You are currently browsing the archives for January 2011.
Displaying 1 - 7 of 7 entries.

CPAN, MacPorts and Eclipse: The hard-life

  • Posted on January 24, 2011 at 10:21

Developing machine configuration
My workstation is an Apple MacPro, running Snow Leopard. And I do my developing in Eclipse. For me undoubtedly the number one IDE. The Perl-support is really fantastic.
Unless you installed MacPorts!

Although I was sure I installed the used CPAN-Modules, Eclipse kept complaining about not able to find them, blablabla….
Eclipse Error: Can't find CPAN Module

MacPorts installed it’s own Perl! Although not necessarily, it can happen easily. With a little bit of playing around in MacPorts, it’s quite probable than MacPorts installed it’s own Perl. Although it really isn’t a big issue in everyday use. (I never ran into any trouble, so far) it may result in Eclipse fooling you.
Because since my OS now by default uses the MacPorts version of Perl, it will also use the CPAN that’s installed by MacPorts. And, once again: It works just fine!
The only trouble is Eclipse. Eclipse, or actually E-P-I-C, still only looks in the default Perl search-paths.
So if you install a new module using CPAN when MacPorts has installed Perl, it will install that new module in the MacPorts-CPAN-Path, and not in the default OSX-CPAN-Path. That’s all!

Just install your CPAN module also in the default OS X-Path using the absolute path.
$ sudo /usr/bin/cpan
cpan> install Archive::TarGzip
cpan> reload cpan
cpan> exit

Now restart your Eclipse….
Problem solved!

/etc/fstab and bind-mount

  • Posted on January 17, 2011 at 03:22

I use a Software RAID0 for data
And on this software-raid-volume, there are my MySQL-Databases, /home and other stuff that should be fast…
And, like all volumes, this software-raid-volume is mounted during boot-time.
But since my /home is also on that volume, it should be mounted using a bind-mount.
So first there is a mount using a mdadm: /dev/md127 -> /mnt/data,
And second there is a mount using bind-mount /mnt/data/home -> /home

It took me quite a while to figure out how to get this done at boot-time, but I managed!
Here’s what my /etc/fstab looks like:

# /etc/fstab: static file system information.
# noatime turns off atimes for increased performance (atimes normally aren't
# needed; notail increases performance of ReiserFS (at the expense of storage
# efficiency).  It's safe to drop the noatime options if you want and to
# switch between notail / tail freely.
# The root filesystem should have a pass number of either 0 or 1.
# All other filesystems should have a pass number of 0 or greater than 1.
# See the manpage fstab(5) for more information.

# <fs>            <mountpoint>    <type>        <opts>        <dump/pass>

# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
LABEL=boot        /boot        ext2        noauto        1 2
#/dev/sda3        /boot        ext2        noauto        1 2

LABEL=root        /        ext3        defaults    0 1
#/dev/sda4        /        ext3        noatime        0 1

LABEL=data        /mnt/data    ext3        defaults    0 1

# HOME (bindmount)
/mnt/data/home         /home        bind        defaults,bind    0 0

# SWAP like RAID0. The higher the value the higher the priority. (max=32767)
/dev/sda5        none        swap        sw,pri=1    0 0
/dev/sdb5        none        swap        sw.pri=1    0 0

#/dev/cdrom        /mnt/cdrom    auto        noauto,ro    0 0
#/dev/fd0        /mnt/floppy    auto        noauto        0 0

# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
# POSIX shared memory (shm_open, shm_unlink).
# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will
#  use almost no memory if not populated with files)
shm            /dev/shm    tmpfs        nodev,nosuid,noexec    0 0
proc            /proc        proc        defaults        0 0

For the attentive readers:
Yes, I did put my boot on a separate partition. And getting this done on a PowerMac G5 is quite an exhibition! Maybe someday, someday I’m gonna blog about that too!

rsync and cp -r

  • Posted on January 12, 2011 at 16:34

Since I lately had to do a lot of data-migrating stuff, I made myself an alias for rsync and I use it as recursivecopy-command. Works great! Write this down… 🙂

# alias rcp='rsync --owner --group --perms --times --archive --recursive --progress'

Some advantages

  • No worries about accidentally overwriting important files
  • No struggle with long syntaxis anymore
  • Same syntaxformat as cp
    Example: # rcp -v /home/user1/* /home/user2/*
  • Progress indicator
  • Retaining file permissions and ownerships
  • Very forgiving with interruptions!
    You can hit CTRL-C without any risk. Just restart your rcp-action. And it will continue where it left of…

And sure you can add this alias to the bashrc, the .bash_profile, and so on….

