logIt Log Around The Clock

application ARMv6 ARMv7 BeagleBoard certificate daemon device driver DNS embedded system emulator file system fuse GPIO image install-deinstall java java GUI job automation kernel local bin make-install managed node monitoring motif GUI OMAP3 OOP OSS OVCoreID php proxy python Raspberry Pi rootfs security shell script snmp socialmedia squid startup tagging template USB web-based wordpress Zabbix

Raspberry Pi GPIO Input Button Basics

When you start hacking Raspberry Pi’s GPIO, first thing to keep in mind is the +3.3V CMOS logic level voltage despite the 5V supply. Secondly, read references about current limiting resistors (eLinux Wiki has a section there). What to avoid then? Try not to physically short the GPIO pin to ground when it is programmed as the opposite output-high.

GPIO pin logic state (meaning voltage) are both programmable and driven by physical-connection. I choose wiringPi for practical reasons: availability of its Python wrapper and its simple syntax (glancing it at first sight). WiringPi has an option of using its own pin numbering to address it in the code instead of the original GPIO numbering (there are board revisions to watch for in some cases of usage, not mine). Every pin can be initialized as input or output.

Updated: Wiring-Pi Python is deprecated and moving to 2.x version that supports I/O expander. However, you can still find this combination of commits that will work and build without error message:

- main module: WiringPi-Python@9c77bde
- submodule: WiringPi@89bbe97

(Check how to build on my README)

Using an analog multitester, here are behavioral findings:

Prior to trying the push-button switch, I didn’t have proper circuitry and working with wires as probes, prone to accident that was. I found an advice to insulate the +5V pin voltage so I could worry less.


Raspbery Pi: Getting Started with GPIO Hack

Insulate the +5V pin of Raspberry Pi

A 10k pull-up resistor and a button are enough to test the following. Go to interactive Python shell and run line by line until the button push is read as low logic (GPIO7 in this example):

# python
Python 2.7.3rc2 (default, May  6 2012, 20:02:25) 
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import wiringpi
>>> import time
>>> INPUT=0
>>> OUTPUT=1
>>> HIGH=1
>>> LOW=0
>>> SETUP=wiringpi.wiringPiSetup()
>>> print SETUP
0
>>> wiringpi.pinMode(7,INPUT)
>>> RESULT=wiringpi.digitalRead(7)
>>> print RESULT
1
>>> RESULT=wiringpi.digitalRead(7)
>>> print RESULT
1
>>> RESULT=wiringpi.digitalRead(7)
>>> print RESULT
0
>>>

These basics convince me to go ahead with my goal of having a membrane (matrix) keypad as input for Raspberry Pi to run some script (see next post).

(Check also RPi common USB problems post)

HTTPS Using Server-Client Certificate Pair (1): Generate & Sign by OpenSSL

Multiple command lines in the process of generating certificates using openssl can be quite confusing and easily mixed up over which-do-what. Most of them are repetitions of almost the same syntax (where the confusion comes).

Background:
I need to setup an HTTPS site with not just server certificate to secure it, but requiring also client side certificate. The site will only show the content to authorized users with the correct pair of server-client certificate. It will also expire after a certain date. The certificates are self-signed as they’re for closed environment usage.

This post covers two general processes: generating and signing.

How to generate SSL certificate using openssl is a straightforward process of:

  1. generate its key
  2. create certificate request with that key
  3. generate certificate from request and key

Hence, in any type of the certificate I have a general <some-cert-key>.key, <some-cert-request>.csr, and <some-cert>.crt. When I mean “type”, they are CA (Certificate Authority), one/more server certificate, and one/more client certificate.

ssl-certificate-ca-server-client-illustration-1.png

Generating Pairs of Key-Certificate with openSSL: CA, server, & client

In terms of signing the certificates, all of them are signed using the CA. Which files to be used in the server will become the subject of the next post.

