Landfill of wisdom

Dumping ground for small tips and big papers

I have been looking for alternatives to Microsoft Money for a while. While annoying to have to keep a virtual Windows machine just for Money (which you can freely download from Microsoft by the way), it was working just great. The features I really liked about it are:

  • Keyboard shortcuts made it very easy to quickly enter multiple entries
  • Importing my monthly credit card statement made it very easy to reconcile and catch any potential errors
  • Easy to get monthly reports about my spending

But then one day the latest import made Money crash and I was forced to look for alternatives.

Gnucash

Pros:

  • easy to match imported transactions to already existing transactions
  • has android app that is easy to import from
  • sufficient support for multiple currencies

Cons:

  • clumsy interface
  • reports are almost unusable
  • OFX support is buggy
    • crashes on legitimate OFX files
    • imported categories from the mobile app create duplicate transactions

Skrooge

Pros:

  • very nice interface
  • automatic download of the latest exchange rates
  • OFX support seems mature
  • reports look nice
  • supports importing Microsoft Money files

Cons:

  • importing OFX creates duplicates
  • importing OFX does not let you pick an account to import into
  • the interface can be overly complicated
  • requires most of KDE

Homebank

Pros:

  • nice interface
  • importing seems mature

Cons:

  • transaction entry screen is uncomfortable (I like to enter directly into the transaction register)

Quicken

Cons:

  • no Linux support
  • not free

Mint.com

Cons:

  • I am not ready to put my finances on the cloud

Grisbi

Cons:

  • It was a long time since I tried it but it seems immature
  • UTF-8 support is lacking

Writing down the username and password for the vivacom ADSL router, in case I need it again.

user: root
pass: warmWLspot

Useful to telnet 192.168.1.1 and then reboot.

Originally found at Neo2SHYAlien blog.

And here I found passwords for other models, just in case.

ZTE ZXDSL 832
username: root
password: GSrootaccess

ZTE ZXDSL 831
username: root
password: GSrootaccess

ZTE
username: root
password: 831access

Huawei SmartAX MT882
username: root
password: MT882rootaccess

ZTE ZXDSL-531b
username: root
password: rootWLaccess

Pirelli – DRG – A124G
username: root
password: warmWLspot

Comtrend CT-5367
username: root
password: warmWLspot

HG530 Home Gateway
username: root
password: warmWLspot

Here is how I managed to get CyanogenMod on my Galaxy S4 – the Japanse DoCoMo model.

Starting back to front, the short version is:

Get the repo command, and get ready to compile CyanogenMod as usual

repo init -u git://github.com/CyanogenMod/android.git -b cm-10.2

Prep the extra repositories needed to compile the Samsung phone model.

$ cat .repo/local_manifests/s4.xml
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
  <project path="device/samsung/jf-common"      name="kbc-developers/android_device_samsung_jf-common"   />
  <project path="device/samsung/jfltedcm"       name="kbc-developers/android_device_samsung_jfltedcm"    />
  <project path="device/samsung/msm8960-common" name="CyanogenMod/android_device_samsung_msm8960-common" />
  <project path="device/samsung/qcom-common"    name="CyanogenMod/android_device_samsung_qcom-common"    />
  <project path="hardware/samsung"              name="CyanogenMod/android_hardware_samsung"              />
  <project path="kernel/samsung/jf"             name="CyanogenMod/android_kernel_samsung_jf"             />
  <project path="kernel/samsung/jfdcm"          name="kbc-developers/android_kernel_samsung_jfdcm" revision="kbc-aosp-jb-mr2" />
  <project path="vendor/samsung"                name="kbc-developers/proprietary_vendor_samsung"         />
</manifest>

Note that I am using a few of the kbc-developers’ repositories. These have important updates for the DoCoMo phone model.

On that note, it doesn’t really matter which kernel is to be used (the jfdcm DoCoMo customized version modded by KBC, or the official jf version), but I thought I’d go go with KBC’s one, since it had some updates for the NFC, and I was hoping to get the NFC working.

