Categotry Archives: Joe


Blessed Retirement, Joe



Today is a hallmark day for my friend Joe Sloan. It was his last day as a Unix System Administrator, at Toyota Motor Sales, in Torrance, Ca.

I have had the privilege of his friendship, guidance, prayers and mentoring. In about a month, I will start my 9th year with Linux, thanks primarily to the one man who stood tall: Joe Sloan. A lot of what I learned from Joe, is on this website.

As you enter into this new phase of your life, their will be challenges ahead. Thank you for your inspiration and the man of faith you are.

My Life at Toyota, Selsi Kato


We both worked for different car companies. Who knew?



Stabilizing an atheros ar9485 (ath9k) connection in Linux (Wheezy)


If you search the internet, one of the issues that seems to come up a lot, are connectivity issues with the atheros AR 9485 card.

I am configuring a new laptop, an HP Pavilion G6-2323DX for my Mom. I ran into many issues that caused me to have to do hokey pokey.

This is pure hokey pokey. But it does work.

The operating system I am using is Debian/Wheezy V 7 RC 1 (64 Bit)

If you do a uname -a I get back:

Linux AnnLin 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux

Let’s just step by step check things.

1. let’s see if Linux see’s the card:

lspci | grep Wireless

You will get back a line like:

02:00.0 Network controller: Atheros Communications Inc. AR9485 Wireless Network Adapter (rev 01)

That means Linux sees it, but of course it is NOT configured.

2. Let’s see if the driver (ath9k) is loaded. We will use modprobe.

modprobe ath9k

if the device driver is loaded, it will just return a prompt. That’s a “good thing” as Martha would say.

3. Let’s look to make sure the wpa-supplicant programme is installed. The WPA supplicant provides wireless protected access (encryption) for our connection.

dpkg -l | grep supplicant

and you should get back:

ii wpasupplicant 1.0-3+b2
amd64 client support for WPA and WPA2 (IEEE 802.11i)

We’re good!

4. Now let’s modify /etc/network/interfaces

cd /etc/network # go to network interfaces
sudo cp interfaces # make a backup copy
sudo nano interfaces

You will get back something like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#define the network interface for the wireless lan card
iface wlan0 inet dhcp
wpa-ssid MyHome
wpa-psk MyPass

wpa-ssid is the name of the wireless network you are trying to connect to. wpa-psk is the password for that network. Yup plain text!

The iface line defines wlan0 so it has access to the internet, and gets it’s ip address dynamically (dhcp).

The card interface is STILL not up!

5. Bring up the interface!

sudo ifdown wlan0; sudo ifup wlan0;

you will get output that looks like:

ifdown: interface wlan0 not configured
Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit
Listening on LPF/wlan0/20:16:d8:e5:32:b4
Sending on LPF/wlan0/20:16:d8:e5:32:b4
Sending on Socket/fallback
DHCPDISCOVER on wlan0 to port 67 interval 8
DHCPREQUEST on wlan0 to port 67
bound to — renewal in 37985 seconds.


Install wicd (Wireless Interface Connection Daemon)

sudo apt-get install wicd

once that is installed, REMOVE the gnome network mangler!

sudo apt-get purge network-manager-gnome


Reboot the machine. After re-booting bring up the interface.

sudo ifdown wlan0; sudo ifup wlan0;

It should look like this:



now go back to /etc/network/interfaces and remove (or comment out with a # in front the wpa-ssid, and wpa-pskid for the wlan card. so just: iface wlan0 inet dhcp and whatever else was there — just not the wpa information.

cd /etc/network # go to network interfaces
sudo nano interfaces

9. Restart the network:

sudo /etc/init.d/networking restart

you will get back something like this:

[….] Running /etc/init.d/networking restart is deprecated because it may not[warnnable some interfaces … (warning).
[….] Reconfiguring network interfaces…Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit

Listening on LPF/wlan0/20:16:d8:e5:32:b4
Sending on LPF/wlan0/20:16:d8:e5:32:b4
Sending on Socket/fallback
DHCPRELEASE on wlan0 to port 67

this basically makes sure we don’t have any errors in /etc/network/interfaces


Reboot once again, and this time the interface should come up automatically. Screensaver engagement should not knock the connection offline.

