Archive for gnu

Mr cron, send me an email

I wrote this post to continue with the sysadmining series asked by Ardian.

Sometimes I need cron scripts to email me the result of something and configuring sendmail or postfix to do that seems a little like killing a mosquito with a bazooka (it works, but it’s not very efficient).

So, what I do is use msmtp.

msmtp is very easy to use and configure. Just write a config file for it (.msmtprc in your $HOME) and make it point to the GMail smtp server.
Something like this works:

tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt

account default
port 587
auth on
password H3Re_Goes_Y0ur_p@ssword

Then you $ chmod 600 ~/.msmtprc

And that’s pretty much it. Then to send an email what you do is pipe the mail to msmtp with the address of the person you want to email.

Something like this:

echo -e "Subject:test\\nhello world" | msmtp

That command would send an email to with the subject “test” and the body “hello world”
The “Subject” and “To” fields are optional, but it’s nice to include them. The \n are new lines.

You can also make a text file and cat it and redirect the output with pipes.
More information for the email could be included, like the text encoding used, etc, but for the stuff I need to email, a subject and a body is usually more than enough.

Disclaimer: I don’t like using GMail (the default interface has a JavaScript trap, I don’t trust Google with my personal data, etc), but GMail (through Google Apps) is the mail server of choice at work. Using msmtp doesn’t mean you HAVE TO use GMail. I only put it as an example because it’s what we use at work. As a matter of fact, you’re better off NOT using GMail at all and using some other email provider that doesn’t spy on you and that respects your freedom.

Leave a Comment

Some semi-serious sysadmin scholastic statements

Asked by my friend Ardian, I’m writing these tips for sysadmin-wannabes hoping that it will be useful.

Securing SSH

SSH is one of the best friends of any sysadmin (because everybody knows that sysadmins don’t have real friends). Because SSH is one of our true few friends, we need to make sure that it stays our friend and to do that we have to defend it.
Here are some ways to achieve that:

Security through obscurity

It is a general consensus that securing something through obscurity is not a good idea. Security through obscurity is not real security, but sometimes it helps stop annoying script kiddies. You can’t make your whole security scheme rely on people not knowing your secret, particularly when the secret is easily discovered.
I’m talking here about moving your SSH port to something different than 22 (which is the default port). It’s very easy to find out which ports are open in a server (you just need to use nmap), but there are people who don’t know that and have automated scripts constantly trying to gain access through that port. Usually higher ports is a good idea.
Just don’t rely on this as your only means of securing SSH.

Hello, Mr. John Doe

Don’t let users with very common usernames have SSH access. Particularly, don’t let root have SSH access. Other usernames that shouldn’t be allowed are admin, superadmin, backup, cron, etc. Automated attempts to gain access use dictionaries of common users, so it’s better if we don’t give them a chance to guess what users we have in the system.

Stop knocking at my door!

If we receive many failed login attempts from the same IP, then that person probably isn’t someone with a valid password. There are many ways to tell that person to get off: IPTables rules, fail2ban, denyhosts, etc. Some people may even prefer their own solutions, but having these available, that’s probably not necessary.
The idea is that if a user keeps trying to gain access to our server, we can lock them out for a certain period of time.


Sometimes we have users that connect always from the same host. The host can then be specified in the sshd configuration file so that user can’t connect from anywhere else. In that way, we close the door to yet another possible intruder trying to spoof our user from some other location.

Password? What password?

Relying on passwords might not be a great idea because passwords can be weak (although that can be solved with PAM magic, which I may talk about at a different time). Generating SSH keys and disabling password authentication is usually a good idea. SSH keys are unique (unless you use certain versions of Debian…).

Leave a Comment

I told people at work (yes, I have a job now, more about that later… or maybe not) that I could make lemon pie. They know I’m all about free software, so they asked me if it was GPL lemon pie. I published this in our intranet (some of it is in Spanish, but even if you don’t speak a word of Spanish you can tell what’s going on):

#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''How to make a yummy lemmon pie'''

# is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License,
# or (at your option) any later version.
# is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, see 
# or write to the Free Software Foundation, Inc., 59 Temple Place,
# Suite 330, Boston, MA  02111-1307  U.S.A.

INGREDIENTES_MASA = {'harina':'250g', 'azúcar':'125g', 'manteca':'75g', \
'huevos':1, 'yema':1, 'esencia de vainilla':'un chorro'}
MASA = []

for ingrediente in INGREDIENTES_MASA:
    MASA.append(ingrediente) # la masa queda húmeda.
    #cook(MASA, '20 minutos', 'horno medio')

INGREDIENTES_RELLENO = {'agua':'1 taza', 'maizena':'¼ taza', \
'jugo de limón':'½ taza', 'ralladura de limón':'de 1 limón', 'yemas':3, \


for ingrediente in INGREDIENTES_RELLENO:
    if ingrediente != 'yemas' and ingrediente != 'manteca':
    #estado_relleno = cook(RELLENO, 'hasta que se espese y hierva', \
    #'fuego lento') # hay que revolver constantemente
    #if estado_relleno == 'cooked':
    #    for ingrediente in RELLENO_DESPUES:
    #        RELLENO.append(ingrediente) # continuar revolviendo 2 minutos más

INGREDIENTES_MERENGUE = {'claras':4, 'azúcar':'8 cucharadas'}

for ingrediente in INGREDIENTES_MERENGUE:
    #whisk(MERENGUE) # hasta que se formen piquitos

#cook(LEMON_PIE, 'hasta que se dore el merengue')

Comments (5)

The UTUTO XS Lemote project begins!

