c

Handy commands

Echo service with socat:

socat TCP-LISTEN:8888,reuseaddr,fork PIPE,nonblock

And to connect to it:

echo to the echo | socat - TCP:hostname:8888

I fucking hate oversized JPEGs

find . -name "*.jpg" -size +1M -print0 | nice xargs -0 -n1 -P4 jpegoptim --size=900 --dest=../data_resized --preserve --quiet

# Alternatively use ImageMagick's convert tool to fit the image within 4K. jpegoptim above fucks up the colors of some JPGs
find . -type f -name "*.jpg" -exec convert -verbose -resize '3840x2160>' '{}' '../img_resize/{}' \;

# Then update the file mtime from the EXIF info
exiv2 -T rename *.jpg

190315

Dump stacktrace in a JVM (because I forget which was the signal every time):

kill -QUIT `pidof java`

Dump contents of any Linux virtual console

screendump is part of the kbd package in debian

# For tty1
screendump 1
# Almost the same thing (no COLUMNS/LINES interpretation)
cat /dev/vcs1

Quickly create Debian package / quick debianization

Debian new maintainer's guide
Quilt for Debian Maintainers

mkdir ~/src/debian-packages/tai64nfrac
cd ~/src/debian-packages/tai64nfrac
wget http://archives.eyrie.org/software/system/tai64nfrac-1.4.tar.gz
tar xzvf tai64nfrac-1.4.tar.gz
cd tai64nfrac-1.4
git init
git add *
git commit -m 'Initial commit. Pristine upstream sources at v1.4 .'
# dh_make no longer supports the --quilt option
dh_make -e krustev@krustev.net -f ../tai64nfrac-1.4.tar.gz
# Edit files in debian/
mkdir debian/patches
# Setup "dquilt" alias as described in "https://www.debian.org/doc/manuals/maint-guide/modify.en.html"
dquilt new DESTDIR_and_FHS.patch
dquilt add Makefile
# Edit Makefile to support $(DESTDIR) and to put files in /usr instead of /usr/local
dquilt refresh
dquilt header -e
# describe patch and save
# Option 1: Build a binary package only:
fakeroot ./debian/rules binary
# Option 2: Perform compete rebuild
#  clean the source tree (debian/rules clean)
#  build the source package (dpkg-source -b)
#  build the program (debian/rules build)
#  build binary packages (fakeroot debian/rules binary)
#  make the .dsc file
#  make the .changes file, using dpkg-genchanges
dpkg-buildpackage -us -uc
scp ../tai64nfrac_1.4-1_i386.deb me@host:/path
# If you have missed something and have already uploaded - produce a new version:
dch -v 1.4-2
# And apply the necessary changes.

To update the package see: https://www.debian.org/doc/manuals/maint-guide/update.en.html

Managing packages with quilt is not necessary for locally build packages and if you do not distribute the source packages. You can use the power of the git repository and e.g. keep pristine upstream in a branch and the debian packaging files plus patches in another.

Skype: Change video capture resolution

I've faced this when I've upgraded to 2.6.32-3 kernel. Skype was only getting partial frames from my low cost USB webcam. It appeared that it tried the highest resolution it was reporting as supported - 640x480 . The webcam was not actually working in this configuration. So to change the resolution go to:

$HOME/.Skype/YourUserName/config.xml

search for the Video tag and either modify or add the following parameters:

<Video> 
  <CaptureHeight>240</CaptureHeight> 
  <CaptureWidth>320</CaptureWidth> 
</Video> 

Debian disable ipv6

echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
echo net.ipv6.bindv6only=0 > /etc/sysctl.d/bindv6only.conf
# comment out ipv6 entries in /etc/hosts

Fast way to shape incoming traffic

tc qdisc add dev extern0 handle ffff: ingress
tc filter add dev extern0 parent ffff: protocol ip prio 50 u32 match ip src 174.143.184.0/24 police rate 10mbit burst 1mbit drop flowid :1

I remember trying this in the past(at some time before 2005) and it was not working. Then I had to use IMQ to get it to work. Now it appears to work just fine.

Note that the burst should probably be adjusted if you change the rate.

Working with SSL certificates

Print OpensSSL x509 certificates from a concatenated file

perl -we 'my $F; while(<>) { m/BEGIN / and open($F, "|openssl x509 -text"); print $F $_ }' < infile

Dump pkcs12 contents, including any private keys and certificates in PEM encoded form

$ openssl pkcs12 -in pk.p12 -nodes

Verify that a certificate corresponds to a private key

Get the public key from the certificate and the private key and compare them:

$ openssl x509 -noout -pubkey < aps_production.pem 
$ openssl rsa -pubout < aps_production.key 

Or compare the modulus by taking it from both the certificate and private key:

$ openssl x509 -text -noout < aps_production.pem
$ openssl rsa -text -noout < aps_production.key
# Alternatively to dump just the modulus from the private key:
$ openssl rsa -noout -modulus < aps_production.key

Another option to map a certificate to a private key is to use the extension "X509v3 Subject Key Identifier" included in the certificate:

$ openssl x509 -text -noout < aps_production.pem | grep -A1 'X509v3 Subject Key Identifier'
        X509v3 Subject Key Identifier: 
            FF:BA:2C:F6:15:4F:F7:6E:61:9E:43:A0:04:93:B5:A1:F1:38:5B:E2

If you have the private key in a PKCS12 file you can easily dump the key identifier:

openssl pkcs12 -nodes -in pk.p12

If the private key is PEM encoded, to generate the key identifier from it first dump the public key and see its components:

$ openssl rsa -pubout < aps_production.key | openssl asn1parse
    writing RSA key
        0:d=0  hl=4 l= 290 cons: SEQUENCE          
        4:d=1  hl=2 l=  13 cons: SEQUENCE          
        6:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
       17:d=2  hl=2 l=   0 prim: NULL              
       19:d=1  hl=4 l= 271 prim: BIT STRING

You need just the field identified as "BIT STRING". Get it and save it to a file:

openssl rsa -pubout < aps_production.key | openssl asn1parse -strparse 19 -out bitstring.der

And then calculate this bit string sha1sum to get the key identifier:

$ sha1sum bitstring.der
ffba2cf6154ff76e619e43a00493b5a1f1385be2  bitstring.der

Or alternatively:

$ openssl sha1 < bitstring.der
(stdin)= ffba2cf6154ff76e619e43a00493b5a1f1385be2