lineageOS 20.0 TheMuppets blueline roomservice.xml


<?xml version="1.0" encoding="UTF-8"?>
  <project path="device/google/blueline" remote="github" name="LineageOS/android
_device_google_blueline" revision="lineage-20" />
  <project path="device/google/crosshatch" remote="github" name="LineageOS/andro
id_device_google_crosshatch" revision="lineage-20" />
  <project path="kernel/google/msm-4.9" remote="github" name="LineageOS/android_
kernel_google_msm-4.9" revision="lineage-20" />
  <project path="packages/apps/ElmyraService" remote="github" name="LineageOS/an
droid_packages_apps_ElmyraService" revision="lineage-20.0" />
  <project name="TheMuppets/proprietary_vendor_google_blueline" path="vendor/goo
gle/blueline" remote="github" revision="lineage-20" />
  <remote name="gitlab" fetch="" />
  <project name="the-muppets/proprietary_vendor_firmware" path="vendor/firmware"
 remote="gitlab" revision="lineage-20" depth="1" />

dynamic/live search box with php, javascript, mysql

I went through a bunch of iterations with this a couple years ago and didn’t get it working.

This is the second one I tried recently and was able to get what I wanted for hyperlinked results.

code blobs for posterity:


-- Database: `codingcage`

-- --------------------------------------------------------

-- Table structure for table `tbl_posts`

  `postTitle` varchar(255) NOT NULL,
  `postUrl` varchar(255) NOT NULL,
  PRIMARY KEY (`postID`)

-- Dumping data for table `tbl_posts`

INSERT INTO `tbl_posts` (`postID`, `postTitle`, `postUrl`) VALUES
(1, 'Simple jQuery Add, Update, Delete with PHP and MySQL', ''),
(2, '15 Free Bootstrap Admin Themes Demo and Download', ''),
(3, 'Easy Ajax Image Upload with jQuery, PHP', ''),
(4, 'How to Send HTML Format eMails in PHP using PHPMailer', ''),
(5, 'Ajax Bootstrap Signup Form with jQuery PHP and MySQL', ''),
(6, 'Submit PHP Form without Page Refresh using jQuery, Ajax', ''),
(7, 'How to Convert MySQL Rows into JSON Format in PHP', ''),
(8, 'Designing Bootstrap Signup Form with jQuery Validation', ''),
(9, 'Upload, Insert, Update, Delete an Image using PHP MySQL', ''),
(10, 'Login Registration with Email Verification, Forgot Password using PHP', '');


 $DBhost = "localhost";
 $DBuser = "root";
 $DBpass = "";
 $DBname = "codingcage";
 try {
  $DBcon = new PDO("mysql:host=$DBhost;dbname=$DBname",$DBuser,$DBpass);
 } catch(PDOException $ex){
$keyword = trim($_REQUEST['term']); // this is user input

 $sugg_json = array();    // this is for displaying json data as a autosearch suggestion
 $json_row = array();     // this is for stroring mysql results in json string

 $keyword = preg_replace('/\s+/', ' ', $keyword); // it will replace multiple spaces from the input.

 $query = 'SELECT postID, postTitle, postUrl FROM tbl_posts WHERE postTitle LIKE :term'; // select query
 $stmt = $DBcon->prepare( $query );
 if ( $stmt->rowCount()>0 ) {
  while($recResult = $stmt->fetch(PDO::FETCH_ASSOC)) {
      $json_row["id"] = $recResult['postUrl'];
      $json_row["value"] = $recResult['postTitle'];
      $json_row["label"] = $recResult['postTitle'];
      array_push($sugg_json, $json_row);
 } else {
     $json_row["id"] = "#";
     $json_row["value"] = "";
     $json_row["label"] = "Nothing Found!";
     array_push($sugg_json, $json_row);
 $jsonOutput = json_encode($sugg_json, JSON_UNESCAPED_SLASHES); 
 print $jsonOutput;


<!DOCTYPE html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="initial-scale=1.0, maximum-scale=2.0">
<title>AutoComplete Example in PHP MySQL</title>
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="">


 <div class="container">
     <div class="page-header">
        <h3 style="color:#00a2d1; font-size:30px; font-family: Impact, Charcoal, sans-serif; text-align: center;">AutoComplete Search with Href Link in PHP MySQL</h3>
        <div class="row">
         <div class="col-lg-12 text-center">
         <div class="col-lg-offset-2">
             <div class="form-group">
             <div class="input-group">
             <input id="txtSearch" class="form-control input-lg" type="text" placeholder="Search for PHP, MySQL, Ajax and jQuery" />
             <div class="input-group-addon"><i class="glyphicon glyphicon-search"></i></div>

<script src=""></script>
<script src=""></script>
<script src="bootstrap/js/bootstrap.min.js"></script>

     source: "post_search.php",
     minLength: 2,
     select: function(event, ui) {
         var url =;
         if (url != '#') {
             location.href = url
     open: function(event, ui) {
         $(".ui-autocomplete").css("z-index", 1000)


This site was the first one that I got working – but I wasn’t happy with using it for hyperlinked results.

code blobs for posterity:


WARNING: sanitize your input and prevent code injection attacks

html file:

    <title>Ajax Search Box using PHP and MySQL</title>
    <scriptsrc="">        </script>
     <script src="typeahead.min.js"></script>
   <inputtype="text" name="typeahead">

        name: 'typeahead',
        limit : 10
    $array = array();
    $query=mysqli_query($con, "select * from cfg_demos where title LIKE '%{$key}%'");
      $array[] = $row['title'];
    echo json_encode($array);

nominatim php-intl error message Class Transliterator not found code 0

ubuntu package management decided I didn’t need the current version of php-intl which was running in apache so nominatim fell on it’s face with this error message

“message” => Class “Transliterator” not found
“code” => 0))

I found the current version of php running in apache with this (put it in a file under the webserver and point a browser at it


and then install the relevant version of php-intl

control of domain(s) associated with nextcloud snap

associate domain names with your nextcloud snap

$ nextcloud.occ config:system:set trusted_domains 1 \
$ nextcloud.occ config:system:set trusted_domains 2 \

and then get new certs from letsencrypt

$ nextcloud.enable-https lets-encrypt


android games without ads or in-app-purchases

solitaire $0 $1.99

tetris $0 $0

Also some games on f-droid like 2048

copy of for posterity

Google Fi Dialer Codes

Here are a list of dialer codes that can be used with Google Fi.  These codes shouldn’t be used unless you are aware that they may impact the way your Fi phone switches between carriers.