And that’s what it’s all about!

I have to thank 3 people for all their help. Joe, Loni and Frances.



Upgrading from Ubuntu 8.04 (lts) to Ubuntu 12.04 (lts)


On 03/26/2013 10:48 AM, wrote:

Sunday night I upgraded my server again – I had previously upgraded it from ubuntu 8.04 to 10.04, so I figured I’d go ahead and take it to 12.04 so it will be supported until 2017.

It all went smoothly. All I had to do to get the ball rolling was to type: ‘do-release-upgrade’ and the process began. Again, the box stayed up all through the upgrade, continued to serve dns and dhcp, routed nat traffic to the internet, and kept the vpns running.

When the upgrade was complete, I had to go to run level 6 to boot into the new kernel, so the system was down for about a minute while the reboot process ran its course.

When it came up, there was a problem with forwarding traffic to the internet. That was caused by a new /etc/sysctl.conf which didn’t have the ipv4 forwarding enabled. I fixed the file, typed “sysctl -p” to make the new setting take effect, and lan access to the internet was restored.

A bit later I noticed a second problem: wireless devices were not able to access the internet. I found that the dhcp server was not running. I tried starting it manually and it failed. Looking in the log, I could see that apparmor didn’t like the fancy things dhcpd was trying to do. Admittedly it’s a custom configuration, and the new version of dhcpd might require a few changes. At any rate, I just unloaded apparmor to get things up and running. Then dhcpd was able to start, and there were no other problems.

All in all, a smooth upgrade with a rather short outage.



How to easily remove comments from a file (or why does squid.conf look like War and Peace?)


Oh brother. I am trying to configure the squid proxy server on my Linux box. At over 4,900 lines of code, it reads more like Tolstoy’s epic novel: War and Peace.

While I appreciate that every blessed thing I would ever need to know about squid is contained in this configuration file, it makes it hard to read the code through the comments. I had some fancy way of doing it, but Joe came up with a simpler method:

grep -v '^#' squid.conf

and I improved on that:

grep -v '^#' squid.conf | uniq | sort >squid.nocomment

so let’s break that down.

grep looks for a regular expression.

the -v option tells it to look for lines which DO NOT match to pattern. In this case we are looking for lines that do NOT match a comment: # in the first character of the line. So we just took the “War and Peace” sized squid.conf, to a handful of lines.

uniq – filters out adjacent lines, so if we have multiple blank lines, it eliminates them.

and sort? Well it sorts the output, and writes the file.

Notice the | ? It is piping. What’s that? It means the input to the next programme (following the pipe) is the output of the previous programme.

So what the command does is, looks for lines that do NOT start with a comment, eliminates any adjacent duplicate lines, then sorts the output.

So our 4,900 configuration file, is now, 50 lines! About 2% of the total. Who knew? Thanks Joe for getting me started with the grep trick. Here is the squid.conf file, with the comment lines removed:

access_log /var/log/squid/access.log squid
acl all src all
acl apache rep_header Server ^Apache
acl localhost src
acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
acl manager proto cache_object
acl purge method PURGE
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 210 # wais
acl Safe_ports port 21 # ftp
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 70 # gopher
acl Safe_ports port 777 # multiling http
acl Safe_ports port 80 # http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl to_localhost dst
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
hierarchy_stoplist cgi-bin ?
hosts_file /etc/hosts
http_access allow localhost
http_access allow manager localhost
http_access allow purge localhost
http_access deny all
http_access deny CONNECT !SSL_ports
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_port 3128
icp_access allow localnet
icp_access deny all
refresh_pattern . 0 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
upgrade_http0.9 deny shoutcast



How to install and configure openvpn (virtual private network) for Linux


Virtual Private Networks are a useful tool, to allow us to securely reach an isolated computer or network.

