Gnome Slideshow Screensaver Sanity, Take 2

Last year, I wrote about how to achieve [Gnome Slideshow Screensaver Sanity](http://jaredrobinson.com/blog/?p=106). I’ve recently upgraded to Fedora 11, and I noticed that GLSlideshow isn’t installed by default (maybe it never was), and I wondered if I could alter the settings for gnome slideshow. By default, it uses pictures out of the $HOME/Pictures folder, and there’s no way in the user interface to change that location, which can be frustrating. Here’s how I worked around it. Note the use of the `–location` option, and that I changed my `Name=` setting.

– `cp /usr/share/applications/screensavers/personal-slideshow.desktop ~/.local/share/applications/my-slideshow.desktop`
– `gedit ~/.local/share/applications/my-slideshow.desktop`


[Desktop Entry]
Encoding=UTF-8
Name=Custom Photos
Exec=/usr/libexec/gnome-screensaver/slideshow --location=/home/images/Photos
TryExec=/usr/libexec/gnome-screensaver/slideshow
StartupNotify=false
Terminal=false
Type=Application
Categories=GNOME;Screensaver;
OnlyShowIn=GNOME;

Go into the screensaver preferences (System -> Preferences -> Screensaver), and select “Custom Photos”. There’s no way to customize the duration to display each photo, but at least I don’t have to settle for Gnome’s default location.

Fedora 10 lacks “wow” appeal; OpenSolaris 11

I upgraded one of my machines to Fedora 10 last month, and for me, this release lacks the “wow” appeal that other releases have had. A minor annoyance is that the keyboard repeat delay [is broken](https://bugzilla.redhat.com/show_bug.cgi?id=475747) for me and so far, there is no fix other than disabling keyboard repeat. On the plus side, Fedora 10 includes OpenOffice.org 3 and other [new](http://fedoraproject.org/wiki/Releases/10/ReleaseSummary) [features](http://www.heise-online.co.uk/open/features/print/112093). Be sure to check out the [Common Issues](http://fedoraproject.org/wiki/Bugs/F10Common) people have experienced with Fedora 10.

The other day, a co-worker handed me an OpenSolaris 11 Live CD. I booted it, expecting to be underwhelmed like I was with the Solaris 10 JavaDesktop. I was pleasantly surprised, however. Sun’s “Nimbus” GNOME theme knocks the socks off of the boring Fedora window manager themes. The experience felt like I was running Linux. It was responsive, supported my newer hardware, and the system was built with GNU utilities on the command line so I get my favourite options to ‘ls’, ‘grep’, etc. It supported my NVidia card out-of-the box, and had Compiz eye-candy as an option. The only thing I missed (in my superficial test) was the familiar ‘yum’ and ‘rpm’ for package management. I suspect that if I used it from day to day, I’d find other things I miss. Does OpenSolaris support encrypted file systems? Does it have as much optional software as I can get with Fedora Extras?

I’ll keep my eye on [OpenSolaris](http://www.opensolaris.com/) a little more closely in the future.

HP xw4600: HOWTO enable hardware virtualization

How to enable Intel hardware virtualization on an HP xw4600:

* Boot into the hardware BIOS setup
* Got to Security -> System Security
* Enable both types of virtualization (VTx and VTd)
* Save settings, and power-cycle the machine.

I’m running Linux, Fedora 9, and using KVM, so I run the following:

modprobe kvm-intel

Loading that module will fail if hardware virtualization isn’t enabled.

Transferring a linux hard drive to a new machine

For over a year, I’ve endured a development machine that would lock up under heavy disk I/O. Yesterday, I apparently complained loudly enough that I was given a new machine to replace it. I didn’t want to reinstall Fedora 9, so I transferred my old hard drive to the new machine, as the primary drive. To get it to boot and function properly, here’s what I did:

* Booted with the Fedora 9 install CD into “rescue mode”
* Ran the following commands once I had a shell:

mount –bind /dev /mnt/sysimage/dev
mount –bind /sys /mnt/sysimage/sys
chroot /mnt/sysimage
mv /boot/initrd-2.6.25…i686.img /boot/initrd-2.6.25…i686.img.orig
mkinitrd /boot/initrd-2.6.25…i686.img 2.6.25…i686

* Then I ran ‘grub’, and typed the following:

root (hd0,0)
setup (hd0)
quit

* Ejected the install CD, and rebooted. Once booted, I noticed that my network cards weren’t set up quite right. My new network card was listed as “eth2” in system-config-network, and I didn’t actually have cards for the listed “eth0” and “eth1” interfaces anymore. I didn’t know what file to change to get my new card listed as “eth0”, so I ran the following command to find out what files I might need to edit:

find /etc -type f -print0 | xargs -0 grep “eth[01]”

That command listed the following files, among others:

* /etc/udev/rules.d/70-persistent-net.rules
* /etc/vmware/locations

I edited /etc/udev/rules.d/70-persistent-net.rules and ripped out the assignments for my old NIC interfaces, and set the new one to be “eth0”, then rebooted and used `system-config-network` to set up my network.