Carrier Selection

The following options are only available for “Designed for Fi” phones. They will not work on the iPhone or “Compatible with Fi” phones because they are T-Mobile only.  See which class of phone you have here.

FI AUTO *#*#342886#*#* Set carrier selection to automatic.
FI NEXT *#*#346398#*#* Select Next Carrier
FI SPR *#*#34777#*#* Select Sprint for 2 hours
FI TMO *#*#34866#*#* Select T-Mobile 2 hours
FI USC *#*#34872#*#* Select US Cellular 2 hours
FI SIMON *#*#3474666#*#* Select Three (UK only)

Service Codes

FIXME *#*#34963#*#* Force reactivation
FI INFO *#*#344636#*#* Get information about the current network.
INFO *#*#4636#*#* Get general phone information.
DEBUG *#*#33284#*#* Phone Debug Options
PRL *#*#775#*#* Force download of Preferred Roaming List (Sprint)
PRL *228 Force download of Preferred Roaming List (US Cellular)
FI ROAM *#*#347626#*#* Turn on International Roaming
*#*#794824746#*#* Switch to / from eSim.

install lineageOS on blueline (pixel 3)

copy of for posterity

Install LineageOS on blueline

Basic requirements

  1. Make sure your computer has adb and fastboot. Setup instructions can be found here.
  2. Enable USB debugging on your device.

Unlocking the bootloader

  1. Enable OEM unlock in the Developer options under device Settings, if present.
  2. Connect the device to your PC via USB.
  3. On the computer, open a command prompt (on Windows) or terminal (on Linux or macOS) window, and type:
    adb reboot bootloader

    You can also boot into fastboot mode via a key combination:

    • With the device powered off, hold Volume Down + Power.
  4. Once the device is in fastboot mode, verify your PC finds it by typing:
    fastboot devices
  5. Now type the following command to unlock the bootloader:
    fastboot flashing unlock
  6. If the device doesn’t automatically reboot, reboot it. It should now be unlocked.
  7. Since the device resets completely, you will need to re-enable USB debugging to continue.

Temporarily booting a custom recovery using fastboot

  1. Download a custom recovery – you can download Lineage Recovery. Simply download the latest recovery file, named something like lineage-17.1-20201116-recovery-blueline.img.
  2. Connect your device to your PC via USB.
  3. On the computer, open a command prompt (on Windows) or terminal (on Linux or macOS) window, and type:
    adb reboot bootloader

    You can also boot into fastboot mode via a key combination:

    • With the device powered off, hold Volume Down + Power.
  4. Once the device is in fastboot mode, verify your PC finds it by typing:
    fastboot devices
  5. Temporarily flash a recovery on your device by typing:
    fastboot flash boot <recovery_filename>.img
  6. With the device powered off, hold Volume Down + Power.

Installing LineageOS from recovery

  1. Download the LineageOS installation package that you would like to install or build the package yourself.
    • Optionally, download additional application packages such as Google Apps (use the arm64 architecture).
  2. If you are not in recovery, reboot into recovery:
    • With the device powered off, hold Volume Down + Power.
  3. Now tap Factory Reset, then Format data / factory reset and continue with the formatting process. This will remove encryption and delete all files stored in the internal storage, as well as format your cache partition (if you have one).
  4. Return to the main menu.
  5. Sideload the LineageOS .zip package:
    • On the device, select “Apply Update”, then “Apply from ADB” to begin sideload.
    • On the host machine, sideload the package using: adb sideload
  6. (Optionally): If you want to install any additional add-ons, click Advanced, then Reboot to Recovery, then when your device reboots, click Apply Update, then Apply from ADB, then adb sideload those packages in sequence.
  7. Once you have installed everything successfully, click the back arrow in the top left of the screen, then “Reboot system now”.

Update to a newer build of the same LineageOS version on blueline

Updating your device

Using the LineageOS Updater app

  1. Open Settings, navigate to “System”, then “Updater”.
  2. Click the Refresh Icon in the top right corner.
  3. Choose which update you’d like and press “Download”.
  4. When the download completes, click “Install”. Once the update process has finished, the device will display a “Reboot” button, you may need to go into the Updater menu in Settings, “System” to see it. This will reboot you into the updated system.

From your PC via the push_update script (Linux/macOS only)

  1. Make sure your computer has working adb. Setup instructions can be found here.
  2. Enable USB debugging on your device. Additionally, open Settings, then “System”, then “Developer Options”, and then either check “Rooted Debugging” (LineageOS 17.1 or above) or select “Root Access Options”, then “ADB Only”.
  3. Run adb root
  4. Run wget
    && chmod +x
  5. Run: ./ /path/to/zip
  6. Open Settings, navigate to “System”, then “Updater”. click “Install”. Once the update process has finished, the device will display a “Reboot” button, you may need to go into the Updater menu in Settings, “System” to see it. This will reboot you into the updated system.

backup/install android app from adb

search elsewhere for how to enable developer mode, and how to enable usb debugging.

