haytham’s blog

Alright, so let’s say you want to install/update the latest NVIDIA drivers for your Linux machine, you downloaded the drivers from www.nvidia.com, ran the NVIDIA-Linux-(arch)-versionnb.run script but X still doesn’t want to boot, you probably missed few steps.

1. Download the NVIDIA Linux drivers from www.nvidia.com
2. chmod +x
3. if its a fresh install skip to step: 5
4. Unload module “nvidia” using rmmod or modconf (debian)
5. Kill your X server, i usualy do a /etc/init.d/gdm stop
6. Run the driver installation script and follow the instructions
7. Depending on your distro, everything should work normaly, on Debian i had to create symlinks from /usr/X11R6/lib/modules/nvidia_drv* to /usr/lib/xorg/modules/drivers/
8. You might as well want to enable glx, for that create symlinks from /usr/X11R6/lib/modules/extensions/* to /usr/lib/xorg/modules/extention/
9. Load the module “nvidia” using modprobe or modconf
10. Change your /etc/X11/xorg.conf using “nvidia” in the Driver variable of the Section “Device”
11. Restart X, i use /etc/init.d/gdm start
12. Enjoy !!

Filed by haytham at 7:56 am under Linux HOWTOs / Tutorials
No Comments

So…you got a new external USB CD-RW / DVD-RW and you don’t know how to run it on Debian GNU/Linux? no problemo amigo!

thing is, the Linux kernel emulates all USB devices as SCSI devices so you really have to know what kernel drivers you choose while compiling your kernel. Normaly to run a USB CD-RW/DVD-RW you need the following drivers to be compiled with the kernel:

- SCSI emulation support
- IDE/ATAPI CDROM support
- SCSI disk support
- SCSI CDROM support
- SCSI generic support
- USB device filesystem
- EHCI HCD (USB2.0) support
- USB Mass Storage support

of course, its your choice to compile log support for SCSI or USB, after compiling and modprobing the modules chosen (you can do that using modconf), get the following packages from apt:

apt-get install cdrdao cdrecord usbmount usbutils dvd+rw-tools

Of course, if you download k3b (KDE’s CD/DVD burner) for example, it will automaticaly download some other necessary packages.

that’s it, you should now be able to burn on your new external USB CD-RW/DVD-RW

Filed by haytham at 5:12 pm under Linux HOWTOs / Tutorials
No Comments

So you’re in your fresh Debian sarge (stable) installation and you want to upgrade to testing or unstable and the first thing you try to do is to [code] apt-get dist-upgrade [/code] but you’re shocked to see an error message that says:

E: This installation run will require temporarily removing
the essential package perl-base due to a Conflicts/Pre-Depends
loop. This is often bad, but if you really want to do it,
activate the APT::Force-LoopBreak option.

So the first step to fix that is to upgrade the following packages: e2fslibs, e2fsprogs, libc6 and finally libc6-dev. To do that, you need to insert a special option in apt that will allow you to by pass the Force-LoopBreak issue by issuing the following command:

apt-get -o apt::force-loopbreak=true install e2fslibs e2fsprogs libc6 libc6-dev

once this is done, you can go on by issuing apt-get dist-upgrade

enjoy !

Filed by haytham at 4:37 pm under Linux HOWTOs / Tutorials
No Comments

To enable spell check in your favorite mail client, Evolution (2.2.3 while writing this blog) few packages should be apt-getted

apt-get update

Here I want to enable US English spell check, here are the packages you need to fetch:
apt-get install aspell-en gnome-spell aspell libaspell15 ispell myspell-en-us

After this is done open up Evolution -> Edit -> Preferences -> Composer Preferences -> Spell Checking -> Check the language you want to enable -> Check “Check spelling while I type” -> Choose a color -> Close and you’re done.

Enjoy!

Filed by haytham at 9:26 am under Linux HOWTOs / Tutorials
No Comments

Scenario:
So you got 2 VGA cards (1 AGP dual head, 1 PCI) hooked up at 3 monitors and want to have a tri-head display on your Linux machine using the Xinerama technology that allows you to extend your desktop to the 3 monitors.

first thing to do is to check what are the bus id (pci address) of each card:

[root@exodus:~]$ lspci
0000:01:0c.0 VGA compatible controller: ATI Technologies Inc 3D Rage II+ 215GTB [Mach64 GTB] (rev 9a)
0000:02:00.0 VGA compatible controller: Matrox Graphics, Inc. G400/G450 (rev 03)


We are intrested in the numbers 01:0c.0 and 02:00.0 which can be translated to PCI:1:12:0 and PCI:2:0:0

