Every single CMS I’ve put in front of an end-user has been a flop.  I usually end up having to do all of the layout and page creation, and just leaving the text-editing to the user.  This is fine if you have a technical person on staff and the end-users just want to make changes here and there, but what if you just want to hand something over to grandma so she can create a good-looking, basic website and move things around herself.  All of the CMS systems I have tested over the years still require me to monkey around with CSS and HTML, which I detest.  Nope, not a fan of HTML and CSS.  Extremely laborious and mind-numbing.  I might as well have plunked down the $300 or so for Dreamweaver and created the website with that.  Would have been easier.

If you haven’t seen this open-source project yet, then you *need* to check this project out.  While it is not as powerful (yet) as Drupal, or feature-rich as some more mature systems, the ease-of-use that this CMS exhibits makes it a winner in my book.  The site-owner can create richly formatted pages using CKeditor, change layout and menus by dragging things around, even easily upload photos to create galleries.

I’m still playing around with it and will admit that it still needs some more features (plugins) to be a contender for larger sites, but as it stands right now it is the perfect platform for a small business or a personal website.  I might even move my blog over to it.

*DISCLAIMER: I am in no way associated with the gp|Easy project, I’m just a frustrated CMS admin

Where I work, we have to convert a lot of audio/video to another format for transcription purposes. Mplayer and ffmpeg have been lifesavers for me. However, getting setup to convert the newer .MTS (AVCHD) files that the latest videocams use was a little tedious as Google searches often yielded a lot of results that were not quite the solution I needed for Ubuntu 10.04. I realize this is a moving target for each release of Ubuntu, but hopefully this will help Ubuntu users (NOTE: this is more helpful for me as I will forget how to do this in 2 weeks). Here goes nothing!

OK, ready? Get a cup of coffee as this is going to take awhile…

1. Install ffmpeg if you haven’t already
2. install “libavcodec-extra-52″ (aptitude install libavcodec-extra-52)

That’s it!  Here is a list of some of the packages I have installed on my PC:

ffmpeg
gstreamer0.10-ffmpeg
libavcodec-extra-52
gstreamer0.10-alsa
gstreamer0.10-ffmpeg
gstreamer0.10-fluendo-mp3

gstreamer0.10-gnomevfs
gstreamer0.10-gnonlingstreamer0.10-nice
gstreamer0.10-plugins-bad
gstreamer0.10-plugins-base
gstreamer0.10-plugins-base-apps
gstreamer0.10-plugins-good
gstreamer0.10-plugins-ugly
gstreamer0.10-pulseaudio
gstreamer0.10-tools
gstreamer0.10-x
libgstreamer-plugins-base0.10-0
libgstreamer0.10-0

That’s all for now!

A Google search turned up a boatload of hits, but no fix.  The solutions ranged from unchecking/checking “collate”, disabling “mopier/job storage” options, etc., etc.  Tried them all to no avail.

But then the answer came down from high, so I’ll spare you the boring details of how I arrived at the solution.  Actually it was part luck, and part deductive reasoning (well, OK, mostly luck).  The answer simply boiled down to the Print Processor setting.Here is the solution that worked for me.  Your mileage may vary like a Hummer in need of a tune-up so take all of this with the proverbial grain of salt.

Printer model: HP LaserJet 4200 using PCL6 driver on Windows Server 2003 SBS

1. Access the printer driver properties in whatever way works best for you (Printers and Faxes -> right-click on the printer -> Properties blah, blah, blah)
2. Click on the Advanced tab
   
3. Click on the Print Processor button, and then choose one of the HP entries on the left-hand side:
   
4. What I had found was that the HP printers that only printed one copy were set to use “WinPrint” as the print processor.  So switching it to the HPPRNC01 did the trick.
5. Back your way out and Viola!  See if you can print multiple copies!

Happy printing!