When I ran my VMware guest, VMware Server gave me an error message about not being able to use bridged mode for the selected interface. With my old computer, VMware had used eth1 for bridged networking, and I didn’t have an “eth1” interface anymore. I edited /etc/vmware/locations and changed “eth1” to “eth0”, and restarted vmware. This time, bridged mode worked correctly.

xguest

I just discovered and installed the _xguest_ package for Fedora 8 and 9. Here’s what it does:

> Installing this package sets up the xguest user to be used as a temporary account to switch to or as a kiosk user account. The account is disabled unless SELinux is in enforcing mode. The user is only allowed to log in via gdm [or the fast-user-swiching applet]. The home and temporary directories of the user will be polyinstantiated and mounted on tmpfs.

Here’s how to install it:

yum install xguest

I hit a brick wall when I first tried it. I thought my machine was in SELinux Enforcing mode, when it wasn’t — it was in Permissive mode. I fixed it using system-config-selinux.

It’s possible to change what the xguest user can do using system-config-selinux. I’ve attached a screenshot showing what capabilities can be granted or revoked.

SELinux Administration for xguest user

Fedora 9 and the OpenJDK

Java development is getting easier under Linux because of Sun’s OpenJDK, which linux distributors like Fedora now include. No more need to go through the hassle of downloading it from Sun. Here’s how I installed it.

yum install java-1.6.0-openjdk-devel java-1.6.0-openjdk-javadoc java-1.6.0-openjdk-plugin

A downside is that the default fonts in some Java applications, like IntelliJ IDEA, look terrible. Fedora 9 includes the RedHat Liberation fonts, which stand in for Microsoft fonts. I went into IDEA’s configuration, and changed the default font from “Arial” to “Liberation Sans”. IDEA’s visual appearance is nearly, but not completely, _fontastic_ compared to what it was before.

Fedora 9, NVidia, VMWare Server

I’ve upgraded four systems to Fedora 9 in the past couple of weeks. For those that have NVidia cards, it was a bumpy ride until NVidia released a [new driver](http://www.nvidia.com/object/linux_display_ia32_173.08.html). To install it as a pre-built RPM package, see [this blog post](http://nareshv.blogspot.com/2008/04/fedora-9-rawhide-and-latest-nvidia-179.html).

For the system that runs VMWare Server, it was necessary to [upgrade to version 1.0.6](http://www.howtoforge.com/vmware-server-installation-on-a-fedora9-desktop), which supports the 2.6.25 kernel shipped with Fedora 9.

NoMachine NX, Fedora 9 and SELinux

I upgraded from Fedora 7 to Fedora 9 using [preupgrade](http://fedoraproject.org/wiki/PreUpgrade), and then I couldn’t connect to the [NoMachine NX Server](http://www.nomachine.com/). It’s due to SELinux, again (I [wrote about this earlier](http://jaredrobinson.com/blog/?p=89)). The approach to solve it is still the same, although the policy is different:

Here’s what my audit.log messages looked like:

May 30 07:48:03 localhost kernel: type=1400 audit(1212155283.470:7): avc: denied { getattr } for pid=876 \
comm=”sshd” path=”/usr/NX/home/nx/.ssh/authorized_keys2″ dev=sda2 ino=70976 \
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file \
May 30 08:22:35 localhost kernel: type=1400 audit(1212157355.873:9): avc: denied { read } for pid=872 \
comm=”sshd” name=”authorized_keys2″ dev=sda2 ino=70976 \
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file

Here’s how I created and inserted the policy:

cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M nx
semodule -i nx.pp

And here’s the nx.te file:

module nx 1.0;
require {
type sshd_t;
type usr_t;
class file { read getattr };
}
#============= sshd_t ==============
allow sshd_t usr_t:file { read getattr };

What programs are listening to the network?

Sometimes, I’d like to know what programs on my system are listening to the network, and to quote the Perl motto, “there’s more than one way to do it”. On Linux, there’s `lsof -Pi` and `netstat -p`. On Windows XP and Vista, there’s the built-in `netstat -b[v] -a` and a separate utility called [tcpview](http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx). I’ve included example usages and outputs.