Continue reading “HTTPS Using Server-Client Certificate Pair (1): Generate & Sign by OpenSSL” »

That Handy Tap Interface on Mac OSX

Ubuntu has been my desktop for some years. I’ve become so attached in a way that I no longer know how to work without. Then of course, the pain of moving to Mac is one foreseeable future. Unlike my usual repository where everything is on the table and for free, this one is a little tougher to handle. Well, if I were to cut to the chase, tap interface for instance, was nowhere near to be found. My VirtualBox depends a lot on these virtual networks as I’m used to try things out.

..you’ll always have love-hate relationship with the tools you work with.. blindly turning yourself into devoted-fanatic is another thing..

Enough bragging (let’s spare that). First we need to have /dev/tap0, /dev/tap1, etc., available using TunTap kernel extension.

I modify the small script from this post to have it available on background instead of keeping a shell open all the time:

I saved it as /usr/local/bin/setup-tap1.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/usr/bin/python
 
import os
while 1:
	try:
		file_path = '/dev/tap1'
		dev_file = os.open(file_path, os.O_RDWR)
		interface = 'tap1'
		while 1:
			pass
	except:
		print "tap interface is closing"
		exit()
		break

Let the shell takes care of putting it to background (daemon):

[root]$ /usr/local/bin/setup-tap1.py &

and there you have one working tap interface:

virtualbox-mac-osx-tap-interface.png

VirtualBox tap interface in Mac OSX Lion 10.7

[Moving-in would probably be easier if I started life with FreeBSD. More posts to come]

Cross-Compiling for Ubuntu ARM by ffmpeg Example

This has been a delayed post since I only figure out how to solve configure error just now. It wasn’t really necessary to cross-compile last year because compiling ffmpeg directly on the ARM-board finished overnight (despite the low CPU). Anyway, in this post I’m still using the board to easily retrieve package dependencies from Ubuntu ARM repository. Toolchain used is arm-linux-gnueabi-gcc-. The following steps will apply in general:

  1. download source file (that is ffmpeg in this example)
  2. retrieve development library/build dependecies
  3. place header files and dependency libraries into toolchain path
  4. configure with toolchain
  5. make and create .deb installer package with checkinstall
cross-compile-desktop-and-arm-board-illustration.png

cross-compile: Illustration of what's done on ARM-board and what's done on desktop

Prior to anything, install Linaro toolchain by adding their repo first:

$ sudo add-apt-repository ppa:linaro-maintainers/toolchain
$ sudo apt-get install gcc-arm-linux-gnueabi

A complete guide on how to compile ffmpeg can be found in their wiki. It applies generally. So, I’ll just skip to following configure:

[ubuntu-desktop]$ ./configure --cross-prefix=arm-linux-gnueabi- --enable-cross-compile --target-os=linux --arch=arm  --cpu=cortex-a8 --extra-cflags='-march=armv7-a -mfpu=neon -mfloat-abi=softfp' --enable-libtheora

Continue reading “Cross-Compiling for Ubuntu ARM by ffmpeg Example” »

Simple ffmpeg UDP Video Streaming (from BeagleBoard running Ubuntu)

I really mean simple, this is a one command line UDP stream from the BeagleBoard (running Ubuntu ARM) to my desktop (IP address 192.168.1.19 in this example), the source video is an FLV file inside the ARM-board:

$ ffmpeg -i UNIQLO_MIXPLAY.flv -v 0 -vcodec mpeg4 -f mpegts udp:192.168.1.19:1234
ffmpeg-cross-compiled-flv-video-udp-streaming-test.jpg

ffmpeg streaming from BeagleBoard played by VLC on the desktop

Although it’s a break-dance video, it plays uninterrupted, without any break.

Here is how my desktop see the stream with VLC player:

vlc-simple-udp-stream-test.png

VLC setup (on the desktop) to play the UDP stream

With less documentation, a more complex setup with integration to Wowza Media Server is available on my github.

