Archive for the ‘Linux’ Category

Linux Bluetooth mouse

June 8th, 2016 Comments off

So one day I grew tired of mouse wireless adapters and bought an bluetooth mouse.
And it was great, I was able to get rid of the adapter, everything worked fine.

Till one day I decided to reinstall my system and things stopped working …
the mouse was listed as connected in the graphical tools but it was not working.

After an hour of digging web I found a stackoverflow question with a suitable answer for me,
the problem was fixed … till next time I decided to reinstall system.
This time I could not find the SO thread, and I spent few hours searching for it.

And one morning I decided to fix it myself :) I did remember the trick was to use two
different tools to power down and up the internal bluetooth device.
With a little experimentation I came up with this small fix:

bluetoothctl <<<"power off"
sudo hciconfig hci0 up

Then go to graphical tool, remove the mouse, add it again with the usual flow and it works this time.

I’m writing this down for myself to never forget it again :)
P.S. if you happen to find this thread and the SO thread – leave me a comment – I’m happy to link it here.

Categories: Linux Tags: ,

Zeroconf on OpenSUSE

April 16th, 2016 Comments off

I have been struggling with my home network for long time, and I do not mean setting up the router, that’s easy. What I was struggling with is using names for machines. Of course you can set names in the router, but is it really what we want? In times of dynamic networks, where devices come and go only small subset of them is there to stay. So I have been doing binding of IP addresses to MAC addresses on the router level to ensure all computers can access the printer or backup… How antiquated is that?

Welcome to the age of zero-configuration networking(zeroconf). Zeroconf provides set of protocols that allows configuration less discovery of network. Well almost configuration less, we still need to setup each computer. Although zeroconf also specifies automatic IP addresses assignment I think it’s almost pointless when we get access to internet everywhere – with dynamic IP address provided by DHCP.

What exactly does us give this zeroconf? For me it is no need for DNS locally, all computers with properly configured zeroconf will be visible to each other. Additionally this also implies no more need to set up static addresses as the names are automatically recognized in the system. So we can skip hard codding IP for the printer – yes many networked devices are already zeroconf enabled and should be visible by default.

All the commands should be executed from konsole you can start it fast with pressing ALT+F2 and typing konsole followed by <ENTER>. Before we start anything we need to become root user, depending on your system configuration you might use sudo -s or su - to enter administrative mode.

The most important step in zeroconf is configuring our computer name, this is one time setup and from this point on whenever we go, out computer will have the same easy to use name. Using console we need to set the system name and update one file:

hostname mpapis-linux
hostname > /etc/hostname

With the system named properly we need to restart the zeroconfig service to use the new name, on OpenSUSE it is avahi-daemon and can be restarted with:

systemctl restart avahi-daemon

That should be it! Let’s test our configuration, we need to install/use extra tool:

zypper in avahi-utils
avahi-browse -at

Unfortunately the output in most cases will be empty.

Let’s do quick course in security. By default OpenSUSE comes with SuSEFirewall2 which by default opens all traffic on internal interfaces and closes all traffic on external interfaces. Did anyone configure your interfaces to be internal? Let’s drop it here, the default firewall has no integration with NetworkManager(NM) – which is enabled by default on laptop setups. We will have to switch to another firewall that has integration for NM – firewalld. This requires us to do few extra steps:

zypper    addrepo        security:netfilter
zypper    addrepo devel:languages:python
zypper    refresh
zypper    remove  SuSEfirewall2
zypper    addlock SuSEfirewall2
zypper    install firewalld firewall-applet firewall-config
systemctl enable  firewalld
systemctl start   firewalld

The bad news is now it’s best to restart the system for all the changes to take effect… relogin might be enough but I haven’t tested that.

After the system is up and running we can now configure our firewall with firewall-config, open it, disable all services in public zone, enable mdns in internal zone. The public zone will be used as default when not set for network connections, we need to set the internal zone for connections we trust.

Let’s now configure connections, first we get the list:

nmcli connection

for each of the connections we trust we execute this line (replace "connection name" with the name of the connection):

nmcli connection modify "connection name" internal

From now on when we connect to one of the trusted networks our firewall will switch to the internal zone and we should now get access to our zeroconf autodetection:

avahi-browse -at

The output will now show all the devices in the network that support zeroconf, some example output from my network:

+   eth0 IPv4 Brother DCP-J4110DW          Internet Printer     local
+   eth0 IPv4 mpapis-linux                 SSH Remote Terminal  local

That’s it, your computer will now use zeroconf when configured to (internal connections). Some extra commands that might be helpful:

avahi-browse -art

It will show the list of available services with all the available details – including hostname for use in our configurations or communication, for example I can type now:

ssh mpapis-linux.local

from any computer in my home and it just works!

Most of the presented steps are for console but they can be as well executed from graphical interface via Yast.

Categories: Development, Linux Tags:

please hack my rails

October 17th, 2013 1 comment

Security is hard, it requires knowing your system is vulnerable, you should assume it is, but many Ruby on Rails developers seem to forget about it.

