Ansible ping

Some sanity checks for Ansible. Start with a basic host file.

all:
  servers:
    all:
      hosts:
        my_server:
          ansible_host: 192.168.0.1
        your_server:
          ansible_host: 192.168.1.2
          ansible_ssh_user: your_username
      vars:
        ansible_connection: ssh
        ansible_ssh_user: my_user
        ansible_ssh_private_key_file: /home/my_user/.ssh/id_ed25519_pi

Check that your server is up and reported correctly in your `/etc/ansible/hosts` file by having ansible ping it.

ansible -m ping my_server

If everything is configured correctly then you should get back

mu_server | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

This should allow you to determine if at least there is a command and control connection available.

Work on your playbook and verify that it is valid yaml.

yamllint /home/ken/sourcecode/personal/ansible/work.yaml

Then verify that the playbook is sane

ansible-playbook --syntax-check /home/my_user/ansible/my_example.yaml

After that you should be able to run the playbook using.

ansible-playbook /home/my_user/ansible/my_example.yaml
Posted in General | Leave a comment

Android/LineageOS refreshing every screen, every second

TL;DR Turn off “Phone Audio” in the Bluetooth headset.

I have had a very strange problem with my LineageOS phone over the last week or two. Every screen intermittently started refreshing every second or so. Side menus disappeared, videos when back to the start, keyboard prediction went nuts. I hadn’t changed my hardware setup at all and could not get to the root cause. I did a clean install again but the problem remained which lead me to think that it may be a hardware problem with the phone.

Just my luck that the problem only seemed to happen when I went on breaks, or during my commute. During my work day the phone preformed fine.

I use a cheap Bluetooth headset to listen to podcasts but I didn’t think that was the issue as it’s been working fine for a year or more. However I happened to be looking at the screen while I turned them on, and wouldn’t you know the problem started. I turned off Bluetooth and the problem went away. Finally turning off “Phone Audio” fixed the issue entirely.

This issue is limited to this adapter only and other headsets don’t have the problem.

Posted in General | Leave a comment

Android Firewalled Wi-Fi connection reports no Internet and won’t connect

Background

You’re running a firewall on your work and home networks right, so of course you’re running one on your Smart Phone. Given this device holds more information about you than you probably know yourself, it would be only prudent to make sure that you are protecting what gets in but also what gets out.

I run AFWall+ which is available from the F-Droid app store. It runs fine on LineageOS.

I then set it on the children’s phone so that no application is allowed to use mobile data, and then only applications that need Internet get Internet Access. This works well as it’s a normal use case for mobile applications to have intermittent access to the Internet.

I see no reason why the Linux Kernel should need unfettered access to the Internet, so it’s not allowed out. One issue you may come across is that even though you know that there is a Connection your phone doesn’t, and will display the Wi-Fi Connected, no Internet message.

I’m not sure how this check is done but abqnm suggests at in the StackExchange question How does Android determine if it has an Internet connection? that it may be related to Google Cloud Messaging.

… this means that the device is unable to receive a response from GCM (Google Cloud Messaging, the framework that handles push notifications). This traffic is sent through ports 5228, 5229, and 5230. If the AP is blocking or interfering with traffic on those ports, push notifications won’t work …

I do indeed see blocked attempts by Google Play Services on my own phone, but not on the other phones that have no google services installed. The only entry I see in the logs is an ICMP attempt to “Comcast Cable Communications, Inc”. If you know more please record a show for Hacker Public Radio about it.

Giving Access

Normally you will get a message saying that the Wi-Fi has no Internet access.

If you tap the message a popup will allow you to stay connected and will let you remember the choice.

In some cases the router helpfully resets the connection before you can reply to the message meaning it goes into a loop continually popping up the message but not reacting to it.

In this case we can use Termux a Android Terminal emulator, to drop to a shell and fix the problem.

I used su to get root access but you could also change to the user wifi.

The file you need to edit is /data/misc/wifi/wpa_supplicant.conf. It’s probably best to edit this file with the wifi off.

network={
	ssid="OpenWireless.Org"
	key_mgmt=NONE
	priority=15
	id_str="{snip}"
}

Scroll down to the network that is giving you trouble and add disabled=1

network={
	ssid="OpenWireless.Org"
	key_mgmt=NONE
	priority=15
	disabled=1
	id_str="{snip}"
}

I ended up copying the file to the sdcard, and editing it there. I then copied it back as su and used chown wifi:wifi /data/misc/wifi/wpa_supplicant.conf to fix the permissions.