As I was trying to replicate the binary releases that KBC published, I also had to disable SELINUX by adding the following line to device/samsung/jfltedcm/BoardConfig.mk:

TARGET_KERNEL_SELINUX_CONFIG :=

And to actually allow the boot partition to be flashed, I had to register my phone’s bootloader in device/samsung/msm8960-common/loki_bootloaders. Just append this text to the file:

# DoCoMo
bootloader=SC04EOMUAMDI
bootloader=SC04EOMUAMF1

Once all this is done, building CyanogenMod as usual worked just fine. I source the following file to do the trick, where $HOME/android/cm-10.2 is where I ran the repo init command:

export USE_CCACHE=1
export CCACHE_DIR=$HOME/android/ccache
export OUT_DIR_COMMON_BASE=$HOME/android/out
export PATH=$PATH:$HOME/android/bin
export ANDROID_JAVA_HOME=/etc/java-config-2/current-system-vm
export CM_BUILDTYPE="chutz"
cd $HOME/android/cm-10.2
. build/envsetup.sh
breakfast jfltedcm
TOP=$T

Inside $HOME/android/bin I keep a copy of the repo command itself.

External links I found useful

I struggled for a week having udev (on CentOS 6.3) do all kinds of silly things with the interfaces names on a server with 4 onboard 1G interfaces, an 2 dual port Mellanox ConnectX-3 cards. The short story is that udev was trying to preserve the names of the interfaces to be consistently numbered starting from eth0 and ending with eth7.

The problem: the modules for the network cards do not always get probed/loaded in the same order. Udev does the module loading automatically and considering how heavily parallel it is, if the Mellanox driver gets loaded first and the onboard tg3 driver second, udev tries to swap eth eth0-eth3 interfaces with eth4-eth7. Most of the time this leaves a huge mess behind.

I followed RedHat’s advice to stop using the “eth” names but even then udev failed to rename one or two of the eth interfaces most of the time.

Here comes the solution. Modify the 70-persistent-net.rules that udev generates, and add an extra rule for each matching interface with the following action:

IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"

This will delay the rule that actually does the renaming slightly, and will also make sure that the kernel only renames one network interface at a time. I have not checked if the delay is really necessary, but I certainly don’t mind it. In the end the rules file would look something like this:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:33", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:33", ATTR{type}=="1", KERNEL=="eth*", NAME="nic0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:34", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:34", ATTR{type}=="1", KERNEL=="eth*", NAME="nic1"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:35", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:35", ATTR{type}=="1", KERNEL=="eth*", NAME="nic2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:36", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="d4:ae:52:93:12:36", ATTR{type}=="1", KERNEL=="eth*", NAME="nic3"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:69:20", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:69:20", ATTR{type}=="1", KERNEL=="eth*", NAME="nic4"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:69:21", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:69:21", ATTR{type}=="1", KERNEL=="eth*", NAME="nic5"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:6b:20", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:6b:20", ATTR{type}=="1", KERNEL=="eth*", NAME="nic6"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:6b:21", ATTR{type}=="1", KERNEL=="eth*", IMPORT{program}="/usr/bin/flock -x %r/.udev/udev-ifrename.lock /bin/sleep 0.2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:02:c9:3f:6b:21", ATTR{type}=="1", KERNEL=="eth*", NAME="nic7"

And I have had no more problems with interfaces not getting renamed, even when the driver loading order would have otherwise made a mess:

$ dmesg | grep renamed
[   14.587586] udev: renamed network interface eth3 to nic3
[   14.773540] udev: renamed network interface eth2 to nic2
[   19.248634] udev: renamed network interface eth2 to nic4
[   19.449075] udev: renamed network interface eth4 to nic6
[   19.649381] udev: renamed network interface eth1 to nic1
[   19.850040] udev: renamed network interface eth3 to nic5
[   20.050527] udev: renamed network interface eth5 to nic7
[   20.250786] udev: renamed network interface eth0 to nic0

Especially in a Japanese windows, after changing the system language from Japanese to Bulgarian (or any other Cyrillic language), the letters used for some system dialogs would be displayed in full width font making it at times almost unreadable. There is no obvious place to change those fonts, and the only help is in the registry itself. Navigate to this key in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

And change the values for MS Shell Dlg and MS Shell Dlg 2 to a non-Japanese font (the default MS Sans Serif and Tahoma are actually pretty good). You can also try Arial Unicode MS if you still care about Japanese characters. There is a more detailed explanation at this page.

