Brother QL-810W on Ubuntu 18.04

Although Brother states that Linux is supported for the QL-810W and they even provide a driver package, installing and using the Brother QL-810W on Ubuntu (and probably other modern Linux OSes) can be a little tricky.

First, download the Debian package and install it from the command line with

sudo dpkg -i --force-all ql810wpdrv-<version>.i386.deb

That adds the QL810W printer as a local USB printer. If you would like to print via network, open the Advanced Printer Settings and change and adjust the Device URI in the printer’s properties.

While you are in that properties dialog, go to Printer Options and select the correct Media Size (This is the most important setting of all!).If you want to make sure that the borders of your labels remain as defined in your application, set Trim tape under Cut Option to Off.

Network Protocols

Since I am not fan of black magic like Zeroconf, Avahi, mDNS, I have only kept

Web Based Management (Web Server)
IPP
SNTP

enabled on the Network > Protocol page in the printer’s web management tool.

Label Sizes

For some reason, the “length” of a label cannot exceed 10cm on Linux although continuous labels are used and correctly selected in the printer properties. If you would like to print out larger labels, you need to add custom label sizes with the corresponding tool that comes with the driver package:

sudo brpapertoollpr_ql810w -P QL810W -n "62mmx190mm" -w 62 -h 190
sudo brpapertoollpr_ql810w -P QL810W -n "38mmx190mm" -w 38 -h 190

I used the above two for creating labels for Leitz folders with OpenOffice Draw.

AppArmor

In Brother’s FAQ there is an entry regarding AppArmor and setting the mode to complain for the CUPS service if printing does not work. In my case printing works flawlessly if the setting remains in enforce mode. So for security reasons, I would not recommend to change it to complain.

SSH Agent on WSFL

To automatically spawn an ssh-agent when starting the first Bash instance, and otherwise re-register a running ssh-agent in the Windows Subsystem for Linux, append the following lines to your .bashrc. Kudos to Mathew Johnson!

# wsfl bash is not a login shell
if [ -d "$HOME/bin" ] ; then
  PATH="$HOME/bin:$PATH"
fi
 
# ssh-agent configuration
if [ -z "$(pgrep ssh-agent)" ]; then 
  rm -rf /tmp/ssh-*
  eval $(ssh-agent -s) > /dev/null
else
  export SSH_AGENT_PID=$(pgrep ssh-agent)
  export SSH_AUTH_SOCK=$(find /tmp/ssh-* -name agent.*)
fi
 
if [ "$(ssh-add -l)" == "The agent has no identities." ]; then
  ssh-add
fi

Running a limited number of scripts in parallel from Bash

Imagine you have a text file with a single parameter for another script on each line, but you want to speed things up. Instead of writing an overly complicated wrapper script, as I did a few times in the past, you could just use xargs. It comes equipped with everything needed for this task. The following example assumes, that for each parameter in parameters.txt the command MyFancyScript.py should be executed, with no more than 20 processes at the same time:

cat parameters.txt | xargs -n 1 -P 20 MyFancyScript.py

I guess it’s not hard to figure out that -P is the magic switch to allow multiple instances to be executed at the same time.

Why isn’t the full certificate chain provided by my web server?

Good question, simple answer though: Probably you’re still on Ubuntu 14.04 (Trusty) and thus your Apache version is too old (2.4.7) and does not provide the full certificate chain from the file specified as SSLCertificateFile. The nasty thing: It does not throw a warning nor an error; not on the console nor in the error.log.

Solution: Use the SSLCertificateChainFile option instead to point to the intermediate certificates of your CA.

But watch out when you update your server: SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

Xubuntu/XFCE to Ubuntu/Unity

I finally made it and switched from Xubuntu/XFCE to plain Ubuntu/Unity after I bought a new laptop for my parents, which forced me to finally choose a desktop environment that I want to support for my family and friends in the next years. I have to say that after using Unity a couple of hours, it turns out to be not as bad as I always thought. So basically it’s like every time there is something new that feels like it just wants to break your habits: first you hate it, then you accept it and at some point you begin to love it. Now, after switching my own laptop, my workstation at work and my parents desktop PC to Ubuntu/Unity, I am getting closer to “lovin’ it”.

All that does not mean that I was unhappy with Xubuntu/XFCE ever, but in the last years its main purpose was to provide me a way to stick with a Gnome 2ish desktop environment, just because I did not want to change my own, maybe bad habits. Unity without additional tweaking is great for the normal user and with its lightweight menus and highly integrated apps, it just does its job. With some minor adjustments it works perfectly well for advanced users like me. Compiz Settings Manager and Unity Teak Tool (PPA version) are very helpful if you want to improve your Unity experience and I highly recommend to have a look at them, even if you think that the defaults already provide a decent user experience.