__lsof__ (Linux)

sudo lsof -Pni

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
python 1886 root 4u IPv4 6621 TCP 127.0.0.1:2207 (LISTEN)
cupsd 1898 root 3u IPv4 6663 TCP 127.0.0.1:631 (LISTEN)
cupsd 1898 root 4u IPv6 6664 TCP [::1]:631 (LISTEN)
cupsd 1898 root 6u IPv4 6667 UDP *:631
sshd 1912 root 3u IPv4 6711 TCP *:22 (LISTEN)
httpd 20084 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20085 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20086 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20087 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20088 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20089 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20090 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20091 apache 4u IPv6 7293 TCP *:80 (LISTEN)

__netstat__ (Linux)

sudo netstat -lp –inet –numeric-hosts

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1912/sshd
tcp 0 0 127.0.0.1:ipp 0.0.0.0:* LISTEN 1898/cupsd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 1886/python
udp 0 0 0.0.0.0:ipp 0.0.0.0:* 1898/cupsd

Where’s `httpd`? It should be there, and it is, when I exclude the `–inet` option:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::http :::* LISTEN 2038/httpd
tcp 0 0 ::1:ipp :::* LISTEN 1898/cupsd

__TcpView__ (Windows)

[Download](http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) and start TcpView. From the menu, choose File > Save. Here’s the output from the file.

Process Protocol Local Address Remote Address State
svchost.exe:1064 TCP jareds-xp:epmapi jareds-xp:0 LISTENING
System:4 TCP jareds-xp:microsoft-ds jareds-xp:0 LISTENING
svchost.exe:976 TCP jareds-xp:3389i jareds-xp:0 LISTENING
nxssh.exe:2032 TCP jareds-xp:11000 jareds-xp:0 LISTENING

__netstat__ (Windows)

Note that this runs quite slowly on Windows.

netstat -bva

Active Connections

Proto Local Address Foreign Address State PID
TCP jareds-xp:epmap jareds-xp.mydomain.com:0 LISTENING 1064
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP jareds-xp:microsoft-ds jareds-xp.mydomain.com:0 LISTENING 4
— unknown component(s) —
[System]

TCP jareds-xp:3389 jareds-xp.mydomain.com:0 LISTENING 976
— unknown component(s) —
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP jareds-xp:11000 jareds-xp.mydomain.com:0 LISTENING 2032
[nxssh.exe]

TCP jareds-xp:3389 jareds-xp.mydomain.com:0 LISTENING 976
— unknown component(s) —
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

Read Office 2007 documents on Linux

I’ve had a few occasions where I’ve needed to read Microsoft Office 2007 documents, even though I don’t have Office 2007. There are several approaches.

Office 2007 stores it’s files and a zip archive, with xml files inside. This means that they’re somewhat human readable. I’ve used unzip to extract the file, and poked around until I found the xml file that represented the document (word/document.xml for docx). This works fairly well for Word and Power Point documents, but I’m not so sure that it would be good for Excel files.

Novell has provided a [converter](http://odf-converter.sourceforge.net) that converts Office 2007 documents to Open Office documents, and allows Office 2007 to save in Open Office format. The command line converter appears to work well, in my limited experience. Thanks to [this blog post](http://www.oooninja.com/2008/01/convert-openxml-docx-etc-in-linux-using.html), here’s how I installed it on a Fedora/RedHat system:

* “mkdir converter“
* “cd converter“
* “wget http://download.go-oo.org/red-carpet/ooo-680/sled-10-sp-i586/odf-converter-1.1-7.i586.rpm“
* “rpm2cpio odf-converter*rpm | cpio -ivd“
* “sudo cp usr/lib/ooo-2.0/program/OdfConverter /usr/local/bin“
* “cd ..“
* “rm -rf converter“

Run it as follows:

* “OdfConverter /i example.docx“

Windows users with MS Word 2000, 2002 or 2003 can install the [Microsoft Office Compatibility Pack](http://office.microsoft.com/en-us/word/HA100444731033.aspx). For those without MS Word, there’s the read-only [word viewer](http://www.microsoft.com/downloads/details.aspx?FamilyId=3657CE88-7CFA-457A-9AEC-F4F827F20CAC&displaylang=en)

Mac OS X Tiger office applications reportedly open Office 2007 documents.

Mac, Linux and FreeBSD users can use an online document conversion service such as [http://www.docx2doc.com/](http://www.docx2doc.com/) and [http://docx-converter.com/](http://docx-converter.com/) — with the caveat it may be unwise to submit confidential or proprietary documents to a third party.