just want to do things on their own fancy way. More and more some random daemon just gets in my way because it supposedly covers all possible use cases. And recently I came under the impression that my system was just a bunch of layers of layers of various daemons doing their stuff somehow, somewhere, all of them trying to reinvent the wheel, with a twist.
Finally there is one important thing you should remember, Linux is not UNIX. Actually in the past few years, it started to diverge from this philosophy quite significantly. This article presents some differences between the UNIX and the Linux/FLOS model much better than I could do. And this is where we come to the root of my decision. While I can understand some of the benefits of the later approach, it dawns on me that as an user, I do not fit in FLOS and if I keep using Linux as a desktop, this life will be a hell of frustration and ranting without end. Note that this transition was long time foreseeable. I always spent a lot of time with BSDs. However these were casual and experimental setups and I didn’t do much more than porting stuff to it.
I could as well use this system on a daily basis. So I decided to take the leap and use FreeBSD on my laptop (ThinkPad X201). I first installed FreeBSD 10 (RELEASE), but it didn’t work as expected. In particular the Intel KMS driver did not work properly. Also xrandr did not work, and the performances were far lower than Linux. Needless to say, I was a bit downhearted. I expected so much from this first installation.
After an evening weighting the pros and cons, sadly contemplating the idea of returning to Linux, I decided to give it another try with FreeBSD 11 (CURRENT). Fortunately almost everything worked perfectly then. The Intel KMS driver works, although I don’t have access to the ttys (ttys and suspend now work on HEAD). Xrandr works perfectly which is imperative to give a presentation. The wireless card, sound card, fingerprint reader and ultra base also work with no apparent problem.
However I still have some problems with the function keys not detected on the external ThinkPad keyboard. Also xscreensaver does not always detect the finger print reader. Finally the secondary mouse and keyboard are not always properly detected by X. I guess this is probably a problem with HAL. But I did not look into it yet (ums_load="YES"
in /boot/loader.conf).
I did several quick benchmarks to compare the performances with the Debian installation. I will post the results in a few days. I will also leverage the change to update some of my projects and also to clean my configurations a little bit. I already did so for Emacs and Awesome WM, though for now I’ve something else to do.
It’s MacOS, not MACOS!
Status
Each time you say MAC instead of Mac, a switch dies on the Internet.
Source based routing
My two home servers are down for the moment. This also means that our two IPv6 SixXS tunnels are down which costs us 100 ISK per week. Argh! I need to get these up and running as soon as possible. Fortunately we have another VPS on Linux that can save us. So we just have to enable the two tunnels there and make sure that we can ping to/from both interfaces.
Setting up the two tunnels is easy. Use one configuration file per tunnel. Ensure that you change the parameters “tunnel_id” to the tunnel associated to this configuration file, one “pidfile” and “ipv6_interface” for each tunnel and “defaultroute” to false because we already have a default IPv6 route. Now you can start/stop each tunnel with:
aiccu start /etc/aiccu/tunnel0.conf aiccu start /etc/aiccu/tunnel1.conf aiccu stop /etc/aiccu/tunnel0.conf aiccu stop /etc/aiccu/tunnel1.conf
Don’t forget to hack /etc/init.d/aiccu to start/stop both tunnel on each reboot. OK! So now ifconfig list the two interfaces, up and running sixxs0 and sixxs1. This is great but wait… Nobody outside can ping these interfaces. The tunnel must ping to be considered active by SixXS so we better get this running.
For now we have these three interfaces and IPs (not the actual names/IPs):
- net0 (2001::1) default
- sixxs0 (2a02::1)
- sixxs1 (2a02::2)
By default, all our IPv6 traffic goes through net0. However and unsurprisingly our ISP filters the traffic at the output of net0. So we cannot use this interface to answer the echo-requests. Actually, what we want is that traffic originating 2a02::1 goes through sixxs0 and from 2a02::2 goes through sixxs1. That is, one default route based on the source address.
Linux has long had support for multiple routing tables (CONFIG_IP_MULTIPLE_TABLES). Basically what we will do here:
- Create two routing tables for each tunnel interface (sixxs0, sixxs1).
- Each table will have a default route through its interface.
- Lookup into one of the two tables according to the source IP.
You can find some relevant documentation in Linux Advanced Routing & Traffic Control, Chapter 4.
We first list the actual rules:
# ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default
We can see that we have three routing tables. One for the local addresses, the normal routing table (what you get with ip -6 route
) and the fallback default table.
Let’s first check the local routing table (we are just curious):
# ip -6 route list table local local ::1 via :: dev lo proto none metric 0 mtu 16436 advmss 16376 hoplimit 0 local 2a02::1 via :: dev lo proto none metric 0 mtu 16436 advmss 16376 hoplimit 0 local 2001::1 via :: dev lo proto none metric 0 mtu 16436 rtt 6ms rttvar 7ms cwnd 10 advmss 16376 hoplimit 0 local 2a02::2 via :: dev lo proto none metric 0 mtu 16436 advmss 16376 hoplimit 0 local fe80::1 via :: dev lo proto none metric 0 mtu 16436 advmss 16376 hoplimit 0 local fe80::2 via :: dev lo proto none metric 0 mtu 16436 advmss 16376 hoplimit 0 ff00::/8 dev net0 metric 256 mtu 1500 advmss 1440 hoplimit 0 ff00::/8 dev sixxs1 metric 256 mtu 1280 advmss 1220 hoplimit 0 ff00::/8 dev sixxs0 metric 256 mtu 1280 advmss 1220 hoplimit 0
So now you know what’s going on when you ping one of your local interfaces. But back to our point. We name our two new routing tables in /etc/iproute2/rt_tables:
# SixXS tables 200 sixxs0 201 sixxs1
Now we add the default route in each of these two tables:
ip -6 route add default dev sixxs0 table sixxs0 ip -6 route add default dev sixxs1 table sixxs1
And finally we use two rules to map the source address to the correct routing table:
# ip -6 rule add from 2a02::1 table sixxs0 # ip -6 rule add from 2a02::2 table sixxs1 # ip -6 rule list 0: from all lookup local 16383: from 2a02::1 lookup sixxs0 16383: from 2a02::2 lookup sixxs1 32766: from all lookup main 32767: from all lookup default
It should be OK but let’s check that. We can ping from the sixxs interfaces:
ping6 -c1 -I 2a02::1 www.kame.net ping6 -c1 -I 2a02::2 www.kame.net
We also check that we can ping our interfaces from another host:
ping6 -c1 2a02::1 ping6 -c1 2a02::2
Everything works, that’s great! Finally we just hack /etc/init.d/aiccu to configure the routing tables on each reboot. Note that you need to sleep a bit when you issue the aiccu start because the daemon needs a bit of time to enable the tunnels. Also note that you must be careful when you test your script (quoting the SixXS FAQ):
“If a client connects more than 4 times in 60 seconds (1 minute) the client will not be allowed to connect again for the next 5 minutes. In case this threshold is exceeded more than once in 24 hours a client will be automatically blocked for a week.”
As you can guess, I have been blocked. Oops!
systemd
Quote
“One System to rule them all,
One System to find them,
One System to bring them all
and in the darkness bind them.”