- create the folder which you will use to mount the SMB share, e.g.:

mkdir /media/share

- edit /etc/fstab:

//192.168.1.10/smbshare /media/share cifs username=user,pass=sEcrEt 0 0

- in my case, the share wouldn’t automount so I had to create a startup script to mount the drive (/etc/init.d/mount.smb):

#!/bin/sh
#
### BEGIN INIT INFO
# Provides: mount.smb
# Required-Start: $network
# Required-Stop: squeezecenter
# Default-Start: 2 3 5
# Default-Stop: 0 1 2 6
# Description: mount the SMB share
### END INIT INFO

case “$1″ in
start)
echo -n “Mounting SMB share “
mount /media/maggie_media
;;
stop)
echo -n “No need to unmount share “
;;
*)
echo “Usage: $0 {start|stop}”
exit 1
;;
esac
rc_exit

- Now we must make the init script part of the bootup process:

insserv /etc/init.d/mount.smb

ln -s /etc/init.d/mount.smb /sbin/rcmount.smb

That’s it – reboot to test!

However, with two packages “bridge-utils” and “uml-utilities” the chore of setting up a bridge interface on Ubuntu (and maybe even Debian) is almost pain free.

DISCLAIMER: This might not work for your particular setup or distribution.  If it does, you can shout woo-hoo and thanks the good folks at Debian and Ubuntu.  If it doesn’t work, then consult this file:

zcat /usr/share/doc/bridge-utils/README.Debian.gz | less

Now, on to the good stuff.

- First we need to install the necessary packages:

sudo aptitude install bridge-utils uml-utilities

- Edit your /etc/network/interfaces file to look something like:

auto lo
iface lo inet loopback

auto tap0
iface tap0 inet manual

auto br0
iface br0 inet dhcp
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
tunctl_user dheebner bridge_ports eth0 tap0

auto eth0
iface eth0 inet manual

- When the system is back up, drop to the terminal and issue an “ifconfig /all” and see if your bridge (br0) and tap interface (tap0) are listed.

- Fire up Virtualbox, set your network interface to “Attached to: Host” and fill in “Interface Name: tap0″ (unless you named your tap interface something else.

Virtualbox Network Configuration

- If you are going to use Vurtualbox as a non-root user (recommended) then you will need to give the proper permssions to the device file “/dev/net/tun” and/or add your name to the proper groups:

sudo usermod -a -G vboxusers username

sudo usermod -a -G uml-net username

- Fire up your virtual machine and see if you can reach the network.

Yay!

My experience with Samba is that getting it to work properly varies from installation to installation, so your mileage may vary. More information on CIFS under Linux can be found here: http://linux-cifs.samba.org/

Here are the vitals:

• Ubuntu 7.10
• Samba related packages that are installed:
  smbclient, libsmbclient, smbfs, samba-common
• /etc/samba/smb.conf:
  workgroup = MYDOMAIN
  wins server = 192.168.1.10

First, let’s install “smbfs” (if it’s not already installed):

sudo aptitude install smbfs

Next we need to create the folder on the local file system that mount.cifs will use. With Ubuntu, you can create the folder where mount puts things like CD-ROMs and USB flash drives (/media), and using the same name as your Windows server share:

sudo mdkir /media/sharename

You will also want to give this folder permissions so that regular users can read/write to the folder:

sudo chmod 777 /media/sharename

or if you want to be a little more paranoid:

sudo chown root.somegroup /media/sharename

sudo chmod 770 /media/sharename

where “somegroup” is a group that contains the users who needs access to this share. This is partly what will allow you to access the mounted share as R/W. Running the command “
ls -l /media” should show your permissions as follows:

drwxrwx— 2 root somegroup 4096 2008-05-21 09:04 sharename

OK, now we have to pass the credentials to the SMB/CIFS server but we don’t want to put the username/password into the fstab file, so we will create a file containing this info. A good place to put it might be under “/root”:

sudo nano /root/.smbcreds

and add the following lines

username=johndoe
password=mysecret

Now we edit /etc/fstab and add the following line at the end:

//servername/sharename /media/share cifs credentials=/root/.smbcreds,rw,iocharset=utf8,setuids,file_mode=0666,dir_mode=0777 0 0

If you have a share that has spaces in the name, e.g. “\\server\our docs” then you will need to replace the space with {backslash}040 so that your line in /etc/fstab should look something like:

//servername/our{backslash}040docs ...

NOTE: I had to replace the actual backslash \ with {backslash} because WordPress kept removing the backslash and zero.