Now make sure that the drivers for both VGA Cards is installed in your /usr/X11R6/lib/modules/drivers/, as far as the Matrox G400 is concerned, to be able dual display you should download the latest version of the drivers from http://www.matrox.com and follow the instructions.

now its time to open your xorg.conf or XFree86.conf with your favorite editor and include the following:

## Matrox AGP Card
## Note that for dual head cards its essential to include "Screen 0" and "Screen 1" inside the "Device" section
Section "Device"
Identifier "matrox0" ## first head
Driver "mga"
BusID "PCI:2:0:0"
Screen 0
EndSection
Section "Device"
Identifier "matrox1" ## second head
Driver "mga"
BusID "PCI:2:0:0"
Screen 1
EndSection
## ATI PCI Card
## No need for "Screen x" here because that card only have 1 head
Section "Device"
Identifier "ati"
Driver "ati"
BusID "PCI:1:12:0"
EndSection
## Monitor
## Set the sync values of each of your screens, for my case all my monitors are new 17" so i just set one Monitor section.
Section "Monitor"
Identifier "monitor"
Option "DPMS"
HorizSync 30-70
VertRefresh 50-160
EndSection
## Screen combination
## This should be straight forward, post a comment if you need some help
Section "Screen"
Identifier "screen0"
Device "matrox0"
Monitor "monitor"
DefaultDepth 16
SubSection "Display"
Depth 16
Modes "1152x864"
EndSubSection
EndSection
Section "Screen"
Identifier "screen1"
Device "matrox1"
Monitor "monitor"
DefaultDepth 16
SubSection "Display"
Depth 16
Modes "1152x864"
EndSubSection
EndSection
Section "Screen"
Identifier "screen2"
Device "ati"
Monitor "monitor"
DefaultDepth 16
SubSection "Display"
Depth 16
Modes "1152x864"
EndSubSection
EndSection
## Server Layout
## This should be straight forward as well, You can use LeftOf or RightOf for most cases, don't forget to add:
## Option "xinerama" "on" inside the "ServerLayout" section to enable tri-head display and not tri-replication.
Section "ServerLayout"
Identifier "trihead"
Screen 0 "screen0" 0 0
Screen "screen1" RightOf "screen0"
Screen "screen2" RightOf "screen1"
InputDevice "Generic Keyboard"
InputDevice "Configured Mouse"
Option "xinerama" "on"
EndSection


Filed by haytham at 3:53 pm under Linux HOWTOs / Tutorials
No Comments

So that’s my 1 year old cat ‘Sushi’ wasted…meow?

Filed by haytham at 10:36 am under Daily blabber
No Comments

To establish an IRC’s DCC Send connection behind your Linux’s Iptables firewall few modules should be compiled/loaded on your kernel to make this connection possible.

While compiling your kernel make sure to add the following drivers on the kernel or compile them as modules:
ip_nat_irc
ip_conntrack_irc

Note: When both drivers are compiled as modules remember to modprobe them, a good idea is to insert the lines in your firewall script:
modprobe ip_nat_irc
modprobe ip_conntrack_irc

-Your IRC client should not set to any unsual IRC networking settings such as: Behind a firewall, proxy, socks etc…
-Set your IRC client to get Local host and IP address on connect, for mIRC, the lookup method should be set as “normal”
-For Windows XP SP2 users, turn off the Firewall option or just set mIRC as an exception.

Note: If on the firewall’s syslog you get:
kernel: Forged DCC command from internalIP: externalIP:ports
then something is wrong on your client.

Filed by haytham at 10:54 am under Linux HOWTOs / Tutorials
No Comments

From the first day i started using GNU/Linux as my main machine at home or at work, beeing able to browse arabic websites was a complete failure. The default fonts that Debian installs by default with X11 or even the packages I tried to install such as:

were no good.

I’m no fonts expert but what made it work is when i apt-get’ed the following packages:
apt-get install ttf-arabeyes ttf-kacst xfonts-intl-arabic msttcorefonts

msttcorefonts - “Microsoft TrueType Core Fonts” made it work (i guess), give it a try, restart X11 and you should be able to browse in arabic.

Now, in order to write in arabic in most of the application you use, insert in your ~/.bashrc:
setxkbmap -symbols "us(pc105)+ar+group(ctrl_shift_toggle)"
group(ctrl_shift_toggle) enables you to switch from Latin to Arabic by using the combination “Ctrl+Shift”.

enjoy!