Yet, is requires more tweaking then one would imagine. So here’s a step by step guide on how I did it, with a LOT of help in understanding some of the key concepts, provided by my friend Joe, and protocol explanations from Darren of hak5.

1. What’s the first thing we do? Why install openvpn of course!

sudo apt-get install openvpn

2. Now we need to generate our secret key. This is used to authenticate a remote user trying to gain access. We will use openvpn itself to generate the secret key. NOTE: Debian by default, does NOT provide a path to /usr/sbin

You can fully qualify it: /usr/sbin/openvpn

temporarily add it to the PATH variable: export PATH=$PATH:/sbin:/usr/sbin:/usr/sbin

Or just add:

export PATH=$PATH:/sbin:/usr/sbin:/usr/sbin

to .bashrc

If you add it to .bashrc, you will need to logout and back in again, so it will re-read the file.

Let’s generate that key!

openvpn --genkey --secret vpn.key

Simple, huh?

3. Let’s move some files, and create the configuration file for openvpn.

first, let’s move our secret key file:

sudo cp vpn.key /etc/openvpn/.

The period at the end, is significant. It says copy the file, right here.

4. Next is the configuration file. Using your favourite editor (nano in my case) create the
/etc/openvpn/openvpn.conf file as follows: Most of the explanations of the parameters come from here.

# Sample openvpn configuration file
# jjs June 6, 2012 V1.0
# annotated by Wayno
# remote specifies the address of the server


# dev tun specifies that we are using a tunnel device

dev tun

# ifconfig tells ip address for the interface


# and the secret key name (in /etc/openvpn)

secret vpn.key

# use port 5001 (default) to connect to the vpn. This may require
# you to add this in your router.

port 5001

# if you want data compression


# ping every 10 seconds, if no ping in 120 seconds, other side dead

keepalive 10 120

# ping timer starts after it receives a connection


# don't recreate a virtual net interface TUN after automatic restart


# Don't read pre-shared static key file again after auto restart


# user and group

user nobody
group nogroup

# after initialization, run in the background as a daemon


# setup the route after ifconfig


# append the /etc/openvpn/openvpn.log

log-append openvpn.log

5. Restart openvpn

sudo service openvpn restart

If you check /etc/openvpn/openvpn.log you will get something like this:

sudo cat openvpn.log
Tue Oct 2 01:22:07 2012 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 21 2012
Tue Oct 2 01:22:07 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Tue Oct 2 01:22:07 2012 /usr/sbin/openvpn-vulnkey -q vpn.key
Tue Oct 2 01:22:07 2012 WARNING: file ‘vpn.key’ is group or others accessible
Tue Oct 2 01:22:07 2012 LZO compression initialized
Tue Oct 2 01:22:07 2012 TUN/TAP device tun0 opened
Tue Oct 2 01:22:07 2012 /sbin/ifconfig tun0 pointopoint mtu 1500
Tue Oct 2 01:22:07 2012 GID set to nogroup
Tue Oct 2 01:22:07 2012 UID set to nobody
Tue Oct 2 01:22:07 2012 UDPv4 link local (bound): [undef]
Tue Oct 2 01:22:07 2012 UDPv4 link remote: [AF_INET]
Tue Oct 2 01:22:07 2012 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Feb 21 2012
Tue Oct 2 01:22:07 2012 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Tue Oct 2 01:22:07 2012 /usr/sbin/openvpn-vulnkey -q vpn.key
Tue Oct 2 01:22:07 2012 WARNING: file ‘vpn.key’ is group or others accessible
Tue Oct 2 01:22:07 2012 LZO compression initialized
Tue Oct 2 01:22:07 2012 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Tue Oct 2 01:22:07 2012 Exiting
Tue Oct 2 01:22:10 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Tue Oct 2 01:22:20 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Tue Oct 2 01:22:20 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)

6. Let’s see if it works?

ping -c 5

PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=64 time=0.033 ms
64 bytes from icmp_req=2 ttl=64 time=0.041 ms
64 bytes from icmp_req=3 ttl=64 time=0.030 ms
64 bytes from icmp_req=4 ttl=64 time=0.041 ms
64 bytes from icmp_req=5 ttl=64 time=0.040 ms

— ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.030/0.037/0.041/0.004 ms

0 is now part of the Creative Commons Community


Knowledge should ALWAYS be free. As such, I am passing all the contents of this website into the Creative Commons Community.