Finally, go ahead and mount the drive:

sudo mount -a

1. Remove the disk from the VM:
   VBoxManage modifyvm xfce-test -hda none
2. Unregister the VM:
   VBoxManage unregistervm xfce-test
3. Unregister the disk (vdi):
   VBoxManage unregisterimage disk /path/to/vdi

1. Install the bridge utilities:
   aptitude install bridge-utils
2. Edit /etc/network/interfaces

   # This file describes the network interfaces available on your system
   # and how to activate them. For more information, see interfaces(5).
   
   # The loopback network interface
   auto lo
       iface lo inet loopback
   
   # The primary network interface
   auto eth0
       iface eth0 inet static
       address 192.168.100.11
       netmask 255.255.255.0
       gateway 192.168.100.1
       network 192.168.100.0
       broadcast 192.168.100.255
   
   auto eth1
       iface eth1 inet static
       ifconfig eth1 0.0.0.0 up
       up ip link set eth1 promisc on
       down ip link set eth1 promisc off
       down ifconfig eth1 down
   
   auto br0
       iface br0 inet static
       bridge_ports eth1 vbox0
       address 192.168.100.12
       netmask 255.255.255.0
       gateway 192.168.100.1

3. Add the virtual tap interface using the VirtualBox tool

   VBoxAddIF vbox0 <user> br0

4. wget http://archive.ubuntu.com/ubuntu/dists/gutsy/main/installer-i386/current/images/netboot/mini.iso
5. mv mini.iso ubuntu_gutsy_7.10_mini.iso
6. VBoxManage createvm -name testpc -register -basefolder /path/to/vm/
7. VBoxManage createvdi -filename /path/to/vm/testpc/testpc.vdi -size 5000 -register
8. VBoxManage modifyvm testpc -hda /path/to/vm/testpc/testpc.vdi
9. VBoxManage modifyvm erp -memory 256MB -nic1 hostif -hostifdev1 vbox0
10. VBoxManage modifyvm erp -vrdp on -vrdpport 3390
11. VBoxManage modifyvm erp -dvd /path/to/iso
12. VBoxManage startvm <name> -type vrdp

Removing a VM

1. First we have to detach the VDI disk from the VM: VBoxManage modifyvm <name> -hda none
2. Then we must unregister and delete the VM: VBoxManage unregistervm <name> -delete
3. Lastly, let’s delete the VDI: VBoxManage unregisterimage disk /path/to/vm/disk.vdi

So, this is a story of how I spent the past two nights sitting cross-legged on the floor with a laptop connected to a tiny motherboard that would become a firewall/router.

The instructions that I found on both the pfSense website and the m0n0wall website were for installing on the End-of-life WRAP product, but I figured it had to be similar, right? Well, sort of After following the instructions on the pfSense website and then the m0n0wall website, things started to go downhill. The device would boot, pfsense would go through its loading process, but then just die on the loading of the DHCP server. Never got an IP address on any of the NICs – but each NIC module got its link light when I plugged in the LAN cable so that was a sign that at least the NIC modules were working on some level. So I figured this is a BETA version of pfSense, so maybe I need to install m0n0wall. m0n0wall would boot up just fine and even made it to its menu, but I could never get the NICs to come up. None of them. Could I have a bit o’ bad hardware? So I hit the web again and soon found out from the forums over at pfsense that a BIOS upgrade might be in order.

The following steps are how I finally got this project off of the ground. I used Linux to do my bidding, but you can certainly do this from a Windows box (some of the steps are different, though…)

Hardware you will need (I purchased from Netgate and it came fast and furious, but there is a list of vendors on PC Engines’ website):

• ALIX2c1 or another embedded platform from PC Engines.
• Aluminum enclosure (optional if you’re going to install your ALIX in another enclosure).
• Power supply to power the ALIX (optional if you’re going to use Power over Ethernet, or PoE).
• A Compact Flash (CF) card (has to be at least 128MB according to the pfSense website).
• A Compact Flash reader connected to your PC. You’ll need this to write the image to the CF card.
• A computer with a serial port, preferably one with a true serial port and not a USB-to-serial adapter. It might work just fine with the USB/serial but if it doesn’t then you’ll have one more thing to troubleshoot.
• A DB9 null-modem cable with a DB9 female on both ends (or some gender changers to get you there)