#then find the fullname of the app

$adb shell 'pm list packages' |grep i foo

#Then find the path to the app

$ adb shell pm path

# then download the app

$ adb pull /data/app/

#then later or on another device restore the app

$ adb install -r base.apk


julia postgres libpq update example

The Julia community seems shy about posting examples of database things…

use LibPQ, Tables


conn = LibPQ.Connection("host=$server dbname=$db user=$usr password=$passwd")
sql = """select char from foo""" 

conn2 = LibPQ.Connection("host=$server dbname=$db user=$usr password=$passwd") 
sql2 = prepare(conn2, """update bar set agility = \$1 , bravery = \$2 where char = \$3""" ) 

response = execute(conn, sql) 

for row in rowtable(response)
  ag = agility(row[:char])
  br = bravery(row[:char])
  execute(sql2, (ag, br, row[:char]))

Goodbye linksys

So the last time I purchased a new wireless router – I tried to find a wireless router that had a future – something where I could replace the stock firmware once the software updates stopped coming from the manufacture. But by this time linksys had sold its soul and stopped shipping wireless routers with the serial headers – my EA6350v2 was one such of these, prior to attempting to solder on pins or making a clothespin serial doohickey, I purchased a backup EA6350v2 off ebay so I wouldn’t have to repeat the cycle if I botched the job. Fortunately the backup EA6350v2 had the serial port pins so I was able to get ddwrt going with out too much fuss. However a few weeks in the wifi was behaving funky on this backup 6350v2 so I went looking for another router – I was looking for a new/better linksys router  but came across this sentence: as of October 2020, WE CANNOT ENDORSE BUYING A EA8500 ANYMORE – as linksys has started making it even harder to get alternate firmware installed.  So I picked up a Netgear r6300v2, cracked the case, loaded recent version of ddwrt via serial port and added linksys to my never list.

julia mysql mariadb dbinterface update  mariadb — mysql

while doing a query on “conn”, I opended second connection “conn2”, and updated the table while stepping through the results of the first query

conn = DBInterface.connect(MySQL.Connection,"localhost","user","pass",db="foo")
sql = """select char from foo"""
response = DBInterface.execute(conn,sql)
conn2 = DBInterface.connect(MySQL.Connection,"localhost","user","pass",db="foo")
sql2 = DBInterface.prepare(conn2, "UPDATE foo set agility = ?, bravery = ? where character = ?")
for row in response
    DBInterface.execute(sql2, (ag, br, char))

julia complains without the parens around the arguments on the DBInterace.execute line.

linksys EA6350v2 with dd-wrt

installing dd-wrt on a EA6350v2 from linux.

So linksys hasn’t released a firmare update for the EA6350V2 since 11/2017 and it is still on a 2.6 kernel, so I wanted to try to get to a newer kernel – DD-WRT supports EA6350v1 and the forum has tale of the same version working for the EA6350v1 working on the v2 – but you need to crack the case and use a serial port to upgrade.

My original EA6350v2 didn’t have headers on the serial port – guess they saved $0.05 that day – $5 .

so I bought another router one off ebay ( $23 – this one was built on a less cost cutting day and had the serial headers, I got a usb serial port off of ebay – something like this one $6.

Then I hooked up my laptop to my “new” router via the serial port – you have to get the cover off the linksys, find the serial port – to the left of the big heat sink, the arrow marks the 3.3v pin (unused), next to that is TXD, then RXD, then GND (this is from left to right with the ports/antennae away from you. – you’re going to cross TXD from your serial adapter to RXD on the linksys, and RXD from your adapter to TXD with GND to GND.

I installed putty on linux – i know – and configured it to use /dev/ttyUSB0, 115200, 8,n,1 and connect to the serial port and voila I could watch my ea6350v2 boot and stop it during boot with ctrl + c which yeilds a CFE> prompt.

After getting the boot stopped, I connected my cross over cable between my linux laptop and one of the LAN ports on the router (not the one you connect to your cable modem/dsl box) and was able to ping (the router) –

(i have a big box of ethernet cable and a crimper and rj45 connectors so I made my own cross over cable long ago – the router might automatically do the cross over for you or you can get your own cross over cable  $5).

(My laptop doesn’t have a wired ethernet port so I used a older relative of this $ 19. )

My network port was actually already configured with a 192.168.1.x address but you can just bring it up with

$ sudo ifconfig <interface> inet netmask

then on the router (via serial port) I typed:

CFE> flash -noheader : nflash0.trx

it said Reading :

then on the linux command line I typed

$ tftp
tftp> binary

tftp> put put linksys-ea6350-webflash.bin

71 seconds later the router (via serial) said programming and eventually returned to the CFE> prompt where I asked it to flash to the other location.

CFE> flash -noheader : nflash0.trx2

and I then repeated the above tftp put command

and another 71 seconds later it said programming again and after a bit returned to the CFE> prompt

after powercycling the linksys it came up running DD-WRT.

cisco ip phone 7942


lots of funky configs out there…

If the phone is able to get its IP address over dhcp, its config via tftp, and you have a valid ntp IP address in your config file and you have connectivity to that server and the phone isn’t updating the time at boot you probably have a bug in your config file and may need to start from basics and built up slowly…

reboot sequence – hit the settings key then dial **#**

don’t use the factory reset key sequence unless you have a dhcpserver and tftp server setup and the software to put on the tftpserver … otherwise it will just spin trying to install new default software.

my big hurdle was figuring out that the proxy section of <sipLines><line button=”1″><featureID>9</featureID> wasn’t <proxy>USECALLMANAGER</proxy>

I tried to be special and add the ip address again of my sip server – the behavior of the phone in this mode is to get the SEP<MAC>.cfg.xml file, get the dialplan.xml and do nothing.

Here’s a good reference I found after I was up and running:

usb audio fun

so I tried to reset my bios defaults earlier today to try to fix another problem that popped up and I accidentally enabled by builtin sound card… rather than rebooting to take advantage of my new /etc/modprobe.d/blacklist of snd_hda_intel, and my new /etc/modprobe.d/alsa-base.conf settings ( see: ) so to be able to rmmod all the sound modules (snd or snd_something I first had to kill off pulseaudio at the same time as I removed the blocking snd module in this case snd_usb_audio

#killall pulseaudio;rmmod snd_usb_audio

after that module fell I could remove all the rest in an orderly fashion. and then once the evil snd_hda_intel was vanquished I just pulled the USB sound card out and plugged it back in, voila!

installing canon printer drivers on ubuntu 20.04 without running their bash script

So I really like canon color laser multi function printers – for their full duplex color printing, their copying, for full duplex scanning to a pdf on a usb stick (scanning to sane didn’t work the last time I looked), but certainly not for installing packages via a bash script as root…

So I spent some time today finding the relevant deb file (similar named RPM if you prefer).