This is a quick translation I made of the article that appeared in Ututo’s site:
Thanks to ethana2 for proofreading it.

Some time ago we started toying with the idea of porting our operating system to the new Lemote Yeelong
This computer is characterized by having a completely free hardware design and by not needing any nonfree software components to work.

Unlike other computers we know, it doesn’t use a processor made by the most known companies.
The Lemote company uses a processor developed completely in China, named Loongson. It has a MIPS architecture.

In UTUTO XS, we have had a tradition of development and advocacy of free software for more than 6 years. As the UTUTO project, we thought it would be important to support this hardware starting with version 2010. This would help the spreading of free software and also it would be another choice of operating system for the Lemote computers.

Richard Stallman talked to us about the possibility of getting some Lemote computers as a donation for this project and he put us in contact with the Lemote company in China.

A couple of days later Lemote sent us the Yeelong computers and thanked us for our intention of porting our operating system.

This initiative has the support of institutions that advocate free software and free knowledge.

Among them we can mention:

— Dr. Richard Stallman (father of the free software movement).
— Lemote (Jiangsu Lemote Tech. Co. Ltd, China)
— Free Software Foundation (US)
— Solar (Software Libre Argentina)
— Fundación Instituto de Innovación para el Bienestar Ciudadano (Spain)
— Misol (Misiones Software Libre, Argentina)
— Hipatia (Free Knowledge)
— Asociación de Software Libre de Ecuador (ASLE)
— Fundación Red Especial España

This initiative is the beginning of the project that we internally codenamed “UTUTO XS Lemote”.
The idea is to have an XS system for these computers along with the corresponding updated package repository, just like with the versions for other processors

We think this is an important opportunity to learn and to face the challenge of creating a complete and functional system that would have the user at the core.

Here [0] you can see some pictures of the computers that we’ve got and also how we started the creation of the boot loader of the operating system and the compilation of a basic user system. For the time being we only have a text command line.

We thank all the people who support this project and we will keep you informed with the news on the development of “UTUTO XS Lemote”.


Comments (3)

0c:00.0 Network controller: Broadcom Corporation BCM4311 802.11b/g WLAN (rev 01) take two:

My Broadcom WiFi card is finally working with free software in gNewSense so I decided to make a post to explain how to make that happen for your card as well.

First you need to check your Broadcom WiFi card model: the OpenFWWF site says that 4306, 4311(rev1), 4318 and 4320 are tested and that they work. Not having one of those models is not a reason to try it, though.

Now, you need to install git-core, curl, bison and flex if they are not installed. Get b43-tools ( compile it.
After that’s done compiling (it should take 2 seconds or so), you need to download the firmware. Lastest firmware as of today is 5.2.
Extract the tar.gz and just “make”. When that’s done compiling (it also takes very little time) you’ll have 3 .fw files in your openfwwf directory. Those 3 files need to be copied to /lib/firmware/b43-open/ .

Then you need to install Linux-libre v2.6.30. A neatly packaged image can be found at my friend Ali Gündüz‘s Freedom Shoppe.

After that you need to pass an option to the b43 module. You do that by adding a line that says “options b43 qos=0” (without quotes) to the /etc/modprobe.d/options file. I also added b43 to /etc/modules but that might not be necessary.

Here’s a step by step copypastable list of all the commands for you (you may need to change the version number of the firmware or the kernel, depending on when you read this post; also make sure that WordPress is not using formatted quotation marks):

sudo apt-get install git-core curl bison flex
git clone git://
cd b43-tools/assembler
sudo make install
tar zxvf openfwwf-5.2.tar.gz
cd openfwwf-5.2
sudo mkdir /lib/firmware/b43-open
sudo cp *.fw /lib/firmware/b43-open/
sudo dpkg -i linux-image-2.6.30-libre-fshoppe1_i386.deb
sudo -i
echo “options b43 qos=0 nohwcrypt=1” >> /etc/modprobe.d/options
echo “b43” >> /etc/modules

I restarted and booted with the 2.6.30 kernel and my card was working. dmesg confirmed that I was using the free firmware:

[ 8460.884239] b43-phy0: Loading OpenSource firmware version 410.31754 (Hardware crypto not supported)

I would’ve liked it to say “free software”, just like I would’ve liked the firmware to be called free and not open, but that’s extra.