When you get the hardware – DO NOT mount the ALIX board into the enclosure until you get it working. You might be removing/inserting the CF card a lot and the enclosure doesn’t give you any room to remove the CF card. OK, now that you’ve got all of the necessary hardware, here is the recipe for cooking up your own firewall:

1. Download pfSense for embedded platform. The most current version at the time of this writing was 1.2-RC4, which I found to be stable for my needs as I had been using the PC based version for several weeks.
2. Unzip the downloaded file (the version I downloaded isn’t a tar archive so we only need to use gunzip):

   gunzip pfSense-1.2-RC4-Embedded.img.gz

   This will expand the file, leaving a file called pfSense-1.2-RC4-Embedded.img.

3. Now insert the CF card into the card reader on your PC. To find out the resource Linux is using to access the drive, type the following at the command line:

   dmesg

   and look at the last several lines which might look something like:

   [ 7377.984000] sd 2:0:0:0: [sdb] 700560 512-byte hardware sectors (359 MB)
   [ 7377.984000] sd 2:0:0:0: [sdb] Write Protect is off
   [ 7377.984000] sd 2:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
   [ 7377.984000] sd 2:0:0:0: [sdb] 700560 512-byte hardware sectors (359 MB)
   [ 7377.984000] sd 2:0:0:0: [sdb] Write Protect is off
   [ 7377.984000] sd 2:0:0:0: [sdb] Mode Sense: 00 3a 00 00
   [ 7377.984000] sd 2:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
   [ 7377.984000]  sdb: sdb1
   [ 7377.984000] sd 2:0:0:0: [sdb] Mode Sense: 00 3a 00 00
   [ 7378.020000] sd 2:0:0:0: [sdb] Attached SCSI removable dis
   [ 7378.020000] sd 2:0:0:0: Attached scsi generic sg2 type 0

   From this output we can see that Linux is accessing the CF card as /dev/sdb.

4. Next we will use the Linux utility “dd” to write the image to the CF card

   dd if=pfSense-1.2-RC4-Embedded.img of=/dev/sdb

   where “if=” is the input file (the pfSense image) and “of=” is for the output file. In our case we are writing the output to the file that is the CF card (remember, in Linux almost everything is a file). While the process is running, unfortunately you won’t get any output or indication of what it is doing. However, when it is finished you should get some output such as:

   239144+0 records in
   239144+0 records out
   122441728 bytes (122 MB) copied, 187.177 seconds, 654 kB/s

5. Unmount the CF card from your computer. If you’ve got a nifty neato X session going, and a handy dandy automounter, then chances are good that you can just right-click on the respective desktop icon for your CF card and select “Unmount Volume”. If not, hit the command line and do a:

   mount

   which should show where the drive is mounted:

   /dev/sdb1 on /media/disk type vfat (rw,nosuid,nodev,shortname=mixed,uid=1000,utf8,umask=077,usefree)

6. Now that we know where the drive is mounted, let’s unmount it:

   sudo umount /media/disk

7. Remove the CF card from your computer and insert it into the CF adapter on the ALIX board.
8. Connect one end of the null-modem cable to your computer’s serial port and the other end to the serial port on the ALIX.
9. Fire up your favorite terminal emulation software such as minicom (or Hyperterminal on Windows) and use the following settings:
   • Baud rate: 38,400
   • Data: 8 bit
   • Parity: None
   • Stop: 1 bit
   • Flow control: None
   • Terminal: ANSI
10. Now apply power to the ALIX. If you are connected correctly, you should start to see the ALIX BIOS text.
11. While the BIOS is going through the memory test press the “s” key to enter the BIOS setup.
12. If have successfully entered the BIOS setup, you should see the text with some different options. Do the following:
    • Press “9″ to set the baud rate at 9600
    • Press “q” to quit the BIOS setup
    • Press “y” to save the settings to flash
13. If you start seeing gibberish ASCI characters instead of text, then you need to set your terminal emulation software to 9600 baud instead of the 38,400 we set it at earlier.
14. Now reboot the ALIX by power cycling the unit (unplug the power, plug it back in).
15. With the terminal set to 9600 baud, we should see the boot-up process and if all is well it should look akin to a Free-BSD boot.
16. If all goes well and pfSense discovers your hardware, then you are good to go. To get started, you need to:
    • Assign the interfaces
    • Give the LAN interface an IP address that works for your internal network (i.e. 192.168.1.1)
17. Once you plugged the LAN interface into your network, then fire up your web browser and surf on over to the IP address you gave for the LAN interface (http://192.168.1.1)