Once that’s done you can reboot the phone and connect to the network without a problem. You should also consider putting up an Open Wireless access point yourself.

This is available as a podcast on HPR2810

Posted in Podcasts | Tagged , | Leave a comment

Resizing images for vcard on Android

I have had problems importing vcards onto my Android phone. After a lot of troubleshooting, I tracked it down to embedded images in the card. The PHOTO;VALUE field to be precise.

Some images worked and some didn’t, and looking at the properties some that worked were larger than others that didn’t. In the end I tracked down a post on stackoverflow that hinted that the aspect ratio was important. And sure enough it was.

starting with jelly bean (4.1), android now supports contact images that are 720×720.
before, starting with ICS (4.0), android has supported contact images that are 256×256.
and before that, contact photos had just a size of a thumbnail – 96×96.

Stack exchange

I tried a 720×720 on a few phones but decided to settle on 256×256 for now. 

To do image manipulation, I tend to use the GraphicsMagick tools instead of the more popular ImageMagick suite. You should be able to achieve the same result in either.

My requirements were:

  • The images should be scaled so that the maximum height/width shrinks to 256, maintaining the aspect ratio.
  • The images should always be 256×256 in size.
  • Scaled images should be padded and centered on a white background.
  • All color profile information should be removed.

To use an example I took the following image and saved it as Linus_Torvalds.jpg

By Krd (photo)Von Sprat (crop/extraction) – File:LinuxCon Europe Linus Torvalds 03.jpg, CC BY-SA 4.0, Link

Step one is to use the -size 256×256 option which you would think would do the scaling, but in fact it only reduces the file to 366×509 which is not what I expected.

$ gm convert -size 256x256 "Linus_Torvalds.jpg" Linus_Torvalds_1.jpg
$ gm identify Linus_Torvalds_1.jpg Linus_Torvalds_1.jpg JPEG 366x509+0+0 DirectClass 8-bit 56.1Ki 0.000u 0m:0.000002

   

However it appears that the option is used when creating new files, and is also used by the processor to determine the intended target size. Which is why I left it in. So what we actually need is the -resize option.


$ gm convert -size 256x256 "Linus_Torvalds.jpg" -resize 256x256 Linus_Torvalds_2.jpg
$ gm identify Linus_Torvalds_2.jpg
Linus_Torvalds_2.jpg JPEG 184x256+0+0 DirectClass 8-bit 47.7Ki 0.000u 0m:0.000001s

So this has done a good job at scaling the image down. It’s now scaled correctly so that the biggest edge is scaled down to 256. In this case it was the height but the width is now shorter than what we need. We do want to maintain the aspect ratio so that we don’t distort the image but 184×256 is not 1:1 aspect ratio nor is it the needed dimensions of 256×256.

The solution to this is to use the -extent command.

$ gm convert -size 256x256 "Linus_Torvalds.jpg" -resize 256x256 -extent 256x256 Linus_Torvalds_3.jpg
$ gm identify Linus_Torvalds_3.jpg
Linus_Torvalds_3.jpg JPEG 256x256+0+0 DirectClass 8-bit 48.0Ki 0.000u 0m:0.000001s

This gives us the correct size and a 1:1 aspect ratio, but the image is left justified. To fix this we need to use the -gravity command. That needs to be the first argument of the command. Finding the correct order of the commands took some trial and error.

$ gm convert -gravity center -size 256x256 "Linus_Torvalds.jpg" -resize 256x256 -extent 256x256 Linus_Torvalds_4.jpg
$ gm identify Linus_Torvalds_4.jpg
Linus_Torvalds_4.jpg JPEG 256x256+0+0 DirectClass 8-bit 48.5Ki 0.000u 0m:0.000001s

Finally we remove all profile information using +profile which should make the image more generic.

$ gm convert -gravity center -size 256x256 "Linus_Torvalds.jpg" -resize 256x256 -extent 256x256 +profile "*" Linus_Torvalds_5.jpg
$ gm identify Linus_Torvalds_5.jpg
Linus_Torvalds_5.jpg JPEG 256x256+0+0 DirectClass 8-bit 5.7Ki 0.000u 0m:0.000001s

Putting it all together we get.

gm convert -gravity center -size 256x256 "big-image.jpg" -resize 256x256 -extent 256x256 +profile "*" "256x256_image.jpg"

You should now be able to add these images to vcards without any problem.

Here is a one liner to create 96×96 256×256 and 720×720 thumbnails of all the jpg images in a directory.