Filed by haytham at 6:39 pm under Linux HOWTOs / Tutorials
No Comments

So you got one of these scenarios:

-You want a direct connection to a host of yours that is somewhere around the globe and has a real IP
-You want to by pass your *#%*!+%%!* Firewall/Proxy that has a dumb content filtering, doesn’t allow you to SSH, FTP, Connect to Kazaa, or DCC via IRC
-You want to access a private network of a company/your house etc…

1 solution, open a tunnel/VPN.

The methology i’m gonna use is simple and straight forward, but you might need to follow the diagrams that i drew (ugly i know) to help you understand what’s going on exactly.
So that’s your setup, now!

so lets say 255.268.477.985 is your ISPs external IP address, if you don’t know what it is, kindly go to www.whatismyip.com and note it.

now, before continuing note that this method will require you to 0Wn a box somewhere on the Internet, that box has to have Linux installed (Windows works too), and that has a static real IP (a dynamic IP works too, but will not be covered in this HOWTO, email me for personal scenarios such as having to deal with dynamic ips).

My choice for the middle box is my personal dedicated server that is located in the USA. You can get good deals if you search well (email me if you want some of the cheapest hosting companies around). Another cheap solution is a virtual private server, you can find VERY cheap prices, and you’ll have your own root access to the box (again, mail me for more info)

So that’s how the new diagram looks like now with my dedicated server online:

I’m aware that the ips are pretty impossible, but the hell with it =). What we need to do is the following:

of course the tunnel line is VIRTUAL, the traffic still passes thru the traditional physical points of the network.

Now here’s a small summary of the steps we shall follow:
- Find out which port is opened in the OUTPUT circuit/chain of your ISP.
- Decide on whether to use this port on your box to listen to.
- SSHing to your dedicated server (268.999.457.210 in this case)
- Downloading OpenVPN on both client and Server
- Configuring OpenVPN
- Voila

Choosing a port:
Now that’s hard to do, if you know how to work with “nmap”, do it yourself. I’m going to assume that you don’t use HTTPS on your server, and that port 443 is free to use, so lets use it. You can also try port 23 (Telnet) if you don’t usualy telnet to your server.
Another good choice for a port is port 20 ,which is FTP-DATA, you don’t need it if you can connect as FTP Passive.
So ……. (drum rolls) …… port ** 443 **

Now, connecting to your server (online box, middle server, middle host, all are synonyms of 268.999.457.210). If you can’t SSH to the box, Telnet to it (NOT SECURE), if you still can’t then your ISP’s administrator should be thrown in the firy pits of hell.
Go to your school, work place, to a friend or even open a dial up connection.

now, you are connected to your online box:

[sadus@debianbox:~ 10:10 PM]$ ssh -l root 268.999.457.210
[root@sushi-box:~]$

cool !!!

On Debian (My distro of choice):

[root@debianbox:~ 10:10 PM]$ apt-get update && apt-get install openvpn
[root@sushi-box:~]$ apt-get update && apt-get install openvpn

you can still get the sources and compile them your self, or get the .rpms, i won’t cover this, there are plenty of HOWTOs to do that.

make sure you get the following packages:
lzo, libc6, liblzo1, libssl0.9.7, pam (get the latest versions)

remember this is the most basic way to use OpenVPN, but as much as it is easy and basic, its very productive and secure.

type the following on the server:

[root@sushi-box:~]$ cd /etc/openvpn
[root@sushi-box:~]$ openvpn –genkey –secret secret.key
this will create you a 2048 bit OpenVPN static key

[root@sushi-box:~]$ touch configuration.conf

With your favorite editor open configuration.conf that you’ve just created, i’ll use ‘nano’ here

[root@sushi-box:~]$ nano configuration.conf

and paste the following while changing what’s needed to be changed, remember you’re working on the server now:
========================================
# /etc/openvpn/configuration.conf
dev tun
port 443
verb 3
#(enable this if you want to shape the bandwidth's speed)
#shaper 1000
#(this keeps the connection alive)
keepalive 10 120
#(for security purposes)
user nobody
group nogroup
#to log your tunnel
status /etc/openvpn/openvpn-status.log
#(this is the ip of your ISP, get it from www.whatismyip.com
remote 255.268.477.985
#the local tunX ips, the server will be 10.0.0.1, the client 10.0.0.2
#don't forget the switch the ips on the configuration file of your
#client.
ifconfig 10.0.0.1 10.0.0.2
#Using Pre-Shared Secret Key.
secret /etc/openvpn/secret.key
auth MD5
cipher DES-CBC
========================================

now, logon to your local pc:
[sadus@debianbox:~ 10:10 PM]$

and just get everything you created on the server to your local pc, copy
the files via an encrypted connection such as SSH, SFTP, SCP so that you
decrease the risk of someone sniffing your secret.key.