Untar the tar ball you got from the canon website and then

# dpkg -i 64-bit_Driver/cnrdrvcups-ufr2-us_5.20-1_amd64.deb

then install the printer under the ubuntu settings / printers

odds are that your printers’ ppd is included in the above deb file, if you happen to have trouble with that, you can look through the PPD/Debian directory for your printers ppd file.

Random Chrome Crashing

Chrome kept crashing today – not the whole thing – but certain tabs when they loaded a lot of content. I updated chrome and everything else that needed updates, restarted chrome, turned off all the extensions. still crashing…

Then I deleted 12 gigs of files I was storing in /dev/shm… much better…

ubuntu 18.04 stopped working after update

had to boot into single user mode – edit the grub entry – add single near the end of the linux line – search single user mode ubuntu 18.04

Then I had to run the first few startup items so that I had a network – update the software and then install lightdm

the list of things to start you can get with ls /etc/rc2.d (leave off the S01 at the beginning).

then start them with systemctl start

systemctl start acpid anacron apf-firewall apport atd avahi-daemon

credit default swaps

Using data reported by Depository Trust & Clearing Corporation during the 155 weeks ending June 28, 2013, there were credit default swaps traded on only 13 reference names among U.S. banking firms:

Bank of America Corporation
Morgan Stanley
The Goldman Sachs Group, Inc.
JPMorgan Chase & Co.
Citigroup Inc.
Wells Fargo & Co. (NYSE:WFC)
MetLife, Inc. (NYSE:MET)
Ally Financial, Inc.
iStar Financial Inc. (SFI)
American Express Company (NYSE:AXP)
Capital One Financial Corporation (NYSE:COF)
Capital One Bank (USA), National Association
Citigroup Japan Holdings Corp.


ubuntu 18.04 manual raid, crypt, lvm highlights

After many days of banging my head against how to get 18.04 installed with raid1, crypt, and lvm on new disks from alternative server iso, the crux was the 1mb bios boot partition at the beginning of both disks.
Without that I’d get all the way through the install and – can’t install grub “you’re f’d”

What I did:

partition 1mb bios boot partition 1mb into the disk – offset by 2048 bytes from beginning of disk for size of 2048 bytes. type is bios boot.

then I did a generous boot partition of 732MB as raid, then the rest of the disk as a raid partition.

setup raid on sd[a,b]2 as md0, sd[a,b]3 as md1

setup ext4 on md0 mount as /boot

setup crypt on md1

setup lvm on crypt
setup swap on lvm, setup root on lvm

assign swap as swap
setup ext4 on lvm-root mount on /

finish install

xenserver 7.0 based on centos 7.2 states:

 The Control Domain: Also known as 'Domain0', or 'dom0', the Control Domain is a secure, privileged Linux VM (based on a CentOS 7.2 distribution) that runs the XenServer management toolstack. Besides providing XenServer management functions, the Control Domain also runs the driver stack that provides user created Virtual Machines (VMs) access to physical devices. 

apply xen server patches in bulk

download a bunch of the buggers

for file in XS*.zip;do foo=`basename -s .zip $file`; unzip $file; bar=`xe patch-upload file-name=${foo}.xsupdate`;xe patch-apply uuid=$bar host-uuid=YOUR_HOST_UUID;done

you’ll probably want to add an rm of the zip file and an rm of the xsupdate file (exercise for the reader)

This won’t work for XS70E002 and XS70E003 until you apply XS70E004 (read the release notes).

add iso partition to xenserver


for posterity…

figure out the name of the volume group (something like name-uuid)



create the new volume

lvcreate -L 150G -n ISOs name-uuid


find the volume you just created

lvscan |grep ISO


create the filesystem

mkfs.ext2 /dev/other-name-uuid/ISOs


make the mount point

mkdir /mnt/isos


create the repository

xe sr-create name-label=ISOs type=iso device-config:legacy_mode=true device-config:location=/mnt/isos content-type=iso


mount the disk

mount -t ext2 /dev/name-uuid/ISOs /mnt/isos


using vm-snapshot to clone a domU

CAUTION: with the following the system is up so you risk file loss, data loss, etc. — use at your own risk.

Ideally you would shutdown your domU and use vm-export rather than vm-snapshot.

make a snapshot

 xe vm-snapshot vm=name new-name-label=name-foo

this returns a uuid

  xe vm-export vm=UUID filename=|bzip2 > file.xva.bz2

move the file about

scp file.xva.bz2

import the snapshot

 cat file.xva.bz2 |ssh "bunzip2|/opt/xensource/bin/xe vm-import filename=/dev/stdin"

then recreate the clone from the snapshot template under openxenmanager or other management tool.

para – virtualize to install from iso copied for posterity

In order to boot from cd or dvd you need to change the guest virtualization type from HVM (fully virtualized) to PV (paravirtualized).

xe vm-param-set HVM-boot-policy="BIOS order" uuid=[uuid of your vm]

After you have booted from dvd, change back to fully virtualized mode:

xe vm-param-set HVM-boot-policy="" uuid=[uuid of your vm]

motorola Surfboard 6141 making noise

I just want to say despite many nay-sayers posting responses to this on other threads there is something in my SB 6141 that vibrates with uploads. (correlated by noise during speed test).

These two links are have the identical report and then other people trying to argue that it’s not the cable modem. It is the cable modem! It happens with my the use of my phone over wifi, with my computer, laptop, with all the screens and speakers turned off, there are no headphones involved.

I can modulate the sound during an upload by twisting the case. Viewed from from the top of the case, if I twist the top clockwise and the base counter clockwise I can decrease and eliminate the sound.