Zabbix Proxy: distributed NMS monitoring via embedded Linux (Ubuntu on BeagleBoard)

As already mentioned in previous post’s introduction, proof of concept on how Zabbix Proxy works under unreliable communication is what this next post about. The idea is to have these scenarios tested:

  1. independent SNMP data polling by individual NMS proxy (embedded system)
  2. intermittent connection between main/master NMS server with its proxy

Of course we’ll do them in implementation context of Zabbix Server as main/master NMS server and our BeagleBoard xM as its proxy.

zabbix-proxy-routine-log-abstract-illustration.jpg

Zabbix Proxy - distributed NMS over embedded Linux

In the technical details, I already followed pretty much the same steps showed in installation wiki (with the exception that I didn’t put the process into startup init.d script as I would start it manually as needed).

The first test is to make our Ubuntu ARM board accepts configuration done in Zabbix Server web-GUI, retrieves SNMP data to it, and sends collected data to server. Mode passive is chosen so that the server will be the one initiating contact with the board. After enabling a certain SNMP host, i.e. host-aaa, as monitored-by-proxy, the Zabbix Server log will show:

15677:20120601:022022.960 Sending configuration data to proxy 'beaglexm1'. Datalen 9205

Our board, ‘beaglexm1‘, will start to poll SNMP data from host-xxx to then store it in designated sqlite database.

975:20120531:212024.098 proxy #8 started [poller #5]
984:20120531:212024.128 proxy #17 started [discoverer #1]
968:20120531:212025.423 Received configuration data from server. Datalen 9205
971:20120531:212030.388 Enabling SNMP host [host-aaa]

From time to time as configured, our board will also run housekeeping to keep our board database file in small size.

1081:20120531:224513.922 Executing housekeeper
1081:20120531:224514.505 Deleted 4885 records from history [0.453765 seconds]

Under normal connection, in main Zabbix Server we’ll start seeing the collected data from host-aaa the same way as when the SNMP data is polled by the server directly. To emulate disruption to the connectivity, I choose to use simple iptables drop packet. This time the server will no longer seeing new data.

After the drop block is released, the server we’ll start seeing new data as well as data from the period of intermittent connection. It will take some time before all of that being sent to the server.

In general that proves it. I collected 44 OID values from the host-aaa every 30 seconds and in this case BeagleBoard utilization was very low as this wasn’t a stress test to see its performance.

Compile Zabbix Proxy in Ubuntu ARM (BeagleBoard)

I needed to tackle practical limitation of SNMP monitoring under unreliable communication, a serious consideration was made for Zabbix Proxy. It was an option said to be ready for embedded hardware. I already had BeagleBoard xM Rev C running Ubuntu 11.10 Oneiric and needed to proof that it would port functionally to this Linux ARM board. There existed zabbix-proxy-mysql in Oneiric repository, but sqlite seemed to be a better scale option for embedded deployment.

zabbix-proxy-abstract-illustration.png

Zabbix Proxy Distributed NMS

An example set out for Zabbix Proxy on Debian appears to be pretty straightforward to follow. With the ARM board already installed with build-essential, snmp, and snmpd, the following needs to be added:

$ sudo apt-get install libsnmp-dev libcurl4-openssl-dev fping curl sqlite libsqlite3-dev ntpdate

then start the pre-compilation configure (in this case Zabbix 1.8.7 is used):

cd zabbix-1.8.7
./configure --enable-proxy --enable-agent --with-sqlite3 --with-net-snmp --with-libcurl

It will go smooth. However, during make there are complains about undefined references to ‘sqlite3_open‘, ‘sqlite3_close‘, etc.:

Continue reading “Compile Zabbix Proxy in Ubuntu ARM (BeagleBoard)” »

Alas my LinkedIn password is in the file! (Howto check compromised password)