[sadus@debianbox:~ 10:10 PM]$ scp root@268.999.457.210:/etc/openvpn/* /etc/openvpn/

now that you got the files on your local pc, just open configuarion.conf

[root@debianbox:~ 10:10 PM]$ nano configuration.conf

remember you’re working on the client now:
========================================
# /etc/openvpn/configuration.conf
dev tun
port 443
verb 3
#(enable this if you want to shape the bandwidth's speed)
#shaper 1000
#(this keeps the connection alive)
keepalive 10 120
#(for security purposes)
user nobody
group nogroup
#to log your tunnel
status /etc/openvpn/openvpn-status.log
#(this is the ip of your Server
remote 268.999.457.210
#the local tunX ips, the server will be 10.0.0.1, the client 10.0.0.2
#since this is the client and the server is set to 10.0.0.1, the local #
pc should be 10.0.0.2
ifconfig 10.0.0.2 10.0.0.1
#Using Pre-Shared Secret Key.
secret /etc/openvpn/secret.key
auth MD5
cipher DES-CBC
========================================

et voila mes amis, on a fini, enfin we still have some security issues to take care of. You need to know that now, when you run openvpn on your server, it will LISTEN for an incoming connection from a special ip, which is your ISPs IP. When you run openvpn from your client, to the server’s IP, and since the keys are the same, a handshaking will take place and a connection will be established.

do it, DO IT, DO IT (Starsky and Hutch, 2004, Ben Stiller)

Make sure the iptables on your server don’t block port 443
[root@sushi-box:~]$ iptables -I INPUT -p tcp 443 -j ACCEPT
[root@sushi-box:~]$ iptables -I OUTPUT -p tcp 443 -j ACCEPT

[root@sushi-box:~]$ openvpn –config configuration.conf –float –proto tcp-server &

You’ll see a whole load of crap don’t mind them (unless they’re error messages)

[root@debianbox:~ 10:10 PM]$ openvpn –config configuration.conf –float –proto tcp-client &
(the –float option on the client is essential because you’ll be usualy
behind NAT)

and now ladies and gentlemen, the moment of truth…..(drum roll)

[root@debianbox:~ 10:10 PM] ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=747.2 ms
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=847.1 ms
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=658.9 ms

congrats, you’re officialy on a VPN (Virtual Private Network).

lets take now the scenario where you want your server to be your main gateway (so that you can bypass your ISP’s firewall/content filtering etc.. system)

turn off the openvpn from your client side:
[root@debianbox:~ 10:10 PM]$ killall -9 openvpn #could be the fastest way

and delete your default gateway. What’s cool about iproute2 is that you can assign special ips to go to a certain gateway without setting a default gateway on your computer, so here it goes:

[root@debianbox:~ 10:10 PM]$ route del default
[root@debianbox:~ 10:10 PM]$ ip r a 268.999.457.210 via 192.168.1.1

and run openvpn again, it should work normaly.
now you can set your server to be your default gateway by adding this line:
[root@debianbox:~ 10:10 PM]$ route add default gw 10.0.0.1

i’m gonna write other HOWTOs to benefit more of the tunnel we created, such as DNATing, SNATing, DNS etc…

that’s it basicaly, feel free to email me your questions.

Filed by haytham at 11:26 am under Linux HOWTOs / Tutorials
No Comments

If you’re reading this, its most likely that you have no clue how to connect to the L.A.N Internet (in Lebanon referred as: Cable connection) using your brand new Linux operating system. Don’t feel bad, you’re not alone.
Everybody had to ask few questions on how to get the freakin’ internet work, and without the help of some folks in the Lebanese LUG, I would have still been using Microsoft’s Windows because connecting to the internet with it is so easy.
Internet is an important element when it comes to general computing, so if someone wants to introduce a new computer system such as Linux, at least let it run the most used service.

Now remember, you will not connect directly to the internet. Basically I’m going to teach you how to connect to a network that will enable you to use the internet.
I’m not going teach how to use a certain distro, or a certain GUI. Distro’s network settings sometimes differ, so what I’m going to help you with is ignoring all the distro’s default settings and write your own internet.sh script that would let you connect to the internet as easy as 1, 2, 3…

So lets see what you have:
A cable coming down from outside directly plugged to your NIC (Network Card), normally if you have one NIC, it would be named: eth0 (ethX -> X will change if you have more than one NIC). In this example we’re gonna use only one NIC to enable Internet on one station only.