Enjoy your WiFi with freedom!

EDIT: I updated the openfwwf version to 5.2
EDIT2: updated the git repo for b43-tools

Comments (11)

Watch out, it’s an update

No, I’m not going to explain how to make qemupuppy run. If you need help to make qemupuppy work look for it in the interwebz. I’m also not going to recommend qemupuppy either since it is not a Free OS. If you want a Free OS that runs from a prendrive try FUSBi.

Since my last post a lot of things have changed: I have lost most of my patience (probably all of it) and I decided I won’t be publishing any more tutorials that can be found somewhere else on the web. I also migrated to a 100% free GNU distro: gNewSense (but I am, of course, using KDE). Before gNewSense I was using Debian Lenny, but gave up on it when I discovered that some people were making Debian go against its own DFSG. I’m happy to say that not all the people wanted that, but apparently the ones trying to use the Social Contract and the DFSG as toilet paper (yet again) were the majority.

Now, why did I decide to break the silence and come up with an update after all this time?

I’m sure that by now you can tell this is going be a [long] rant. So… here be tigers:


I want to talk about peer pressure. I have seen a lot of people getting bent by peer pressure to use nonfree software and that makes me angry at the peer preassurers and the peer pressurees but mostly at the latter, because it’s their mental weakness which makes peer pressure so effective with them. I have seen people installing Adobe Flash because they have been told that they __have__to__ watch this or that flash video which refuses to work with swfdec; instead of being strong and not letting their will be broken, they go against their ideals because some people tell them they are stupid and freetarded. Flash video is a horrible format and unless we fight it back it will continue being massively used. People are not aware that their conformism regarding this format doesn’t allow them to see the big picture, that unless someone breaks this vicious circle things are never going to change.

The same thing can be said about Sun’s Java (as opposed to IcedTea), AIM/Windows Live Messenger, Google, Launchpad or Linux (yes, the vanilla Linux kernel is non free, I’m sorry to tell you). Unless more people take action against this, we will only see an increase in the usage of nonfree apps/services.

Comments (1)

Ututo XS 2006 Vivo

I have recently been testing some Lignux distros: it’s not that I’m not happy with Kubuntu it’s just that I want a distro where I’m in more control of the contents installed and since I consider myself a kind of Lignux power user (keywords: “kind of”) I don’t think I really need ‘Linux for Human Beings’.
(Just to be fair, I’m not saying Kubuntu is bad, I’m saying that Kubuntu usually just ends up being Ubuntu’s ugly stepsister).

The lack of more interest on Kubuntu from the developers and the need for a distro that gave me more control made me decide to start trying new distros. It is weird that after so many years of being a Lignux user I only tested 2 distros: Slackware and Kubuntu.

So the first distro I decided to test was Ututo.
Ututo, a small lizard that lives in Salta, Argentina, gave its name to the Ututo project. From the Ututo project came the Ututo GNU/Linux distribution which, to this date, is one of the few that follows the 4 rules of software freedom by RMS.

* The freedom to run the program, for any purpose (freedom 0).

* The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.

* The freedom to redistribute copies so you can help your neighbor (freedom 2).

* The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

Stallman said in an interview:

All of the commercial distributors of the GNU/Linux system going back something like 7 or 8 years, have made a practice of including non free software in their distributions, and this is something I have been trying to push against in various ways, without much success. But, in fact, even the non commercial distributors of the GNU plus Linux operating system have been including and distributing non free software, and the sad thing was, that of all the many distributions, until recently there was none, that I could recommend. Now I know of one, that I can recommend, its called “Ututo-e”, it comes from Argentina. I hope that very soon I will be able to recommend another.

[This interview is a little old, now there’s also gNewSense which is free according to the 4 freedoms.]

Stallman’s support for Ututo is so that Ututo’s ISOs are hosted by FSF.

Ututo comes compiled for many architectures, which makes it faster for most computers. It comes with a choice of KDE, Gnome, IceWM, or Fluxbox and it has Beryl too :S It has its own package manager (uget) and the repos do __not__ include any proprietary software.

Now, what I tried was the Live CD from 2006 not the latest installable version (2007) and the 2006 Live CD comes with Gnome and IceWM. So, in case you were wondering… yes, I have been using Gnome for a while (but if I decide to install Ututo I will install KDE, of course).

I should also point out that Ututo was one of the first distros to produce a working live cd, something that was seemingly impossible at the moment.

Overall I really enjoyed the Ututo experience and I like that it provides the freedom that all the other distros lack. And who needs Flash anyway? Gnash won’t let me watch YouTube videos, but I don’t really care, I can download the FLV and watch the videos with my media player of choice.

Here’s link to a screenshot of the Ututo XS 2006 Vivo. To find out more about the Ututo project (which includes much more than just the GNU/Linux distro) you can visit Ututo’s website.

Comments (3)