Really annoying to have a fanless, ssd desktop and a noisy cable modem.

animated gif from imagemagick

put the list of files into a file

ls -1 foo*.jpg > /var/tmp/jpglist

rename randomly named files in numerical order

cat /var/tmp/jpglist|perl -e'$i=1;while ($name=) { chomp $name;$new="week" . $i . ".jpg";system ("cp $name $new");;$i++};'

resize all 13 files named week[number].jpg, add the Week[number].jpg to the lower right hand corner of the file

for file in {1..13} ;do convert -adaptive-resize 256x -gravity SouthEast  -pointsize 30 -annotate 0 "Week $file" week$file.jpg week${file}_sm.jpg; done

stack the jpgs into a animated gif, center the extra vertical space (not all the images are the same height, the tallest image is about 350 pixels).

convert -delay 200 -loop 0 -gravity center -extent 256x350 -coalesce -trim -layers TrimBounds -dispose 2 week[1-9]_sm.jpg week1[0-9]_sm.jpg animated.gif

citrix receiver linux breaks every couple years

and I spend a week looking for the answer – the basic searches lead to dead ends with old articles about server side stuff

searches like

citrix receiver COMODO RSA

don’t help you find the “good stuff”

the good stuff is #5 here:
quoteing for posterity

By default, Citrix Receiver only trusts a few root CA certificates, which causes connections to many Citrix servers to fail with an SSL error. The 'ca-certificates' package (already installed on most Ubuntu systems) provides additional CA certificates in /usr/share/ca-certificates/mozilla/ that can be conveniently added to Citrix Receiver to avoid these errors:

sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/
sudo c_rehash /opt/Citrix/ICAClient/keystore/cacerts/

14.04 software raid and encryption

I used this as a starting point

I did my own pairs of /boot and / partions on my real disks sda and sdb, then installed mdadm and created the md0 and md1 raids from the command line then ran ubiquity -b

(my /boot is not encrypted, but / is)

used md1 as a encrypted volume which I then mounted as /

#I then used the first guide’s steps to chroot into the new disk, and setup grub
grub-install /dev/sda
grub-install /dev/sdb

#but added steps from

to make sure the initrd knew how to mount my encrypted /

#these steps help initrd find my software raid
mkdir -p /dev/md
ln -s /dev/md0 /dev/md/0
ln -s /dev/md1 /dev/md/1
ln -s /dev/md0p1 /dev/md/0p1
ln -s /dev/md1p1 /dev/md/1p1

#make grub easier to deal with
/etc/default/grub (change silent to vervbose, comment out the HIDDEN lines, set the bootwait=10, nosplash, bootdegraded=true

/etc/grub.d/10_linux (set quickboot and quietboot to zero)

add some things to the end of /etc/default/grub


#tweaks to get the crypto stuff into initrd
echo “CRYPTSETUP=y” >> /etc/initramfs-tools/initramfs.conf

sed -i -e’s|^setup=”no”$|setup=”yes”|g’ /usr/share/initramfs-tools/hooks/cryptroot

#then rebuild initrd
update-initramfs -c -k all

#then confirm that your initrd has the crypt stuff
lsinitramfs /boot/initrd.img-3.13.0-40-generic | grep cryptroot
lsinitramfs /boot/initrd.img-3.13.0-40-generic | grep cryptsetup

# Update grub.cfg

then exit the chroot and umount and reboot

nvidia driver

sudo add-apt-repository -y ppa:xorg-edgers/ppa
sudo apt-get update
sudo apt-get install nvidia-340


sudo add-apt-repository ppa:niko2040/e19
sudo apt-get update
sudo apt-get install enlightenment

amazon prime movies in mozilla

sudo add-apt-repository ppa:mjblenner/ppa-hal
sudo apt-get update
sudo apt-get install hal

netflix just works with a modern chrome

quick and easy pdf editing

GIMP is my new goto for editing pdfs, not as good as the real thing — it edits by drawing graphics over the page — rather than typing in forms on the page — but for filling out basic paper forms it can work well.
1) save pdf
2) open pdf with gimp
3) pick your resolution (100 pixels can work well for basic stuff)
4) draw on or, type on your page
5) export back to pdf — can even overwrite the orig file.

centos 6 qmail (just qmail) for local outbound email only

after you’ve already done this:

(if you’re not interested in a djbdns dns cache do the first two parts to install daemontools and ucspi)

Install outbound only qmail smtp service to your box with the following:

cd /var/tmp/
yum install gcc gcc-c++ make patch pam-devel openssl*  wget -y 
yum install vim-common vim-enhanced autoconf automake -y
tar zxf netqmail-1.06.tar.gz 
cd netqmail-1.06
mkdir -p /var/qmail/alias
groupadd nofiles
useradd -M -g nofiles -d /var/qmail/alias alias
useradd -M -g nofiles -d /var/qmail qmaild
useradd -M -g nofiles -d /var/qmail qmaill
useradd -M -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -M -g qmail -d /var/qmail qmailq
useradd -M -g qmail -d /var/qmail qmailr
useradd -M -g qmail -d /var/qmail qmails
make setup check
cat /dev/null > /var/qmail/control/rcpthosts
echo ./Mailbox >/var/qmail/control/defaultdelivery

cat > bin/qmailctl
# cut and paste contents of script from

chmod 755 /var/qmail/bin/qmailctl
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-send/log

echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/run
echo 'exec /var/qmail/rc' >>/var/qmail/supervise/qmail-send/run

echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/log/run
echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail' >>/var/qmail/supervise/qmail-send/log/run

cat > /var/qmail/supervise/qmail-smtpd/run
# cut and paste contents of script from

# if you get segfaults when you try to start qmail-smtpd
# you need to increase the soft limit in this file (9000000) 
# did the trick for me