I’m writing this because a security vulnerability is promoted and it has to be stopped. The problem is adding bin, ./bin or $pwd/bin to $PATH. This is extended version of the problem with . in $PATH described here

When bin or it’s variation is in $PATH, attacker can place there executable that will be executed instead of system files and gives attacker possibility to run code on your system easily. This is described better here (for the . case):

So why would anyone advice us to jeopardize our system? The answer is bundle exec, it is so long to write and is required to run proper versions of gems placed in Gemfile. To avoid calling it the bundler gem introduces binstubs, many developers advised adding the bin variation to $PATH to simplify calling bin/binary to just binary.

I guess you are thinking now “how is it relevant, I do review my code before running any commands”, the question is “are you?”. There is a lot of tools and extensions to shell that run commands for you, the simplest would be using PS1 to display git status, something like \u@\h:\w $(git branch) > it will execute a git command when displaying the prompt. So when someone writes bin/git into the repository – it will be executed before you can review code after git pull. The prompt and pre command hooks are very popular now and give a lot of options for attackers when bin is in $PATH.

“What should I do then?”

First, you can stop being lazy and type bin/rake or bundle exec rake this way Bundler will be loaded without the possibility to add extra code to your $PATH.

Another solution that helps to fix this problem – I wrote a gem rubygems-bundler which automates calling bundle exec, it does check if the executed binary is part of Gemfile and automatically calls Bundler.setup when needed, this eliminates the need to use binstubs wrappers.

Day from opensource project maintainer: git commit –author

October 2nd, 2013 1 comment

Working as opensource project maintainer is a big task. I have been doing it for some time for the RVM project thanks to Engine Yard.


A big part of the maintenance is accepting others code for the project; it is very important to handle it well so the code author wants to get back to us and help again. As much as Ruby community is opensource oriented there are few things that can be improved. It happened a few times to me and other developers that the code was merged into projects without preserving authorship. This is a basic error made by maintainers, so I want to share some thoughts on how I try to avoid that problem when maintaining RVM. This problem mostly happens when the we want to change the commits, but is not limited to it and happens also without changes.

Easy way

When you do not care about number of commits you can merge the commit from Github or using hub and then add new commit on top updating it to proper state mentioning the ticket number in commit:

git commit -m "Formatting ..., update #2195"

For example see

Limit number of commits

The most basic method when you want to limit the number of commits is to apply changes from the committer and then commit it using the --author flag. I used this for – getting the proper result with involving author would require too much work as for small commit, so I did the required changes to the code (just changing order of paragraphs) and committed it using:

git commit -m "..., closes #2238" --author "Name <>"

It is important that the author matches exactly the original author name and email (from their commits) so it does not confuse others or tools used (like git annotate). Also make sure to mention the pull request (close #2238) so it is automatically closed and your commit is linked with it.

Work with the author

The slowest way is to actually talk to the author and explain to him/her what changes are required to make his/her commit accepted. For example, this happened in where most of the discussions happened on IRC or Skype sometimes in comments. This way the person contributing gets best experience and getting back to coding on your project is much easier for him/her.


Matz Is Nice And So We Are Nice

Most important for maintaining your project is treating other developers with respect, they are human beings, being impolite just builds a wall and ensures they will not get back to you or your project.

Other ways?

Obviously there have to be other ways to handle this, please comment below if you use another flow.

Categories: Development, Linux Tags: , ,

Testing shell scripts with Testing Framework

August 9th, 2012 2 comments

TF – Testing Framework

For some time I have been testing shell scripts using my own creation TF – Testing Framework.

I’m proud to present release 0.4.0 of it today. It includes:

  • 2-4x speed improvement depending on used Ruby interpreter,
  • add support for different shells via shebang
  • improved validation of environment variables, including array variables testing and testing environment variable type,
  • extended output matching allowing to separately match stdout and stderr,


Install using (ruby required):

gem install tf

Supported tests

The test can be negated by replacing = with !=:

  • #status=<number> – check if command returned given status (0 is success)
  • #match=/<regexp>/ – regexp match command output both stdout and stderr
  • #match[stdout|stderr]=/<regexp>/ – regexp match command either stdout or stderr
  • #env[<var_name>]=~/<regexp>/ – regexp match the given environment variable name
  • #env[<var_name>]?=[array|string|nil] – verify type of the given environment variable name
  • #env[<var_name><var_name>][]=<size> – verify size of the given environment variable name
  • #env[<var_name>][]=/<regexp>/ – regexp match all of elements of the given environment variable name
  • #env[<var_name>][<index>]=/<regexp>/ – regexp match given element of the given environment variable name

And here is very simple test:

true # status=0

false # status!=0

echo "Super" # match=~/^Super$/

rvm install 1.9.3 # match[stderr]!=/Error/; status=0

rvm alias create default 1.9.3 # status=0

TF is used for testing RVM, SM Framework and rubygems-bundler. Let me know if any other awesome projects use TF!

TF was earlier known as DTF – Deryl’s Testing Framework, but as original author Deryl wanted to go in a bit different direction (more validation related), I had to move code to this new repository and name.