BTW: There is no need to re-install you system. If you want to switch from any Ubuntu flavor back to pure Ubuntu, check out Psychocats’ Pure Ubuntu 14.04 post

Getting Webcam of Dell M1330 running

In order to get the webcam running that is identified by lsusb as

Bus 002 Device 003: ID 05a9:7670 OmniVision Technologies, Inc. OV7670 Webcam

you just have to enable quirks mode for the uvcvideo kernel module:

echo "options uvcvideo quirks=0x100" > /etc/modprobe.d/uvcvideo.conf

After that, reboot or reload the kernel module (sudo rmmod uvcvideo && sudo modprobe uvcvideo). This seems to work on most recent Linux distributions and has been tested by myself on Xubuntu 14.04. If not, check that a corresponding video device has been created. More details about that issue (which I had not), can be found in a post on marvin.im (German only)

Mailserver Reloaded – Step 1

To reproduce the latest setup of my email server and being able to work on this series of posts as promised months ago, I created a new LXC container with Debian Wheezy first. As LXC is not part of this series, no further details about it are provided here.

Like always, the first thing to do on a brand new machine is checking for the latest updates:

apt-get update && apt-get dist-upgrade

First we need to install a mail transfer agent (MTA), which in our case will be Exim. As some enhanced capabilities, such as SASL authentication are required, the Debian package exim4-daemon-heavy must be installed:

apt-get install exim4-daemon-heavy

Given that we are going to manually create an Exim configuration from scratch later, answers to configuration related questions during the installation process are irrelevant to this setup.

Now that our machine has an MTA installed, MySQL server can be installed:

apt-get install mysql-server

Hint: If you try to installed MySQL server before an MTA is installed, Debian might choose an other MTA than Exim to fulfill MySQL’s requirements. This may lead to additional, unnecessary steps or even a configuration conflict that you would have to resolve when installing Exim.

After that, Dovecot can be installed with the following command:

apt-get install dovecot-core dovecot-mysql dovecot-lmtpd dovecot-imapd dovecot-sieve dovecot-managesieved

Additionally to the more or less obvious packages dovecot-mysql, dovecot-lmtpd and dovecot-imapd, the packages dovecot-sieve and dovecot-managesieved are also installed, so that server-side filtering based on Sieve is possible. Roundcube has some great plugins to create and manage Sieve filter rules.

Talking about Roundcube: This is the last of piece we have to install, before we can glue everything together. Though I generally prefer distribution packages, I mostly end up with installing software manually when in comes to web applications. As Roundcube is written in PHP, we need web server that is capable of executing PHP scripts. For simplicity we choose Apache plus the appropriate PHP 5 module in this howto:

apt-get install libapache2-mod-php5

That’s it for the first step. All required software is installed, so we can proceed with the configuration of each in the next step.

Mailserver Reloaded – The Idea

It has been a while since the last big update of my email server configuration. For years it has been running solid as a rock based on Exim/Dovecot with a LDAP-backed configuration.

You may ask: Why change a running system?

One of the things that bugged me for months, was the fact that I am using self-signed certificates on that server. That means that all email clients have been set to accept ANY SSL certificate without further checks (at least manual pinning or something would be great). So any evil hacker in a public WiFi network could use SSL interception to get my username and password. To eliminate this risk, replacing the self-signed certificate with ones signed by a well-know CA (I’d never call them trustworthy!) would probably be enough, but who really wants such a simple solution?

So additionally to replacing the self-signed certificates, I decided to add some extra security by implementing application-specific passwords. Google user’s may already now how they work, for all others here comes a little introduction: Application-specific passwords allow users to create unique passwords for each application that is interacting with your email server. That means that regular user passwords, that are often used for other services as well, must neither be stored in email clients nor will they ever get transferred via SMTP, IMAP or POP3. The whole setup could even be hardened more, by creating a whole new username-password combination for each application, but that seems to be a little over the top to me.

As I also wanted to easily support multiple email domains in the future, I completely moved away from the LDAP backend, that was a partly replication of my LDAP database I use at home for authentication the accounts of my family, to a MySQL-backed setup. To reduce complexity and be more flexible in the future, I also made Dovecot my MDA (LMTP) and authentication service (SASL).