# change the last line of the above script
# change the "0 smtp" to " 25"

echo 5 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming

echo '#!/bin/sh' > /var/qmail/supervise/qmail-smtpd/log/run
echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd' >> /var/qmail/supervise/qmail-smtpd/log/run

    chmod 755 /var/qmail/supervise/qmail-send/run
    chmod 755 /var/qmail/supervise/qmail-send/log/run
    chmod 755 /var/qmail/supervise/qmail-smtpd/run
    chmod 755 /var/qmail/supervise/qmail-smtpd/log/run

mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /var/qmail/supervise/qmail-send 
/var/qmail/supervise/qmail-smtpd /service
echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
/var/qmail/bin/qmailctl cdb

echo '#!/bin/sh' > /var/qmail/rc
echo >> /var/qmail/rc
echo '# Using stdout for logging' >> /var/qmail/rc
echo '# Using control/defaultdelivery from >> /var/qmail/rc
echo '# qmail-local to deliver messages by default >> /var/qmail/rc
echo >> /var/qmail/rc
echo 'exec env - PATH="/var/qmail/bin:$PATH" ' >> /var/qmail/rc
echo 'qmail-start "`cat /var/qmail/control/defaultdelivery`"' >> /var/qmail/rc
chmod 755 /var/qmail/rc

/var/qmail/bin/qmailctl stop ;
/var/qmail/bin/qmailctl start

woe to the passive mode, woe to the active mode

#This always seems to bite me in the ass.
#dont’ forget to :
# modprobe ip_conntrack_ftp

-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
# -A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

xen xcp xapi change from eth0 to eth1 (after you delete eth0 eth1 becomes eth0 orn reboot)

#get the uuid of the box you want to add the eth1 to
xe vm-list

#list the interfaces that are associated with that box
xe vif-list | grep

#get list of network-uuids to pick from (in my case there are only 2)
xe vif-list |grep network-uuid| sort -u

# make the eth1 interface
vif-create device=1 vm-uuid= network-uuid=

# plug in the eth1 interface (uuid from prior step)
xe vif-plug uuid=

# unplug the eth0 interface (uuid from step 2)
xe vif-unplug uuid=

#delete the eth0 interface (after a reboot your new eth1 will be eth0)
xe vif-destroy uuid=

funky networking bug

Able to download at 8-20 Mbps, only able to upload at 300kbps. Advertised rate is more than 10x that. It was on all uploads I tried (ssh, ftp, http).

Aside: it is nearly impossible to do anything on Charter’s website but get stuck in their endless “help pages”.

Finally called and they eventually got me to plug directly into the cable modem, and the problem is gone. So after giving their tech support person high marks, I tried to upgrade to latest free router software but no go, my wrt couldn’t get an IP from charter – downloaded next most recent version to my smart phone and then ftp’d it from my smart phone with an FTP server app over wifi. (I didn’t have the right software to download data from my new smartphone over the cable – darn MTP)

The initial problem was with a very old version of the free router software on a WRT and 1 year old motorola cable modem. The version that would install kinda worked with faster uploads but would frequently crash, so switched to a red vegetable variant with much better results.

xcp add disk

xe sr-list #gives you a list of sr’s from which to pick a sr-uuid

xe vdi-create sr-uuid= name-label= type=user virtual-size=
#the above vdi-create outputs a vdi-uuid

xe vm-list # gives you a list of vm’s from which to pick a vm-uuid

xe vbd-create vm-uuid= vdi-uuid= bootable=false mode=RW type=Disk device= #pick an unused device name (my box had “disks” up to xvdc so I used xvdd)
# the above vbd-create outputs the vbd’s uuid

xe vbd-plug uuid=
#your new devices should now be visible from your domU

new vps with centos 6 for tinydns secondary

yum update -y ;

vi /etc/sysconfig/iptables; #configuring iptables is an exercise for the reader
iptables-restore /etc/sysconfig/iptables;

/etc/init.d/httpd stop;
chkconfig --del httpd;

/etc/init.d/sendmail stop;
chkconfig --del sendmail;

/etc/init.d/xinetd stop;
chkconfig --del xinetd;

#install daemontools (djb does crazy things with symlinks - trust me when I say you want this package installed and built under /usr/local)
yum install gcc -y;
cd /usr/local/src;
wget wget;
tar zxf daemontools-0.76.tar.gz;
pushd admin/daemontools-0.76;
vi src/conf-cc;# append gcc line with this: -include /usr/include/errno.h ;

#install ucspi
tar zxf ucspi-tcp-0.88.tar.gz;
pushd ucspi-tcp-0.88;
vi conf-cc ;# append gcc line with this: -include /usr/include/errno.h ;
make setup check;

#install djbdns
tar zxf djbdns-1.05.tar.gz;
pushd djbdns-1.05;
vi conf-cc; # append gcc line with this: -include /usr/include/errno.h ;
make setup check;

#install a local dns server for looking up addresses
useradd -d /var/dnscache -s /bin/false dnscache;
useradd -d /var/dnscache -s /bin/false dnslog;
rm -rf /var/dnscache;
dnscache-conf dnscache dnslog /var/dnscache;

touch /var/dnscache/root/ip/;
ln -sf /var/dnscache /service/;

#update the root nameservers that dnscache above uses
yum install bind-utils -y;

/etc/init.d/named stop;
chkconfig --del named;

for file in `dig |grep|awk '{ print $5 }'`;do host $file;done|grep -v IPv6|grep -v mail|grep -v pointer|awk '{ print $4 }'|sort -n > /var/dnscache/root/servers/@ ;

#setup svscan
#this next line is for centos and variants -- ubuntu doesn't seem to have an #/etc/inittab
vi /etc/inittab # get rid of this line: SV:123456:respawn:/command/svscanboot
#the next 5 lines work on centos and kin and ubuntu and kin
echo "start on runlevel [12345]" > /etc/init/svscan.conf;
echo "respawn" >> /etc/init/svscan.conf;
echo "exec /command/svscanboot" >> /etc/init/svscan.conf;
initctl reload-configuration;
initctl start svscan;

#setup tinydns
useradd -d /var/tinydns -s /bin/false -M tinydns;
useradd -d /var/tinydns -s /bin/false -M tinylog;
tinydns-conf tinydns tinydns /var/tinydns IP;
ln -sf /var/tinydns /service/
# configure your replication
# e.g. rsync over ssh triggered from the Makefile on the primary
# exercise for the reader ...

backup to warm-swapable disk

#physically insert disk
# on this next line the hostN number may be different
echo “- – -” > /sys/class/scsi_host/host5/scan
mount /dev/sdc1 /mnt
rsync -aHxv /boot /mnt
rsync -aHxv /dev /mnt
rsync -aHxv / /mnt
#this is for a special home directory
mount –bind / /media
rsync -axv /media/home/user /mnt/home/
umount /media
umount /dev/sdc1
#stuff to spindown disk
sudo hdparm -Y /dev/sdc
#physically remove disk

djbdns dnscache

This is great simple way to get off of your ISP’s dns, e.g. stop them redirecting you to their search partner when you typo. And very handy if you’re working with DNS or changing webhosts, in that a quick sudo killall dnscache clears out your cache so you can see the new site right away.