General internet connection requirements:
- an IP address + netmask
- a Gateway address
- a DNS address
- and sometimes a Proxy server address.

Know what you need. It’s important to know what you need to connect to your ISP’s (Internet Service Provider) network. You will definitely not guess those. While having a nice conversation with your ISP, ask them for the following:

- Your personal external IP address + netmask (will use 192.168.0.55 and netmask: 255.255.255.0 as example)
- Your network address (If your IP is xxx.xxx.0.xxx then your network address would be xxx.xxx.0.0) - The gateway’s (Server) internal IP address (will use 192.168.0.1 as example)
- Your DNS (usually same as the gateway) internal IP address (will use 192.168.0.1)
- and finally, ask him if he uses a proxy server, write down it’s IP address and port if the ISP uses one. (Will use 10.3.3.1 port 8080 as example; don’t get shocked if the proxy’s ip address is the same as the gateway and/or DNS).

You also need to know the following:

-Path for Ifconfig
-Path for Route

to do that do the following, open a terminal and write down:
haytham@sadusbox:/$ whereis ifconfig && whereis route

You’ll get something similar to:
haytham@sadusbox:/$ whereis ifconfig && whereis route
ifconfig: /sbin/ifconfig /lib/ifconfig ...
route: /sbin/route /usr/share/man....

We’re just interested in these:
ifconfig: /sbin/ifconfig
route: /sbin/route

Now that you gathered enough information, open your favorite editor, (will use VIM here, know how to use your editor for the following commands, open, save as, close)

Write down what is written in the box, and change the variables to your needs (Variables start from the START EDIT comment to the END EDIT comment)
#!/bin/bash
#-------START EDIT--------
#Setting some variables
echo "Setting Variables..."
NICNAME=eth0
EXTERNALIP=192.168.0.55
SUBEXTERNALIP=255.255.255.0
NETWORKIP=192.168.0.0
GATEWAYIP=192.168.0.1
DNSIP=192.168.0.1
IFCONFIG=/sbin/ifconfig
ROUTE=/sbin/route
#-------END EDIT--------
#Initialize external NIC IP address
echo "Initialize external NIC ($NICNAME) IP address"
$IFCONFIG $NICNAME $EXTERNALIP netmask $SUBEXTERNALIP up
#Setting Network and Gateway Settings
echo "Setting Network and Gateway Settings"
$ROUTE add $EXTERNALIP $NICNAME
$ROUTE add -net $NETWORKIP netmask $SUBEXTERNALIP $NICNAME
$ROUTE add default gw $GATEWAYIP eth0
$ROUTE add -host 127.0.0.1 lo
#Adding a DNS server
echo "Adding a DNS"
echo " " > /etc/resolv.conf
echo nameserver $DNSIP > /etc/resolv.conf
echo "..."
echo "Internet is enabled, happy surfing..."

Save this file as: internet.sh in your /home/user/ directory and then set its permissions to 755 by doing the following command:
haytham@sadusbox:/$ chmod 755 /home/user/internet.sh

you can now login as SuperUser and just write:
haytham@sadusbox:/$ su
Password:
root@sadusbox:/$ sh internet.sh

Internet should be smiling at you. If your ISP uses a proxy server address don’t forget to add the proxy server’s address (10.3.3.1 and port 8080) inside your favorite web browser so that you would be able to surf the pages and most importantly in your .bashrc script so that it would let you connect to the proxy from bash. To do that open with your favorite editor the file .bashrc and write the following in the first lines:
export http_proxy=http://10.3.3.1:8080
export ftp_proxy=http://10.3.3.1:8080

Filed by haytham at 10:46 am under Linux HOWTOs / Tutorials
No Comments

So i’m back from my “Internship” in Saudi Arabia and Lebanon never felt so commodious!
I’m preparing for a project i’ll be working on with the same company i visited in Saudi Arabia, some sort of Partnership so that’s taking most of my time, aaaaand not to forget my preparations for University.

time to hit the sack! good night

Filed by haytham at 11:50 pm under Daily blabber
No Comments

Heya folks,
I’m currently in K.S.A (Kingdom of Saudi Arabia for those who don’t know) doing my internship at Nesma Internet (http://www.nesma.net.sa).
I should be back on Sunday the 18th of Sept. lots of things to be done before school starts.

Enjoy your time in this personal purposeless blog of mine.

Filed by haytham at 6:52 pm under Daily blabber
No Comments