Sunday, 26 April 2015

DNS with DD-WRT and dnsmasq

I recently switched ISPs. I had been a broadband customer for 15 years with the same ISP. I had a fairly complicated home network with a few routers, one of which provided DHCP and DNS. Between my network and the ISP’s, I had a simple ADSL modem with no additional functionality (i.e. no built-in wireless or router).

My new cable modem (an Arris/Motorola SBG6782) came with wireless, four wired LAN ports, and a router. Basic connectivity was up very quickly, and we were able to start connecting wirelessly to the new network.

Unfortunately, the new modem/router is also “idiot-proofed” by the manufacturer and/or the ISP. Among other features, I’m forced to use the “192.168.0/24” subnet for my LAN. Way back, for reasons that I have mostly forgotten, I set up my LAN on “”. This meant that all my network infrastructure, including file servers, storage boxes, printers, backup destinations, etc. were all broken by the new router.

After a couple of unsuccessful attempts to make the router act only as a modem, I decided that reconfiguring my network was probably the quickest solution. (The ISP’s support forums suggested it was possible, but it didn’t work for me, and their customer support denied all knowledge of how to do it.)

In my old network, one DD-WRT-based router was connected to the ADSL modem (Internet) via the router’s WAN port. That router provided DHCP and DNS for my network. The DNS provided addresses for devices in my network with static IPs and those that got addresses from DHCP.

For the new network, I disconnected the WAN port and hooked the LAN side of the router into an 8-port switch that was also connected to the cable modem. I changed all the relevant IP addresses in the router to “192.168.0.x” addresses. Tedious, but it mostly worked.

The part that didn’t work was DNS. If I had DHCP on my router hand out my router’s IP as the DNS server, I could look up hosts on my LAN, but not on the Internet. If I hard coded the ISP’s DNS servers into my router, I could look up hosts on the Internet, but not on my LAN.

Since my router was no longer using DHCP to get its Internet address from the ISP, the magic done by DD-WRT and/or dnsmasq to configure the DNS service wasn’t working any more.

After a bit of Googling, and reading dnsmasq documentation, I decided that what was missing was to put the ISP’s DNS servers into the router’s /tmp/resolv.dnsmasq file. So in the Administration-> Commands page of the router’s web interface, I added these lines to the start-up script:

echo 'nameserver' >> /tmp/resolv.dnsmasq
echo 'nameserver' >> /tmp/resolv.dnsmasq
killall -HUP dnsmasq

After rebooting the router, and disconnecting and reconnecting my computer to force it to get the new settings from the router, DNS works.

I’m not sure if this is the “right” way to do it, but it works.

Sunday, 19 April 2015

Single Sign-Off

One of the things I find amusing about the IT business is how often we create unintended consequences for ourselves.

Last week at work we ran into an interesting dilemma: We have a nice set-up to enable some level of single sign-on for our external users (business partners), across a suite of applications they use. We're preparing to deploy some browser-based COTS software into that suite of applications. Like most applications, the new one has a "log out" button.

When the user logs out, we'd like to take them back to a page that says, "You have logged out. To log on again click here." But we can't, because once they click on the log-out link, our "single sign-on" becomes "single sign-off". Before they can see any page on our partner network, we have to send them to our corporate log-in page.

We have options, so it's not like this is a huge problem. But no one thought of it before, so we're going through a bit of churn while people get their head around the problem and decide how they want to deal with it.

So don't forget, "single sign-on" also means "single sign-off".

Sunday, 18 January 2015

Finding More Women for IT

Martin Fowler recently published a great blog post on how to get more gender diversity in IT. You need to read his post to understand this one, but in a nutshell he makes an analogy to a bag of marbles. 80 % are blue and 20 % are pink. 10 % of each colour are sparkly. As long as you have 100 marbles, you can find 2 sparkly ones of either colour. You just have to look for them.

When I read his post, I thought, "what about the marbles outside the bag." In the universe of marbles, 50 % are blue and 50 % are pink. 10 % of each colour are sparkly. So if you step outside the bag (e.g. the resumes you received for a job posting), the probability of finding a sparkly pink marble is actually greater than that of finding a blue one.

Another thought would be to get a bag of pink marbles from the factory. Then it's really easy to get pink sparkly marbles. And you'll probably get to chose amongst all the sparkly ones yourself, at least until other people clue in that this is a good way to get sparkly marbles. This is the equivalent of recruiting from women in IT meetups and suchlike. And that's not so hard.