When LinkedIn privacy breach was about to be revealed during Yuval Ne’eman workshop in Tel Aviv University, suddenly the timeline trends were that of friends, telling people to change LinkedIn password. Both were separate issues and of course the privacy breach was then subsided from people’s attention. To tell you the truth, as a secret admirer of conspiracy theory (whether I admit it or not), this coincident was just too perfectly timed. But, I’m also curious whether my password was among the stolen 6,458,020 (yes: 6,4 millions) uploaded by the hacker in hashed SHA-1 without the user name.

linkedin-uploading-contact-resized-skycure-dot-com.png

Snapshot of uploaded contact data from calendar (skycure.com)

There is not other way but to check my password against the combo_not.txt found via Filestube. People already posted howto check this, the easiest way is doing a single line in the shell:

$ printf bandito | openssl sha1 | cut -c10- | grep -f - combo_not.txt
00000d40df69b72328229d2425714f40d7d9a7a3

Bingo! a match there for the password “bandito” (I choose this randomly expecting some person out there is using it). Another way (for comparison as I’m no security expert) is by this short python script (slightly altered from Phobos Technology blog post):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
"""
Save this file as linkedin_hash.py and ensure it's
in the same folder as combo_not.txt
Usage: python linkedin_hash.py hunter2
"""
from hashlib import sha1
import sys
password = sys.argv[1]
hsh = sha1(password).hexdigest()
print "SHA-1: %s" % hsh
x = 0
for line in open('combo_not.txt','r'):
    if hsh == line.strip():
        x += 1
    elif "00000" + hsh[5:] == line.strip():
        x += 1
        print "Matching line: %s" % line
print "Number of matches: %d" % x

My verdict is: my password is on the list and I’m considering a leap of faith from devoted conspiracy believer.

PS: I don’t find that “password” or “123456″ as common passwords used by many people.
PPS: A side story: Indonesians are found to be using weakest passwords (as research over Yahoo ID revealed)

Acknowledging Event: Zabbix Python API

Acknowledgement is one of the things that is provided by Zabbix API in its event section. We can make use of the methods get() and acknowledge() to automatically acknowledge an event. Digging through the attributes of those methods, the official doc doesn’t provide complete example to follow. Added with some luck, my search get me to have the following JSON RPC that works in Zabbix 1.8.7 using Gescheit API implementation written in Python.

When the goal is to acknowledge a specific event, the JSON call is however limited to some basic responses. It means that you can’t query a single RPC request for i.e. the following combination: list of acknowledged events with “problem” status and trigger ID 500 (500 is merely an example).

However, combination in a single request do exist i.e. I’ve tried: list of acknowledged events with “problem” status as the following GET request:

{
"params": {"acknowledged": [1], "value": [1]}, "jsonrpc": "2.0",
"method": "event.get",
"auth": "some-hash-authentication",
"id": some-RPC-sequence-integer
}

(Note: value=1 means status is “problem”)

For the basic example above, find the script in my fork of Gescheit API.

Back to our goal of acknowledging events, our API can make the following RPCs:

ack_list=zapi.event.get({"acknowledged":[1]})
problem_list=zapi.event.get({"value":[1]})
event_trigger_list=zapi.event.get({"triggerids":[trigger_id]})

Yes, they are three requests. We can then filter out a single event to be acknowledged by intersecting the three results. The first intersection is between event_trigger_list, problem_list, and ack_list as illustrated below:

problem-list-acknowledgement-intersection.jpg

Intersection of problem list, event list with specific trigger ID, and acknowledged event list

After we opt-out those intersections, we can then get the event with problem status and choose the latest event only to be acknowledged. Check the code on my github.

Python 2.6 in Red Hat 5

I need Gescheit Zabbix API implementation to run on RHEL5.2

Installing RPMs from Geekymedia seems to be the easiest. I only need the following to make it work:

  1. python26-2.6-geekymedia1.i386.rpm
  2. python26-libs-2.6-geekymedia1.i386.rpm
← Before After →