#install daemontools (djb does crazy things with symlinks – trust me when I say you want this package installed and built under /usr/local)
yum install gcc
cd /usr/local/src
wget wget
tar zxf daemontools-0.76.tar.gz
pushd admin/daemontools-0.76
vi src/conf-cc # append gcc line with this: -include /usr/include/errno.h

#install ucspi
tar zxf ucspi-tcp-0.88.tar.gz
pushd ucspi-tcp-0.88
vi conf-cc # append gcc line with this: -include /usr/include/errno.h
make setup check

#install djbdns
tar zxf djbdns-1.05.tar.gz
pushd djbdns-1.05
vi conf-cc # append gcc line with this: -include /usr/include/errno.h
make setup check

#install a local dns server for looking up addresses
useradd -d /var/dnscache -s /bin/false dnscache
useradd -d /var/dnscache -s /bin/false dnslog
rm /var/dnscache/.bash*
dnscache-conf dnscache dnslog /var/dnscache
touch /var/dnscache/root/ip/
ln -sf /var/dnscache /service/

#update the root nameservers that dnscache above uses
yum install bind-utils
for file in `dig |grep|awk '{ print $5 }'`;do host $file;done|grep -v IPv6|grep -v mail|grep -v pointer|awk '{ print $4 }'|sort -n > /var/dnscache/root/servers/@

#setup svscan
# this next line is for centos and kin (ubuntu doesn’t seem to have /etc/inittab
vi /etc/inittab # get rid of this line: SV:123456:respawn:/command/svscanboot
# the next 5 lines are for both centos and kin, and for ubuntu and kin
echo " start on runlevel [12345]" > /etc/init/svscan.conf
echo "respawn" >> /etc/init/svscan.conf
echo "exec /command/svscanboot" >> /etc/init/svscan.conf
initctl reload-configuration
initctl start svscan

The above is a copy from my other post:

Others have also talked about setting up dnscache:

oh Nvidia 6150se how I hate thee

I have been battling with you since I purchased you 4 years ago on a BIOSTAR MCP6P M2+ motherboard. The many dozens of hours of tweaking to keep you and ubuntu playing nicely. The iterative search for the right combination of nvidia drivers each time I changed anything. The final straw came on an innocent apt-get update/upgrade cycle when poof no X after reboot, I probably just needed to rebuild the installed driver for a new kernel, but I panicked and tried to reinstall the nvidia driver and was unable to get any of the currently available drivers to work. What did work was replacing you. good bye.

oh grub2 how I hate thee

let me count the ways…

infinity plus 1) you think you are smart but you are not,
infinity plus 2) you do not give the people the power they need to help out when you are not smart — see number 1.

I simply wanted to upgrade my 1TB of software raid 1 to 1.5 TB of software raid 1, besides the time for copying and syncing it should be a slam dunk, but thanks to grub2 it was a super utter cluster f*ck.

I started by transitioning to a non mirrored 1.5 Tb disk with boot, swap and root, then after I was able to boot that, I built a set of degraded raid1’s on the other disk and then tried to bring the the first 1.5.

however my partition on the first half of the degraded raid was slightly larger than partition on the second half, I tried to resize it but then it wouldn’t boot… so I got to do the whole 1TB copy with billions of hard links over again… These are the steps to resize a raided partition if you are not using it for root

Finally on the system 10 days later, still need to add the other half of the degraded disk, but this time they are the same size.

For grub2 help this page was helpful, (mostly pages 2 and 3):

I also manually updated the device map /boot/grub/ which may have helped things, dunno…

There was a post I read along the way but can’t find the URL that talked about using chroot, after mounting some things like dev and proc into the future chroot, that sounded promising, but I didn’t have to do that.

I also tried a shit ton of different ways to tell grub to boot my degraded mirror, ran grub-install, update-grub, and update-initramfs many, many, many times, what ultimately seemed to work was to run update-grub and grub-install again after I hacked my way to getting grub to boot up with root on /dev/md2. After the raid is done re-syncing I’ll try to pull the half that I built first and try to boot from the new half.

grub2 help for kernel upgrade on Ubuntu 12.04 domU on XCP

I wouldn’t be posting if this wasn’t yet another corner case, where things don’t work as they should… I likely built my xcp-xapi box at a bad time for xcp-xapi and grub2, hopefully this helps others…

Situation: installing new virtual kernel on Ubuntu 12.04 domU kernel upgrade crashes royally:

Error: Starting VM – Using to parse /boot/grub/grub.cfg – WARNING:root:Unknown directive load_video – WARNING:root:Unknown directive terminal_output – WARNING:root:Unknown directive else – WARNING:root:Unknown directive else – WARNING:root:Unknown directive else – WARNING:root:Unknown directive else – WARNING:root:Unknown directive else – WARNING:root:Unknown directive export – WARNING:root:Unknown image directive recordfail – WARNING:root:Unknown image directive gfxmode – WARNING:root:Unknown image directive recordfail – WARNING:root:Unknown directive submenu – WARNING:root:Unknown image directive recordfail – WARNING:root:Unknown image directive gfxmode – WARNING:root:Unknown image directive recordfail – Traceback (most recent call last): – File “/usr/lib/xcp/lib/pygrub.xcp”, line 853, in – raise RuntimeError, “Unable to find partition containing kernel” – RuntimeError: Unable to find partition containing kernel