Sunday, 4 January 2015

Using Plantronics M165 Marque 2 Bluetooth Headset with Linux

The Plantronics M165 Marque 2 Bluetooth headset paired very nicely with my Android phone. To pair it to my computer running Linux Mint 17 I:

  1. Clicked on the Bluetooth icon
  2. Turned on Bluetooth
  3. Clicked “Set up a new device…”
  4. Pressed and held the Call button on the headset for five or six seconds, until the computer found the headset (the Plantronics documentation is here)

The sound test in the Sound Settings dialogue didn’t sound right, but I could play music through the headset and it should sounded recognizable.

Using it with Skype gave super-sucky sound quality. Lowering the PCM level in alsamixer to about 70 made the sound quality a lot better, but still not great (lower the PCM level was suggested here).

alsamixer is a command-line application. Open a Terminal and type: alsamixer, then use the left and right arrow keys to find “PCM”, and use the up and down arrow keys to set the level.

Still trying to improve the sound quality, I noticed that the built-in microphone is on when the headset is on. On a Skype test call, manually turning off the microphone didn’t seem to make a lot of difference to the sound quality.

Using Audacity to record sound, the quality of the built-in microphone was even worse than the headset.

[Edit] Using the headset, I made a Skype call to my son, and he said the quality of my voice was okay. I could also hear him okay.

In case you need to know, the Bluetooth config files are in /etc/bluetooth.

Tuesday, 11 November 2014

Movies at Home

I keep hearing about how we don’t need cable any more to watch movies or TV. All the talk convinced me I should try. Well, talk about some serious time wasting…

I wanted to:

  • Put my DVDs onto a file server and play them, without having to load them in the DVD player
  • Play on the TV anything I can see on my computer through my browser. In particular, I wanted to play TV from Guatemala. Some of the channels there stream a lot of their programming straight to the Internet
  • Play Netflix, and possibly other services, with a decent selection of material. I had Netflix for a few months a couple of years ago but, living in Canada, we quickly ran out of material to watch
  • Do everything in such a way that everyone else in the family can use the technology, once I get it set up

What have I managed to do?

  • I can play my videos on my TVs, via a Roku 3. I’m also optimistic that I can get my WDTV Live to work as well. It required a lot of research, mostly because I had to convert the DVDs to a different format, and buy a big new storage device, a Synology DS412+ NAS device
  • I can play some stuff on my TV that I can play in a browser, but not everything. To be more accurate, I can play stuff from YouTube, but not anything else. This is quite useful, but not all that I wanted
  • I haven’t tried Netflix with the VPN yet, but I don’t expect any issues. I have a VPN from PureVPN. Setting up the VPN the way I wanted it was a true adventure, not covered in this post
  • The younger members of the family can use it, but I’m frequently frustrated by the number of hoops I have to jump through. It’s sure not like just turning on the TV and flipping through the channels

Some of this was surprisingly easy, and some required the typical technology flailing that I get into. Overall, it’s a solution that requires a certain amount of comfort with technical topics. I’m starting to get my head around digital video, but I’m nowhere near an expert. I also know a lot about Linux, and enough about networking to have an idea of what I wanted to do.

This post will only talk about the process of getting my DVDs onto my network and playing them from the TV. I’ll cover:

  • The storage device for movies
  • How to play a movie from the storage device on a TV
  • How to put your DVDs on the storage device
  • What if you want to do something different from what I did


Video work requires lots of disk space. A non-HD movie from a DVD takes more than a GB. In my experience, a typical movie DVD has more than 4 GBs on it. And the software for playing movies on a TV, at least the software I found, doesn’t play from the ISO file (direct copy of a DVD), so you have to convert it. In the process of converting, you may need even more space.

The need for storage space was what made me buy the Synology DS412+ NAS device, which runs DSM 5.1, a BusyBox-based Linux machine.

The Synology doesn’t actually come with disks (so, for example, don’t get excited about how cheap it is when you look up the price). You buy the disks you want to put in it. That gives you the freedom to decide how much storage to buy.

I bought the maximum of four disks, 3.5 in, with 3 TB capacity each, and used the default formatting option, which is a type of RAID-5. The result is that I have just under 8 TBs of usable storage space, plus the ability to replace any single-disk that fails with no loss of data.