One thing that I also had to solve was the problem that no tools exist to allow users the management of their application-specific passwords. As I am using Roundcube Webbmail for years now and still more than happy with it, I decided to use Roundcube as the one and only tool that I provide users for managing their email settings, including the application-specific passwords. A corresponding plugin was therefore developed by me and has been published on GitHub in the meanwhile. Access to Roundcube is possible only with the normal user passwords BUT requires the use of one-time-passwords created with Google Authenticator (or compatible).

Now you know what I did and why I did it. I know that you now want to know how I actually implemented that setup, but unfortunately you must be patient. I’ll reproduce the setup in a brand new LXC container in order to provide a series of blog posts with precise information how to set this up on your own within the next two weeks. So stay tuned!

Migrating from KVM to LXC

After I had to replace the mainboard of my HTPC, on which also two other virtual machines were running on KVM, the kvm_amd module crashed on every boot on the replacement hardware. Though KVM still worked, I don’t like to see any modules crashing on boot. I began asking myself whether I really need full KVM virtualization or if some kind of container based virtualization would do a good or even better job for me.

After reading into the pros and cons of different solutions, I concluded that LinuX Containers (LXC) should probably first choice for me. As the HTPC is running on Ubuntu 12.04, which also has Apparmor profiles that enhance the security of LXC’s weak security concept, I actually decided to continue with LXC.

I don’t want to explain how to install LXC, because this is already covered by many other sites. The only thing that I found which is not covered well enough, is the conversion of machines from KVM (or similar) to LXC. In my case the KVM guests where using RAW disk images, so I am exclusively focusing on converting such below.

Step 1 – Prepare the rootfs folder

First, the new target folder for the root file system of the LXC guest must be created.

mkdir -p /var/lib/lxc//rootfs

Step 2 – Mount the RAW image

Then the RAW disk image must be mounted to access the files. In my case the disk contained only one partition. Modify the mount command may be necessary.

kpartx -a mount /dev/mapper/loop0p1 /mnt

Step 3 – Copy files to rootfs

Now that the content of the RAW image can be accessed, the files can be copied into the new rootfs folder created in step 1. I have been using the below command for years, to create more or less exact copies:

cd /mnt find . -xdev | cpio -pmv /var/lib/lxc//rootfs

Step 4 – Modify the configuration

Now comes the trickiest part: The configuration of the new machine must be modified, otherwise it is unlikely that it will boot successfully. Most required changes can be extracted from the template files in /usr/lib/lxc/templates/, which are typically used for the creation of new machines. Below are the modification for Debian machines, which worked perfectly well for Debian Lenny (shame in me) and Squeeze.

rootfs=/var/lib/lxc//rootfs


cat < $rootfs/etc/inittab

id:2:initdefault:

si::sysinit:/etc/init.d/rcS

l0:0:wait:/etc/init.d/rc 0

l1:1:wait:/etc/init.d/rc 1

l2:2:wait:/etc/init.d/rc 2

l3:3:wait:/etc/init.d/rc 3

l4:4:wait:/etc/init.d/rc 4

l5:5:wait:/etc/init.d/rc 5

l6:6:wait:/etc/init.d/rc 6

# Normally not reached, but fallthrough in case of emergency.

z6:6:respawn:/sbin/sulogin

1:2345:respawn:/sbin/getty 38400 console

c1:12345:respawn:/sbin/getty 38400 tty1 linux

c2:12345:respawn:/sbin/getty 38400 tty2 linux

c3:12345:respawn:/sbin/getty 38400 tty3 linux

c4:12345:respawn:/sbin/getty 38400 tty4 linux

EOF
mkdir -p $rootfs/selinux

echo 0 > $rootfs/selinux/enforce
mknod $rootfs/dev/tty1 c 4 1

mknod $rootfs/dev/tty2 c 4 2

mknod $rootfs/dev/tty3 c 4 3

mknod $rootfs/dev/tty4 c 4 4
# reconfigure some services

LANG="${LANG:-en_US.UTF-8}"
locale="$LANG $(echo $LANG | cut -d. -f2)"

chroot $rootfs echo "locales locales/default_environment_locale select $LANG" | chroot $rootfs sh -c "LANG=C debconf-set-selections"

chroot $rootfs echo "locales locales/default_environment_locale seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"

chroot $rootfs echo "locales locales/locales_to_be_generated seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"

chroot $rootfs sed -i -e "0,/^[# ]*$locale *$/ s/^[# ]*$locale *$/$locale/" /etc/locale.gen

chroot $rootfs sh -c "LANG=C dpkg-reconfigure locales -f noninteractive"
# remove pointless services in a container

chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove # S

chroot $rootfs /usr/sbin/update-rc.d checkroot.sh stop 09 S .
chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove # 0 6

chroot $rootfs /usr/sbin/update-rc.d umountfs start 09 0 6 .
chroot $rootfs /usr/sbin/update-rc.d -f umountroot remove # 0 6

chroot $rootfs /usr/sbin/update-rc.d umountroot start 10 0 6 .
# The following initscripts don't provide an empty start or stop block.