I am getting way too lazy for my own good. After my latest trip I now want to share my photos with friends and family, and I am trying to decide how to easily to this. And since I couldn’t really decide on what I need, I decide to list (mostly for myself) what I am looking for in a photo sharing service.

  • ability to upload original images, so people can download and print photos at decent quality (12M resolution to be allowed)
  • decent space available – my average photo size is 5MB
  • organize photos in albums, many albums
  • privacy – I certainly do not want to make all my photos visible to the whole world
  • ability to share with non-account holders – I want to be able to send an email with a link to the album and not impose on my relatives to have to sign up for yet another service they may or may not need

I will be trying out the two big players – Picasa and Flickr in the coming days and update this post with my findings.

I’ve been struggling with a wireless SBG900 for a couple of hours now. The interface looks fine (as far as wireless router interfaces go) and I had the simple setting up WPA security on this router. The higher security setting was supposed to replace the current no password + MAC restriction setup.

The bottom line is that after removing the registered MAC addresses the router simply refused connections from all clients. And the best part is that nowhere in the interface I could find a clicky button to enable it.

Motorola SBG900J Wireless security dialog

There is no place to disable the MAC filter

Tamper Data to the rescue. Click “Apply” and just change the value of the Wireless.EnableAllowAccess.enableAllowAccess parameter to 0. Works fine now.

My brand new pair of disks in a setup that would otherwise work perfectly fine, decided to keep giving me headache. There are only two disks in the machine, partitioned in three, with the first two pairs of partitions in a RAID1 array. And every now and then one of the disks would disappear from the system, then re-appear with a different drive letter (e.g. sda would become sdc). Obviously the disk would get kicked out of the RAID, but I can then add it back and wait for the 1.5TB partition to sync back the RAID. The errors look like this:

Oct 29 03:44:59 lion kernel: ata1.00: n_sectors mismatch 3907029168 != 268435455
Oct 29 03:44:59 lion kernel: ata1.00: revalidation failed (errno=-19)
Oct 29 03:44:59 lion kernel: ata1.00: limiting speed to UDMA/133:PIO2
Oct 29 03:44:59 lion kernel: ata1: hard resetting link
Oct 29 03:44:59 lion kernel: ata1: nv: skipping hardreset on occupied port
Oct 29 03:45:00 lion kernel: ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
Oct 29 03:45:00 lion kernel: ata1.00: failed to IDENTIFY (INIT_DEV_PARAMS failed, err_mask=0x80)
Oct 29 03:45:00 lion kernel: ata1.00: revalidation failed (errno=-5)
Oct 29 03:45:00 lion kernel: ata1.00: disabled
Oct 29 03:45:00 lion kernel: sd 0:0:0:0: rejecting I/O to offline device
Oct 29 03:45:00 lion kernel: sd 0:0:0:0: rejecting I/O to offline device
Oct 29 03:45:00 lion kernel: sd 0:0:0:0: rejecting I/O to offline device
Oct 29 03:45:00 lion kernel: end_request: I/O error, dev sda, sector 206856
Oct 29 03:45:00 lion kernel: md: super_written gets error=-5, uptodate=0
Oct 29 03:45:00 lion kernel: md/raid1:md127: Disk failure on sda2, disabling device.
Oct 29 03:45:00 lion kernel: <1>md/raid1:md127: Operation continuing on 1 devices.
Oct 29 03:45:00 lion kernel: ata1: hard resetting link
Oct 29 03:45:00 lion kernel: RAID1 conf printout:
Oct 29 03:45:00 lion kernel: --- wd:1 rd:2
Oct 29 03:45:00 lion kernel: disk 0, wo:1, o:0, dev:sda2
Oct 29 03:45:00 lion kernel: disk 1, wo:0, o:1, dev:sdb2
Oct 29 03:45:00 lion kernel: RAID1 conf printout:
Oct 29 03:45:00 lion kernel: --- wd:1 rd:2
Oct 29 03:45:00 lion kernel: disk 1, wo:0, o:1, dev:sdb2
Oct 29 03:45:01 lion kernel: ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
Oct 29 03:45:01 lion kernel: ata1.00: ATA-8: WDC WD20EARS-00MVWB0, 51.0AB51, max UDMA/133
Oct 29 03:45:01 lion kernel: ata1.00: 3907029168 sectors, multi 1: LBA48 NCQ (depth 0/32)
Oct 29 03:45:01 lion kernel: ata1.00: configured for UDMA/133
Oct 29 03:45:01 lion kernel: ata1: EH complete
Oct 29 03:45:01 lion kernel: ata1.00: detaching (SCSI 0:0:0:0)
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: [sda] Synchronizing SCSI cache
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: [sda] Stopping disk
Oct 29 03:45:01 lion kernel: ata2.00: configured for UDMA/133
Oct 29 03:45:01 lion kernel: ata2: EH complete
Oct 29 03:45:01 lion kernel: scsi 0:0:0:0: Direct-Access     ATA      WDC WD20EARS-00M 51.0 PQ: 0 ANSI: 5
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: [sdd] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: [sdd] Write Protect is off
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: [sdd] Mode Sense: 00 3a 00 00
Oct 29 03:45:01 lion kernel: sd 0:0:0:0: [sdd] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
Oct 29 03:45:02 lion kernel: ata3.00: configured for UDMA/133
Oct 29 03:45:02 lion kernel: ata3: EH complete
Oct 29 03:45:02 lion kernel: EXT4-fs (dm-4): re-mounted. Opts: acl,user_xattr,commit=0
Oct 29 03:45:02 lion kernel: sdd: sdd1 sdd2 sdd3
Oct 29 03:45:02 lion kernel: sd 0:0:0:0: [sdd] Attached SCSI disk