This work is now licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. Share and share alike.

Thanks Joe and Loni for your wisdom, guidance, and mentoring spirit.

Creative Commons Logo


Finding and installing 64 bit Firefox and Thunderbird for Debian


Let’s face it. Rebranded software (Icedove for Thunderbird and Iceweasel for Firefox) on Debian works, but they are UBER old. And if you are trying to get 64 bit versions of Firefox and Thunderbird. Good luck!

IceWeasel (rebranded Firefox Version 3!) is pre-installed. However Icedove does NOT come pre-installed.

The programmes on the mozilla site, are 32 bit critters. Which don’t always work in a 64 bit environment.

As a minimum, if you want to use the 32 bit Firefox or Thunderbird off the mozilla site, you will need to have at least the following 32 bit libraries installed on your 64 bit system:

sudo apt-get install ia32-libs
sudo apt-get install ia32-libs-gtk

Fortunately, I ran into Diopter on #debian on

Here is where the latest stable 64 bit version are stored:


For the latest stable 64 bit Firefox

For the latest stable 64 bit Thunderbird

I have had some issues with the stable releases. So I use the nightly builds.

Nightly build for 64 bit Firefox (unstable)

Nightly build for 64 bit Thunderbird (unstable)

1. Once you have them downloaded, lets untar them to the right directory.

cd /usr/local

2. Now untar:

sudo tar -xjvf ~/Downloads/(name of file goes here)

-x says we want to extract the tar
-j says it is a bzip2 file
-v says we want verbose (lots of) output
-f says use archive mode

3. Rename the old “firefox” (icedove) in /usr/bin
NOTE that the # and anything that follows is a comment and does not need to be coded.

cd /usr/bin # go to /usr/bin directory
sudo mv firefox firefox.icedove

4. Now create a link to the new Firefox we just installed. I want it system wide so we need to create a symlink in /usr/bin to where the files are stored.

As always the octothorpe (# is a comment and need NOT be coded)

For Firefox:

cd /usr/bin #change to the usr/bin director
sudo ln -s /usr/local/firefox/firefox .

or /usr/local/thunderbird/thunderbird


5. to confirm that you have everything right:

which firefox

and you will get output that looks like:


(or thunderbird)

If you go to /usr/bin and do an ls -l you will see:

lrwxrwxrwx 1 root root 26 May 5 19:01 firefox -> /usr/local/firefox/firefox

(or thunderbird)

Thanks Joe and Loni!



How to generate an easy to remember password


Need a strong, but easy to remember password? No need to remember, generate it! Up to 48 chars, works on any unix-like system:

read -s pass; echo $pass | md5sum | base64 | cut -c -16

Joe –


MD5SUM creates a 128 bit hash.

Base64 turns a binary number into ASCII

cut – simply removes sections for each line.

Output looks like:

n@H:~$ read -s pass; echo $pass | md5sum | base64 | cut -c -16
(I entered: abcdefg)


Ubuntu /etc/X11/xorg.conf from livecd fixes Debian Video Problems


I have been fighting video problems with Debian for a couple of weeks. I corrected the /etc/X11/xorg.conf file here.

If it looks familiar it should! This is the /etc/X11/xorg.conf file from the 64 bit Ubuntu 10.10 Livecd. I put it onto a usb flash drive, used sneaker net (which means I pulled it out of one machine, walked over, and put it into another), and copied it over. Restarted the gdm3 on 64 bit Debian Squeeze. I have full use of the hardware graphics capability and monitor sizes.

Using Ubuntu to fix Debian. Oh! I so love irony.

Thanks Joe for this crazy idea. But it worked!


1 2 3