I ordered from NCIX, which has a big presence where I live, so they delivered in less than 36 hours. I had it running on my network in 48 hours after ordering. Total cost was around C$200 per usable TB.

(You could never get storage that fast and that cheap in the enterprise IT world. I know it’s a bit unfair to compare, as it’s not completely apples-to-apples, but seriously, CFOs need to ask their CIOs what benefit the corporation is getting from overpaying for storage from EMC, HP, NetAPP, or Hitachi. They don’t get responsiveness or agility. They sure don’t get cheap storage – at work I pay $9,000 per TB. That’s right. 45 times as much.)

I thought about putting together my own storage box using an old computer from FreeGeek. I’m sure it would have been a lot of fun for a geek like me. The reality is that it wasn’t going to be much cheaper, and it would have taken a lot more time.

Note: The DS412+ doesn’t appear on Synology’s site any more, so perhaps there’s a newer equivalent.

Playing DVDs

Once I got the Synology running, I was pleasantly surprised to discover that I had something that serves up videos to a Roku 3. The Synology comes with built-in software to be a media server.

The Roku 3 has an app called DS Media that works with the Synology media server. I had to get it from Roku’s channel store, but that’s pretty easy. It was under the “Audio and Video” category, and was free.

Once I had the DS Media channel on the Roku, all I had to do was upload my movies, in the right format, to the “video/movie” folder on the Synology. Getting them in the right format was the next trick – see the next section.

I haven’t got the WDTV working with the Synology media server, but it seems to recognize and connect to it, so I’m hoping…

I had started to play around with Plex on my home-built file server, just enough that my free trial period had run out. Since the Synology came with its own thing, I haven’t pursued Plex. A lot of people like Plex.

Ripping DVDs

I figure if I buy a DVD, I can make a copy of it and watch it on my TV. (I guess that’s my disclaimer that I’m not encouraging you to make illegal copies of your videos.)

I already had a lot of DVDs copied to ISO images, by using:

dd if=/dev/cdrom of=movie-name.iso

That’s a Linux terminal command. Mac users can do something similar in a terminal. Windows users: you’ll have to figure it out for yourself. Sorry.

It turns out, in this fancy modern world, video players don’t play ISO files. It sort of makes sense. You don’t want to have to go through a DVD’s menu if you’re watching on your phone or tablet.

It turns out that converting an ISO to a file playable by a phone, tablet, or TV (like the Roku or WDTV) can be a savage journey into the morass of video encoding. The morass includes open-source telenovelas about competing projects (this seems to be a relatively unbiased summary), patent-encumbered video formats, lossy video formats, and differences in Linux distributions.

You can avoid most of that trip by doing this:

  1. Install VLC media player and Handbrake from your distribution’s repository. You don’t need to use VLC directly. VLC installs software that enables Handbrake to rip some, but not all, copy-protected DVDs
  2. Review this link for how to optimize the Handbrake conversion for the Roku. Standard DVDs don’t have HD video, so 480p is as good as it’s going to get
  3. Use Handbrake to rip your DVDs or ISO files to the open Matroska container format (.mkv). Matroska is now well-supported on Android and TVs/TV boxes like the Roku

If you want to play your videos on an Apple device, it’s more complicated. In fact, I haven’t got it to work yet. The version of Handbrake on distributions derived from Ubuntu 14.04, like Linux Mint 17, doesn’t support output to the MP4 container format, for software patent reasons. The MP4 container is the only format supported on Apple products.

There are suggestions that I could build my own version of Handbrake that would work, but one set of instructions I followed didn’t work, and I haven’t pursued it further.

Doing Something Different

Most of the time I spent on this was the research and learning. If you want to try exactly what I did, and you’re comfortable Googling for advice on technology topics, it’s not that hard.

However, there’s a good chance that you won’t want to do, or won’t be able to, do exactly what I did. Here are some things to watch for:

  • The Linux video world is constantly in flux. If you’re using versions after Ubuntu 14.04, or distributions not derived from Ubuntu, you should definitely confirm that you can rip your DVDs before you spend a bunch of time, and money on hardware for storage or playing
  • If you’re not using Linux, confirm that Handbrake and VLC work on your version of Windows or Mac OS, and can do what you need
  • If you have anything other than a Roku 3 for playing Internet TV, you need to find evidence on the Internet that your device can work with the Synology media server. Look for the evidence by Googling the name of your device and the model of Synology you plan to buy
  • If you want to use a different storage device, you have to figure out whether it has a media server, and whether the media server is compatible with your TV device


With a Synology NAS storage device, a Roku 3 with the DS Media channel, my own DVDs, and Handbrake, I was able to convert DVDs to movie files, store them on the storage device, and play them on a TV through the Roku.