Background: Ubuntu 12.04 dom0 running xcp

Work around (

 xe vm-param-set uuid=<VM-UUID> PV-bootloader-args="--kernel=/boot/vmlinuz-3.2.0-29-virtual --ramdisk=/boot/initrd.img-3.2.0-29-virtual"
xe vm-param-set uuid=<VM-UUID> PV-args="root=UUID=<disk-UUID> ro -- console=hvc0"

ubuntu 12.04 xcp bare metal recovery via rsnapshot

I’m verifying my backup process via a bare metal recovery to identical hardware so I thought I’d take some notes…

I got started on my ubuntu xen xcp/xapi setup with this excellent guide:

Booted a usb based rescue disk to partition my disks the same as oringinal dom0, then rsync over the stuff from my dom0 rsnapshot, created /dev /proc and /sys directories, mounted them with –bind and then chrooted on to the actual partition to rebuild grub

sudo grub-install /dev/sdb
sudo grub-install --recheck /dev/sdb
sudo update-grub

Then umounted things and rebooted, and volia… but networking wasn’t happy… after some banging around I discovered my old nemesis the udev persistent crap, who ever thought of this has some explaining to do, how could this have ever been worth it? Maybe I’m just not in the use case where it’s good for my network adapter to seemingly randomly stop working. None the less, a quick

rm of /etc/udev/rules.d/70-persistent-net.rules

and a reboot and things were back to the way they should be. (also updated my rsnapshot exclude list so I can forget about udev for a while).

UPDATE(9/3/12): just booted the box and realized that it was unhappy about UUIDs of the new filesystems (/dev/sda1 (root) and /dev/sda2 (swap) in my case so some grub editing was needed to boot, and then also updating of /etc/fstab and running update-grub.

With xen xcp-xapi on ubuntu we’re pretty much off book so for this portion of the restore I’m planning to clean things out, create a new LVM, and then import from basic generic vxa images, and then restore domU data/settings from rsnapshot.

I cleaned out the xe setup with a number of commands including xe sr-forget, xe vm-destroy, xe pbd-unplug, xe pdb-destroy, xe vdi-destroy, and xe vbd-destroy, also the -list version of the above helps to identify what to destroy.

I recreated the LVM (synopsis of steps from above guide).

fdisk, n, p, 3, , t, 8e, W. #(use the rest of the disk)
pvcreate /dev/sda3
vgcreate VolumeGroup /dev/sda3
pvdisplay #(get size from here)
lvcreate --size G -n LocalStorage VolumeGroup
xe sr-create type=ext name-label=Local Storage device-config:device=/dev/mapper/VolumeGroup-LocalStorage

Next I set the recently created sr as the default SR and imported a vxa. then used nmap to find it, as that’s faster way to find it than logging in to my wrt.

xe sr-list
xe pool-list
xe pool-param-set uuid= default-SR=
xe vm-import filename=.vxa
xe vm-start vm=
nmap -PN -sS

I then rsync’ed the domU settings/data back and rebooted. I use the -anv in order to see what it’s going to do before it mucks things up…

rsync -anv --delete --exclude-from= . host:/|less
rsync -a -delete --exclude-from= . host:/

update(9/3/12): also snapshots weren’t working as I needed to specify the default SR

xe sr-list
xe pool-list
xe pool-param-set suspend-image-SR=  uuid=

Things I learned:

  • good to have the output of fdisk
  • I still really hate the udev permanent ethernet crap
  • bunch of xe commands

wordpress rss cache

This is a little off topic but wordpress RSS seems to cache things for 12 hours and nobody seems to have a clue.

I set lifetime from 43200 to 3600 in wp-includes/class-feed.php.
Which will hopefully let me see the morning news in the morning… As it seems that I have to wait for the initial cache to time out.

I also left the following in the wp-config.php file just incase it was part of the solution

define('MAGPIE_CACHE_ON', 0);
define('MAGPIE_CACHE_AGE', 600);


stuff to do on a dell server to see what the hardware says…

apt-get install ipmitool
modprobe ipmi_msghandler
modprobe ipmi_devintf
modprobe ipmi_si
ipmitool sel list

You should probably also put those modules into /etc/modules

perc 5/i

This seems to be the equivalent of a megaraid 8404E from LSI, it’s a great in that it’s compatible with SAS and SATA disks, and is available for cheap on ebay.

using it on linux you’ll want to get the megaCLI from LSI and for ubuntu, you’ll want to convert the rpm to deb with alien and then install some 32bit libraries, and then do some creative symlinking in in /lib to make it happy

you can also flash it to the latest dell firmware with the dell centos live cd, and then download the latest firmware from dell, put it on a usbdrive and voila.  There’s talk on the interwebs about using the lsi firmware, but as I’ve got mine in a dell, I thought I keep it au natural.

this also works with xenserver 6.5 – rpms to get are
Lib_Utils-1.00-09.noarch.rpm and

qmail on ubuntu

basically the qmail package in ubuntu kinda works, but things are in really unusual places, so for your sanity you should probably hand crank your qmail install.

If you don’t, you’ll want to replace the defaults in /var/lib/qmail/aliases for .qmail-default .qmail-postmaster and .qmail-root as the automagic install tries to do something fancy with an alias user who doesn’t exist.

smtproutes is your friend if you want to use qmail to forward email… ssmtp is my goto but my favorite monitoring package nefu doesn’t work with ssmtp, so I’ve taken to installing qmail everywhere.

/var/lib/qmail/control/smtproutes (it’s /var/qmail/control/smtproutes for sane installs)

either use:


to forward all email to said host, or you can use an ip like this


also you can make it only listen to localhost (avoid adding yet another open relay to the internet) by editing


and changing the 0 before smtp to

qmail is kindof complex to control, so when in doubt kill everything off, and let svnscan, runsv, or what ever is keeping an eye on qmail processes restart them for you… again for your sanity you should roll your own or use qmailtoaster on centos (I mean how hard is it to create an init script that behaves the way that you’d expect?)