I found a few similar issues in RedHat’s bugzilla and in the Ubuntu forums.

And I even tried their advice. I added sata_nv.swncq=0 to me kernel line, which did not help at all. I tried replacing the SATA cables with quality cables, and that didn’t help either. Then I forced the SATA link speed to 1.5G and now I have been running for more than a week with no problems with the disks. My command line currently looks like this and everything is happy:
$ cat /proc/cmdline
BOOT_IMAGE=/kernel-genkernel-x86_64-2.6.36-y4 root=/dev/mapper/lionvg-root ro dolvm domdadm nmi_watchdog=0 max_loop=32 sata_nv.swncq=0 libata.force=noncq,1.5G

After I left a loop moving the data from my LVM2 LVs to a new raid1 array overnight (I wanted to also reorder the LVs physically at the beginning of the disk) I came back in the morning to see that one of the moves had hung. I killed it, and the loop kept going. Unfortunately something had already gone wrong and I had to issue pvmove –abort to get things in order. And that almost worked, except I started getting these:

> sudo lvs --all
Number of segments in active LV pvmove0 does not match metadata
Number of segments in active LV pvmove0 does not match metadata
LV          VG     Attr   LSize   Origin Snap%  Move Log Copy%  Convert 
download    lionvg -wi-ao 200.00g
home        lionvg -wi-ao 100.00g
kvmpool     lionvg -wi-ao  50.00g
opt         lionvg -wi-ao  15.00g
[pvmove0]   lionvg p-C-a-      0
repos       lionvg -wi-ao   2.00g
root        lionvg -wi-ao   4.00g 
usr         lionvg -wi-ao  20.00g
var         lionvg -wi-ao  20.00g

I was furthermore unable to destroy or make inactive that stale pvmove0 logical volume:

> sudo lvchange -an lionvg/pvmove0
  Unable to change pvmove LV pvmove0
  Use 'pvmove --abort' to abandon a pvmove

The recommended way of using vgcfgrestore to restore the metadata from backup is not something to do because I managed to actually modify my LVs before deciding to work on this issue.

The solution is, however, hidden in the advice above. Just use vgcfgbackup to get an up to date backup of your metadata, then edit the file, delete the section about the stale pvmove0 and restore the edited backup with vgcfgrestore.

My bank uses client SSL certificates + a single-password token for authentication. Unfortunately, the latest Firefox gives me this error:

Secure Connection Failed

An error occurred during a connection to secure.example.com.

Renegotiation is not allowed on this SSL socket.

(Error code: ssl_error_renegotiation_not_allowed)

The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

A workaround, which I do not recommend, as pointed out here, is to set security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref from about:config to true.

A more correct solution would be to read up on the decision to disable the feature, and then just add your server to the security.ssl.renego_unrestricted_hosts configuration value instead.