Monday, 3 November 2014

There's No Such Thing as a Dry Run When You're Moving a Data Centre

There's no such thing as a dry run when you're moving a data centre. That may not seem sensible. But here's why. I think it's easiest to explain in one sentence:

If you do a dry run, moving a computer to a different data centre, and it works, why would you move it back?

If that still doesn't make sense, think back to the days when moving a computer included a physical activity: unplugging the computer, putting it on a truck, and shipping it to your new data centre. Would you really propose that you do a dry run of that, then, if your dry run succeeds, putting it back on a truck, moving it back to the old data centre, getting it running again, only to then do it "for real" some time later?

Granted, in the world of virtual computers, you don't have to actually move the computer back. However, there is still a list of activities you have to do to move a virtual computer, that you have to undo. There's just as much a chance you'll screw up the undoing of those steps, as there is that you'll screw up the doing of them in the first place. A dry run actually increases the overall risk of the relocation.

Monday, 29 September 2014

Definitive Guide to Recovering from a Full Disk

Cheap, stingy guy that I am, I allocate really small system partitions to my Ubuntu servers. This means that periodically my disk fills up. It fills up because every kernel upgrade takes a fair amount of space, and old kernels aren’t cleaned out automatically. Unfortunately, the disk usually fills up when trying to do an upgrade, so apt-get fails, and terminates with a partially installed package. You’ll know that has happened when you get a message like this when you run an apt command:
E: Unmet dependencies. Try using -f.
Once that happens, you can’t use any apt command.
There’s lots of advice out there about what to do, but the pages I’ve found always seem to leave something out, or assume knowledge of apt or dpkg that I don’t have.
So based on the last time this happened, here’s how I plan to recover the next time I run out of space. Warning: lots of Terminal commands coming up. I do everything in the Terminal for a few reasons:
  • The happens to me most often with servers, as I’m trying to save space, especially for virtual machines. My servers don’t have a GUI
  • Terminal works for both desktop and server machines
  • It’s easier to document commands for the Terminal
First, I have to make sure the problem really is that I’m out of space. (Looking for 0 in the “Avail” column, on the line that has “/” under the “Mounted on” column):
$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       3.7G  3.7G     0 100% /
Then I find out what version of the kernel I’m running:
$ uname -a
Linux ixmucane 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Next, I find out what kernels are installed:
$ dpkg --list | grep linux-image
If I have at least two versions older than the one I’m currently running, I can remove the oldest one (replacing the “n.nn.n-nn” with the version number I want to remove):
$  sudo dpkg --purge linux-headers-n.nn.n-nn-generic 
$  sudo dpkg --purge linux-headers-n.nn.n-nn
$  sudo dpkg --purge linux-image-extra-n.nn.n-nn-generic 
$  sudo dpkg --purge linux-image-n.nn.n-nn-generic 
This should free up lots of space, but I check again with df -h. Then run:
$ sudo apt-get -f install
If the amount of space it needs is less than what’s available according to df -h, then I go ahead and finish the install. To be safe, I also do:
$ sudo apt-get update
If there’s not enough space, and I have more old versions of the kernel installed, I just repeat the above dpkg until I have enough space to finish the install.
The above is the happy path. If I didn’t have two versions older than the current running kernel, I would try to remove the partially installed packages. Looking again at the output of:
$ dpkg --list | grep linux-image
if the newest version there is newer than the kernel currently running, then I would try the above dpkg commands to remove the partially installed packages. Some of them won’t work, of course, since the package isn’t installed, But once all the installed packages are removed, presumably there would more space and I could try:
$ sudo apt-get -f install
The reason I want to have two versions older than the current version is in case for some reason the current kernel doesn’t work, I can go back to the previous version. This is a cautious approach. If I’m really stuck, I would remove all versions except the current version. I’d probably make sure that I could boot the current kernel first. I haven’t had to do this and I hope I never do, but…