FTK: “Runtime error” on raw-image

  • Posted on January 11, 2011 at 23:07

Today we discovered some strange behavior of Forensic ToolKit opening a raw image.

We use different software to acquire evidence:

  1. rdd-copy (my favorite)
  2. FTK Imager
  3. Tableau IMager

Fortunately we now only use uncompressed raw images*. And depending on the situation we create them with one of the above mentioned tools. For some strange reason FTK crashed immediately after adding a raw image made by rdd-copy. My colleague appeared to be so patient and eager to find the reason for this strange behavior that he acquired that same harddrive again. Even though rdd-copy didn’t report any errors on the device! And this time he used Tableau IMager….

After all that was done, he added the raw-image, made by Tableau IMager, to the case… And to our big surprise: It worked flawlessly! And it got even more strange when we checked the hashes, The MD5s were the same! Go figure…

The extension! WTF! Our default choice for an evidence-extension is .IMG. (Works pretty nice with OS X)
And this was causing that runtime error!

We changed .IMG to .DMG. Keeping the powerful functions of OS X available.
Everybody happy.

*If you want discussions about EnCase Evidencefiles again,
If you honestly really don’t know why not,
Or if you just want to make me mad,
Send an email to ‘

SABnzbd and Gentoo

  • Posted on January 11, 2011 at 01:15

Apparently the portage-tree doesn’t contain SABnzbd. Too bad! I really needed some binary newsgroup downloader. And I did have some experience with running it on my local machine, a MacPro. Wonderful App! Or tool, or server, or whatever…

But there I was, left alone, helpless and disillusioned…
What to do now?

Well, basically…… This!
(keep in mind, I’m using a PPC64)

Edit /etc/portage/package.keywords, and add:
# SABnzbd
dev-python/* **
app-arch/par2cmdline *

And now run (not specifically in this order):

# emerge dev-python/pysqlite
# emerge dev-python/cheetah
# emerge dev-python/pyopenssl
# emerge sqlite
# emerge par2cmdline
# emerge unrar

Download the SABnzbd-sources:

# wget

Unzip/Unpack to an appropriate directory,
cd into newly made directory,
Edit /.sabnzbd/sabnzbd.ini, and change the host-value ‘localhost’ to,
Now run and you can configure the rest of SABnzdb using your browser, (Ahhhhh….)

# ./

Although this post isn’t about security, be aware that in this particular example SABnzbd is now running as root. And that ain’t necessary at all!

It is possible, and advised by me ;-), to create a sabnzbd-user, and let it run under that newly created sabnzbd-account.
Naturally, you have to do some chowning to the SABnzbd-directory. (Also to the .-directories which are ignored by default by chown!)

Fun stuff
Further more a tip for extra fun and carefree usage:
Create a SABnznbd-writeable directory /var/log/sabnzdb,
In the sabnzbd.ini in the ./sabnzbd-dir: Change the logdir (logs) to /var/log/sabnzbd

You are maybe asking yourself: “What’s the fun of that?”
Well, just take a look at, and you’ll find out!

Unmasking autounmask

  • Posted on January 9, 2011 at 18:36

I found out that a lot of Gentoo-stuff has not yet been tested on the PPC64 platform, but appears to work just fine. Take WordPress for example!

Unmasking is basically, or usually, the only thing that needs to be done. But immediately, there is the first barrier: How to get autounmask to work?
Well, this is what worked for me:

Edit /etc/portage/package.keywords, and add:
# autounmask
app-portage/autounmask *
dev-perl/PortageXS *
virtual/perl-Term-ANSIColor *
perl-core/Term-ANSIColor *

And now run “emerge autounmask” (again).
Et voila! Autounmask will emerge having no trouble at all!

print “Hello world!\n”;

  • Posted on January 9, 2011 at 16:13

I hereby welcome myself to the world of blogging.

As the subtitle is stating: I’m a Nerd! And therefor (I guess) not really eager to publish or do some documenting in general. But, as we all know, it might come in handy sometimes!

This blog will mainly be documentation about:

  • Gentoo Linux on PPC64 Debian x86-64
  • IT Forensics
  • Data recovery
  • Perl
  • System Administrating (not too much I hope)

Have fun KrusjMe!