# To prevent them being enabled on upgrades, we leave a start link on

# runlevel 3.

chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove # S 0 6

chroot $rootfs /usr/sbin/update-rc.d hwclock.sh start 10 3 .
chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove # S

chroot $rootfs /usr/sbin/update-rc.d hwclockfirst start 08 3 .
chroot $rootfs /usr/sbin/update-rc.d -f module-init-tools remove # S

chroot $rootfs /usr/sbin/update-rc.d module-init-tools start 10 3 .

rm $rootfs/etc/udev/rules.d/70-persistent-net.rules

Step 5 – Create LXC config

Finally we have to create a LXC configuration file for the new machine. Lazy as I am, I have copied an existing config file into /var/lib/lxc// and modified the paths and network configuration accordingly.

After that the machine can be started with

lxc-start -n

Keep in mind that you won’t be able to detach from that console again. But to debug boot problems it is essential to not launch the machine in background mode (-d).

Vdr-sxfe audio output issues over and over again

And after fixing them for the hundredth time in the last ten years, I finally decided to write down what I seem to always forget. Isn’t this what tech blogs are for?!

So what was happening this time: After some years without any major issues, our media center PC decided to reboot in circles, which turned out to be caused be a defective motherboard. After replacing it with the one from my gaming PC everything worked fine, except that I had to use the onboard graphics card as the passive cooler of the former PC-Express graphics card wouldn’t allow me to use the DVB-S card in the upper PCI slot.

In my vdr-sxfe startup script I’ve set the audio parameter to alsa:plug:'hdmi:CARD=NVidia,DEV=0'. But the only results I get is either no sound at all or vdr-sxfe restarting every few seconds. At some point I managed to set the audio channel in VDR to stereo instead of AC3. Guess what happened? Immediately vdr-sxfe stopped restarting and sound was coming from the left and right speakers.

Conclusion: Something must be terribly wrong with the AC3 passthrough. But what? And who controls which device is used for the AC3 passthrough? I know that I should have asked myself this questions earlier, but trial and error worked perfectly well in the past 😉

After trying to remember which files I modified several times before to optimize vdr-sxfe audio and video output, I came to the point where I felt certain that the whole magic must only happen in ~/.xine/config_xineliboutput. As vdr-sxfe is based on Xine this seems to make sense.

Some tests later it was proven, that the audio parameter of vdr-sxfe never affects the value of audio.device.alsa_passthrough_device in the config file.

So the solution to my AC3 passthrough problem is setting the audio.device.alsa_passthrough_device value in the config file to plug:'hdmi:CARD=NVidia,DEV=0'.

Today the new PCI-Express graphics card arrived and all I had to do is changing the vdr-sxfe audio parameter and the audio.device.alsa_passthrough_device value in the config file to plug:'hdmi:CARD=NVidia_1,DEV=0'.

For the sake of completeness, here are all non-default values from my ~/.xine/config_xineliboutput

audio.device.alsa_default_device:plug:'hdmi:CARD=NVidia_1,DEV=0' audio.device.alsa_front_device:plug:'hdmi:CARD=NVidia_1,DEV=0' audio.device.alsa_passthrough_device:plug:'hdmi:CARD=NVidia_1,DEV=0' audio.device.alsa_surround51_device:plug:'hdmi:CARD=NVidia_1,DEV=0' audio.output.speaker_arrangement:Pass Through audio.synchronization.av_sync_method:resample video.processing.ffmpeg_thread_count:2 media.xvdr.num_buffers_hd:5000 media.xvdr.scr_tuning_step:100 effects.goom.fps:25 effects.goom.height:576 effects.goom.width:720 engine.buffers.audio_num_buffers:500 engine.buffers.video_num_buffers:250 engine.buffers.video_num_frames:50 engine.performance.memcpy_method:libc

Tuxevaras Blog

my personal opinions about technology, politics and life

Linux