paganfest 2009

I have just returned from Paganfest in Frankfurt Batschkapp. Wow, what a great event. Okay, I am a bit early home again, but beeing there since 5 pm and banging and moshing the whole time can be really exhausting.

The first band was Swashbuckle, they dress like pirates and play death-metal. I liked his fluffy toy parrot on the shoulder of the lead singer. The next band was Ex Deo. It was the first time I've listened to their music. They are playing great death-metal. They take the inspiration for their lyrics from the old rome.

But one absolute party overkill act has been Alestorm. They play absolute f*cking genius pirate-metal1). Just everyone was banging and singing to their songs! Absolutly a must-have in every metal collection.2) The fourth band was Unleashed, but I took a little timeout, so I haven't seen the whole act. They were okay. Not really one of my favorites, but quite okay.

The next ultimate act on this evening was Die Apokalyptischen Reiter, I've never saw them live before, despite the fact that they are one of my favorite bands. It was fantastic. There was a wall-of-death, I almost lost my shoe during that. Alestorm tried to make a wall-of-death, too, but I think there where to many little kids, which cannot count to three and wait for the “Go!”. So their wall-of-death perished within a simple “Pogo-session”. Back to the Reiter. It was just brilliant, how the lead singer transfered his energy and enthusiasm to the masses at the moshpit. Brilliant!

The last one this evening were Korpiklaani, which is also nice music to party. The first thing which attracts attention is the bottle of Vodka he trinks during the gig.

Okay, I call it for the day. I am tired. Good bye!

1) the real genre is folk-metal
2) They only have two ablums, but there will be more in future.

Blogging with DokuVimKi

If you love Dokuwiki and Vim you also propably know DokuVimKi, but do you use it for blogging? I do, sometime at least, but what me really bugged, was that there is no template, like the web frontend provides. But Vim wouldn't be Vim, if it couldn't be fixed. So here is my solution.

To get it working the way I use DokuVimKi you just need to follow the following steps:

How to install

The shell alias

Put this function into your shell configuration (.zshrc, .bashrc)

function viDokuVimKiBlog() {
    if [ $# -lt 1 ]; then
        echo "You should give your blog article a title!"
        return
    fi
    TITLE="$*"
    DW_PATH=blog:`date +%Y:%m:%d`.`echo ${TITLE} | sed 's# #.#g'`
    vim +DokuVimKi +"DWNew ${DW_PATH}" +"silent! 0r ~/.vim/templates/blog.dokuwiki.tpl" \
    +"%s/%TITLE%/${TITLE}/g"
}
alias viblog='viDokuVimKiBlog'

The template

Create a template diretory:

% mkdir ~/.vim/templates

Create you template called blog.dokuwiki.tpl:

% cat << EOF > ~/.vim/templates/blog.dokuwiki.tpl
====== %TITLE% ======
 
 
 
 
 
 
 
~~NOTOC~~
EOF

How to use

The next time you want to blog you can start the whole environment with

% viblog This is a new entry to my blog

This will start vim and create a new page in the namespace defined by the DW_PATH variable in your shell configuration. You may need to modify it. I use the following namespace to blog:

  blog:%year%:%month%:%day%.%title_of_entry%

Updates

Update #1: I've fixed the viDokuVimKiBlog() function. Within the if-fi-statement was an exit, which causes your shell/terminal to logout/close. The correct function is a simple return.

Update #2: Fixed some stupid typos.

Wallpaper change for Xfce

Because I am changing my wallpapers as often very often, I've started writing a tool which changes the backdrop of my Xfce desktop after a period of time. The tool - which can be downloaded here: pyxfwpchange - uses the image list feature to change the wallpaper.

Time to relax...

It's the time of the your were I need to study for my upcoming exams. After I've noticed, that I am doing complete bullshit like 20 - 5 = 5, I decided to do something to relax. I'm pretty good in relaxing in front of my computer, and here I am and also something useful - oh my pizza arrived, brb. During the last week, my IP address changed and I where unable to access my NAS from outside. This was part one on my todo list, the second and final part was to figure out why Ubuntu doesn't ask for two passwords for my two encrypted partitions.

Dynamic DNS with Bind and ipupdate

When you call a server your own, where you have full control of the Bind configuration and wanted to have your own dynamic DNS for your home IP address, this is might for your interest.

Configuring Bind

Setting up rndc key

The easiest way is:

# dnssec-keygen -a <alg> <name>
# e.g.:
$ dnssec-keygen -a HMAC-MD5 home.foo-bar.com

Two file will be genereted, a

K<name>+<alg>+<id>.key

and

K<name>+<alg>+<id>.private

Open one of these files or use cat to get the output. If you opened the file .key, you take the last column, the string often ends with ==, if you opened the file .private you copy the string for Key:.