Updating the ALIX BIOS

Unfortunately for me pfSense did not properly detect the NIC modules. After some digging around on the ‘net it looked like a BIOS upgrade would do the trick as the version on my ALIX board was 0.98b. The latest and greatest was 0.99. So here is how to flash upgrade the BIOS:

1. Download the FreeDOS bootable image from PC Engine’s website.
2. Insert another CF card into your computer. If you only have the one CF card, then you’ll have to re-do the previous instructions to get the pfSense image back on the card after you’re done updating the BIOS.
3. Unzip the image from the download if necessary (it was a Zip file when I downloaded it)

   unzip freedos3.zip Archive:  freedos3.zip
     inflating: freedos_alixupdate_0.99.img

4. Now write this image to the CF card:

   dd if=freedos_alixupdate_0.99.img of=/dev/sdb

5. Unmount your CF card from the computer, and insert it into the ALIX.
6. Power on the ALIX and press “s” to enter the BIOS setup.
7. Change the drive configuration to LBA by pressing “L”.
8. Now press “q” to exit, and “y” to save your changes to flash.
9. The system should boot the FreeDOS image and automatically run the BIOS flash utility (sb.com) to reprogram the flash.
10. Once it is done, power off the ALIX and reinsert your pfSense imaged CF card. If you only had one card you’ll now have to go back and rewrite the pfSense image to the card.

1. Install SAMBA, which on Ubuntu usually seems to include winbind, kerberos, and AD support
2. Install the Kerberos tools:

    aptitude install krb5-user

3. edit /etc/krb5.conf:
   

    [libdefaults]
   default_realm = IN.DOMAIN.US
   # The following krb5.conf variables are only for MIT Kerberos.
   krb4_config = /etc/krb.conf
   krb4_realms = /etc/krb.realms
   kdc_timesync = 1
   ccache_type = 4
   forwardable = true
   proxiable = true
   v4_instance_resolve = false
   v4_name_convert =
    {  host =
      {  rcmd = host 
         ftp = ftp 
    }  plain =
      {  something = something-else  }
    }
   fcc-mit-ticketflags = true
   
   [realms]
   IN.DOMAIN.US = {  kdc = skua.in.domain.us  admin_server = skua.in.domain.us  }
   
   [domain_realm]
   .in.heebner.us = IN.DOMAIN.US
   in.heebner.us = IN.DOMAIN.US
   
   [login]
   krb4_convert = true
   krb4_get_tickets = false

4. Test out kerberos

    # kinit administrator@DOMAIN.NET

5. check the Kerberos keys:

    # klist

6. edit /etc/samba/smb.conf:

   [global]
   server string = My place on the network...
   security = ADS
   syslog = 0
   log file = /var/log/samba/log.%m
   max log size = 1000
   preferred master = No
   dns proxy = No
   panic action = /usr/share/samba/panic-action %d
   idmap uid = 5000-6000
   idmap gid = 5000-6000
   winbind separator = +
   winbind enum users = yes
   winbind enum groups = yes
   invalid users = root

7. edit /etc/nsswitch.conf:

   passwd:     compat winbind
   group:      compat winbind
   shadow:     compat
   hosts:      files dns wins
   networks:   files dns
   protocols:  db files
   services:   db files
   ethers:     db files
   rpc:        db files
   netgroup:   nis

8. now we join the machine to the AD domain:

   net ads join -U domainadminuser@DOMAIN.INTERNAL

9. Issue the following commands to test that we’re getting the AD users & groups:

   wbinfo -u (or -g)
   getent passwd