 

for image in *jpg;do for size in 96x96 256x256 720x720; do gm convert -gravity center -size ${size} "${image}" -resize ${size} -extent ${size} +profile "*" "thumbnail-${size}-${image}";done;done

Also available as a podcast on Hacker Public Radio

Posted in General, Podcasts | Leave a comment

Preventing USB access

I have a Raspberry Pi next to my main workstation which I use for email. To control it I use the excellent Synergy Application over a ssh tunnel which means that I don’t need an extra keyboard or mouse. This works great especially as Remote Keyboard Locking is supported by xscreensaver and Synergy. Once I lock the main workstation the Pi also locks.

However I also want to stop people been able to simply walk up and plug in a keyboard and mouse. To prevent this I followed the instructions of Sergey Manucharian on Stackoverflow to disable usb via udev.


# cat /etc/udev/rules.d/99-disable-usb-hid.rule
SUBSYSTEMS=="usb", DRIVERS=="usbhid", ACTION=="add", ATTR{authorized}="0"

 

Of course anyone could take the sdcard out and remove this line. In my case this isn’t an issue as it’s a default image and I don’t store anything on there.

Posted in General | 2 Comments

Citrix receiver error 1000119

I’m just going to redirect to the answer by Peter on AskUbuntu. In my case I renamed the cacerts directory and then symlinked it.

# mv /opt/Citrix/ICAClient/keystore/cacerts/ /opt/Citrix/ICAClient/keystore/cacerts.orig
# ln -s /etc/ssl/certs /opt/Citrix/ICAClient/keystore/cacerts

 

Posted in citrix | Leave a comment

Installing snx on Fedora 28

Ahh yes.

dnf install /lib/ld-linux.so.2 libX11.so.6 libpam.so.0 libstdc++.so.5 libnsl.so.1
Posted in snx | 2 Comments

Problem running pgcli fixed by installing from git using pip

Pgcli is a command line interface for Postgres with auto-completion and syntax highlighting. Recently it gave a problem under fedora.

$ pgcli --host pg.example.com --port 1234 --username username --password --dbname pgdb
Traceback (most recent call last):
 File "/usr/bin/pgcli", line 11, in <module>
 load_entry_point('pgcli==1.7.0', 'console_scripts', 'pgcli')()
 File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 572, in load_entry_point
 return get_distribution(dist).load_entry_point(group, name)
 File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2749, in load_entry_point
 return ep.load()
 File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2402, in load
 return self.resolve()
 File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2408, in resolve
 module = __import__(self.module_name, fromlist=['__name__'], level=0)
 File "/usr/lib/python2.7/site-packages/pgcli/main.py", line 40, in <module>
 from pgspecial.main import (PGSpecial, NO_QUERY)
 File "/usr/lib/python2.7/site-packages/pgspecial/__init__.py", line 12, in <module>
 from . import iocommands
 File "/usr/lib/python2.7/site-packages/pgspecial/iocommands.py", line 9, in <module>
 import psycopg2
 File "/usr/lib64/python2.7/site-packages/psycopg2/__init__.py", line 50, in <module>
 from psycopg2._psycopg import ( # noqa
ImportError: /usr/lib64/python2.7/site-packages/psycopg2/.libs/libresolv-2-c4c53def.5.so: symbol __res_maybe_init, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference

The resolution was to install the latest version directly from git using the pip3 command:

pip3 install git+https://github.com/dbcli/pgcli.git

 

 

Posted in General | Leave a comment

NU.NL Podcast Algemeen nieuws RSS feed

I was delighted to discover that the main go to news site in the Netherlands nu.nl, is doing a daily podcast. I enjoy catching up on the RTÉ Morning Ireland, and the BBC Global News podcasts on the train, and I was looking forward to adding NU.NL to the list.

For some reason they are redirecting people to iOS, Android, or to sound cloud. This seems strange as their other feeds are available via RSS feed and the link displays a forbidden error when accessed. Without a RSS feed, it makes it difficult for my automatic tools to download and reprocess (speed up) the shows.

Thanks to the excellent site http://getrssfeed.com/ I was able to get the actual feed that is been used by iTunes and here it is

http://feeds.soundcloud.com/users/soundcloud:users:334709957/sounds.rss

I’ve contacted nu.nl, and hopefully they will also add the link to their home page.

Posted in General | Leave a comment

Refresh a proxy cache with Curl

This is what you’re looking for http://martin.hoppenheit.info/blog/2015/refresh-proxy-cache-with-curl/

Posted in General | Leave a comment