EXAMPLE0SEcr3tString00==

Editing your named.conf

or your named.conf.local, or where ever you keep track of your different zones. I'll demonstrate with a small example what changes you should make. At first define the key, your client uses to authenticate:

key "home.foo-bar.com" {
    algorithm hmac-md5;
    secret "EXAMPLE0SEcr3tString00==";
};

After that you need to update the zone configuration for foo-bar.com. For example the section looks something like this:

zone "foo-bar.com" {
    type master;
    file "db.foo-bar.com";
    allow-transfer {
        10.0.1.1;
        common-allow-transfer;
    };
};
You need to insert an update-policy1).
zone "foo-bar.com" {
    type master;
    file "db.foo-bar.com";
    allow-transfer {
        10.0.1.1;
        common-allow-transfer;
    };
    update-policy {
        grant home.foo-bar.com name home.foo-bar.com. A;
    };

};
As a short conclusion for the update-policy syntax, the first parameter grant allows use to update, if the rest of the rule matches. The second parameter is our key we defined above, the third is a matching rule. I'm using the full domain name to check, You should have a look at the Bind documentation to see the other options. name is followed by the matching name and the last one is the type, 'A', 'CNAME', or 'TXT'2).

After everything is setup you need to reload your Bind DNS server.

$ rndc reload

Your Bind is now configured.

Configuring ipupdate

I came up with the idea using my DNS server to manage my dynamic address, while scrolling through the OpenWRT Kamikaze package list, and so I gave it a try.

Edit your /etc/ipupdate.conf:

server "ns.foo-bar-com"
{
    zone "foo-bar.com"
    {
        hosts "home"
        keyname "home.foo-bar.com"
        keydata "EXAMPLE0SEcr3tString00=="
    }
}

Now, execute ipupdate

$ ipudate
getconfig: loading '/etc/ipupdate.conf'
Detected IP: 10.00.100.200

You also should see a success message. Sorry but I haven't copied it, but you'll recognize, when it is successful. Otherwise you'll see some errors. If you check in your Bind directory, (e.g.: /var/cache/bind) you should see a file named home.foo-bar.com.jnl. After 15 minutes the changes will be merged with your db.foo-bar.com zone file.

You can start ipupdate as daemon.

$ ipupdate start

If also installed a cronjob to check every 24h, if an update is needed.

59 23 * * * /usr/sbin/ipupdate

Ubuntu jaunty and two crpyted partitions

I've updated to Xubuntu 9.04 recently and using encrypted LVM to secure my stuff. After I've set up a second partition encrypted with cryptsetup and hooked it up in my LVM. Ubuntu didn't ask for two passwords during boot. I can remember using Debian using with two encrypted partitions and putting the entries into your /etc/crypttab and updating the initrd's was enough to get asked twice during boot. Ubuntu seems to fail at this point. In this chapter I'll want to show you how I've solved this problem, for now. This solution isn't automated, yet, and using update-initramfs overwrites the changes.

With Ubuntu it unlocks my root partition and trying to bring up all volumes of my volume group. At this point boot will fail, because one of the volumes is encrypted separately. After a minute,Ubuntu will drop you to a fail-over console. At the (initramfs) prompt I needed to unlock my second partition and hit Ctrl+D to resume to normal boot.

Updating the initrd

Extract the initrd of your current kernel:

$ mkdir /tmp/initrd-$(uname -r)
$ cd /tmp/initrd-$(uname -r)
$ gzip -dc /boot/initrd.img-$(uname -r) | cpio -id

Open the file conf/conf.d/cryptroot and add a separate line with your second device. You should know your UUIDs for this. Here is mine, after I've edited it.

target=sdc1_crypt,source=/dev/disk/by-uuid/56fc9490-4afd-484f-9574-640bec210fe1,key=none,lvm=goat-root
target=sdd1_crypt,source=/dev/disk/by-uuid/f6b68c07-ad87-46a6-8602-94889c1233b8,key=none,lvm=goat-home
target=sdc1_crypt,source=/dev/disk/by-uuid/56fc9490-4afd-484f-9574-640bec210fe1,key=none,lvm=goat-swap_1
I've added the line starting with sdd1_crypt.

To complete the setup we need to pack the initrd back together. Make a backup of your old initrd.img first!

$ cd /tmp/initrd-$(uname -r)
$ find ./ | cpio -H newc -o | gzip -c > initrd.img-$(uname -r)
$ cp initrd.img-$(uname -r) /boot/

You now should be asked twice for a password, or more, if you have more devices added.

1) There are other ways to implement the updates, but this gives a better control and improves security. https://www.isc.org/software/bind/documentation/arm95#dynamic_update_policies
2) See Bind documentation for more. https://www.isc.org/software/bind/documentation

Woohoooooo

Lori

<sarcasmn>
Finally no more child abuse or rapes… If I don't see it, it'll not happen.
</sarcasmn>


blogspace/goatblog.txt · Last modified: 2010/02/02 21:20 by jpk