Tuesday, May 14, 2013

SPICE client for Android in Google Play? Look no further than aSPICE, the first and only one to have landed in Google Play!

To anybody who chances upon this blog entry, I wanted to announce the first Android SPICE client in Google Play called aSPICE and available here:

https://play.google.com/store/apps/details?id=com.iiordanov.aSPICE

It is sure to have some defects at the beginning, so please send your constructive comments through the Send Email link in Google Play.

Also, please excuse the higher price, but there was a steep learning curve and a large investment of time up until this point, and a much larger investment in time in the future to support the project.

If the project sees support, I will be working on simplifying the glue between the UI and the native layer which will result in better stability, higher performance, and hopefully upgradability/maintainability of the native layer.

For reference, the free and donation versions of aSPICE's sister projects bVNC and aRDP:

https://play.google.com/store/search?q=bVNC+aRDP


Sunday, March 24, 2013

Generating and importing RSA/DSA SSH keys into bVNC Secure

Apart from being able to generate its own SSH keys in RSA and DSA format (tap the "Manage Key" button in VNC over SSH mode), versions v3.0.5 and newer of my VNC client, bVNC Secure, can import RSA/DSA keys as well. This guide will show you how such keys are generated and imported into bVNC Secure.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


Generating supported key types in a supported format:

- Encrypted RSA keys in PEM format, obtainable with the following command:
  ssh-keygen -t rsa -b 4096 -f SOMEFILE
When prompted for a pass-phrase enter one of your choice which will be needed to make use of the key when using it to connect.

- Non-encryped RSA keys in PEM format obtainable with the following command:
  ssh-keygen -t rsa -b 4096 -f SOMEFILE
When prompted for a pass-phrase, press enter (twice).

- Non-encryped RSA/DSA keys in PKCS#8 format, obtainable with:
  ssh-keygen -t dsa -b 1024 -f TEMP
  openssl pkcs8 -topk8 -nocrypt > SOMEFILE < TEMP

Importing the key stored in SOMEFILE into bVNC by:

- copying it to the "Download" directory on your smartphone or tablet
- Creating a connection of type VNC over SSH
- Tapping "Manage key"
- Typing SOMEFILE into the text field marked "Filename in Download directory"
- If your key is encrypted, entering your passphrase in the text-field marked "Passphrase"
- Tapping "Import".

Saturday, March 23, 2013

Setting up TigerVNC for secure connections to Windows with bVNC

This guide is for configuring TigerVNC on Windows for secure VNC connection using bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client that supports VeNCrypt. Only the VNC client configuration would be different.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


Setting up TigerVNC:

    - Download and install TigerVNC v1.1.0 from Sourceforge:
http://sourceforge.net/projects/tigervnc/files/tigervnc/1.1.0/TigerVNC-1.1.0.exe/download

Please note that newer versions may have stability issues (I tried v1.2.0, and it crashes all the time), so you've been warned.


    - Then, when the TigerVNC icon shows up in the task-bar (it is an eye of a tiger), right-click on it, select "Options", and configure it as shown in the screen-shot below. Note I've clicked on "Configure" to set a password.

    - Important! Since you're reading this, you must be conscious about security. Set an exactly 8-character password using no dictionary words and preferably containing numbers and punctuation and other symbols for enhanced security. Write down this password as you will need it in the last step.

Click on the screen-shot below to see the whole image:



Configuring Windows Firewall:

    - Open the Control Panel.
    - Find and open "Windows Firewall"
    - Click on the "Exceptions" tab.
    - Click on "Add Port", name the rule something like "VNC", and enter 5900 in the port, and click "OK".

Click on the screen-shot for an illustration below:



Finally, configuring bVNC:

    - Create a New Connection in bVNC.
    - Under "Connection Type", select "Secure VNC over VeNCrypt".
    - Enter the IP address of the computer where you installed TigerVNC in the "VNC Server" field.
    - Don't enter a "VNC Username"
    - Enter the password you set in the previous step into the "VNC Password" field.
    - Tap connect and you should be happily connected over an encrypted channel.


Additional notes for connecting over the Internet:

- If you need to connect to your computer over the Internet and you have a router, you need to forward a port on the router to your internal computer running TigerVNC. Do a Google search for how to forward a port on your particular router model.

- If you are connecting over the Internet, consider forwarding a non-standard external port to port 5900 of the machine running TigerVNC. This way, it will be less likely hackers will attack your TigerVNC service to try to crack your password. For example, forward a random-looking 5-digit port number like 62563 to port 5900 of the computer running TigerVNC.

- You also need to discover your external IP address (you can do a Google search for "what is my ip".

- If your external IP address changes (it is dynamic), it is also advisable to set up "Dynamic DNS" which will track your external IP address so you don't have to rediscover it when it changes.

Sunday, March 3, 2013

Chef cookbook for AutoX (like NX) with x11vnc, ssvnc, and bVNC

I've created a Chef cookbook available here:

https://github.com/iiordanov/autox-cookbook

which will automatically configure your system for AutoX (NX-like functionality) over VNC. The back-end is handled by x11vnc in combination with Xvfb or Xvnc, and for a client, use my bVNC Secure softwarre on Android/Blackberry 10, and ssvnc on Linux, Mac, and Windows.

Thursday, October 25, 2012

Looking for NX Client for Android or Blackberry 10? Try bVNC Secure!

I have started building NX-like functionality into my SSH tunnelling VNC client, bVNC Secure, starting with bVNC Secure v.2.9.1. The VNC client can now automatically find and attach to existing X sessions, or launch new X sessions on demand, much like NX. It is also similar in responsiveness to NX.

bVNC is an Android 2.2+ and Blackberry 10/Playbook application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2+, or here:

App World for Blackberry Playbook and Blackberry 10 devices.

There is also a fully-featured free version of bVNC. Buying the donation version of bVNC from Google Play and App World is greatly appreciated.

The NX-like mode is called AutoX and can be configured by tapping a button on the main connection screen, once one selects the "Secure VNC over SSH" connection type. The underlying mechanism for finding and/or starting remote X-sessions is the x11vnc VNC server starting Xvfb, Xvnc or Xdummy to run a nested X server. You also need OpenSSH to tunnel to your computer.

To have the necessary server-side packages, you need to install x11vnc, xvfb, and if you want to try Xvnc mode, vnc4server. To install them on Ubuntu/Debian, one would do:
sudo apt-get install x11vnc xvfb vnc4server openssh-server
Once the packages are installed, start bVNC, enter the address of the server, username/password of your account, and tap on the "Configure AutoX" button.

Select the connection mode, and tap Confirm. For users who want to select a specific session program to run, tap the Advanced settings button.

Finding existing X-sessions is compatible with ALL window managers.

Creating new X-sessions automatically is known to be generally compatible with:

- Kubuntu and KDE4 in general
- Xubuntu and Xfce in general
- Ubuntu 12.04 and Unity2D
- Ubuntu 12.10 with any window manager other than Unity installed (e.g. one of Gnome3, Xfce, KDE4, Mate, Trinity Desktop Environment, LXDE, etc.
- Gnome2 (possibly Mate, but not tested yet)
- KDE3 (possibly Trinity, but not tested yet)
- Gnome3 in "classic" mode.
- Unity2D


Caveats include:

- To find the X-login screen, you need to be a sudoer and be connecting with a password (not an ssh key).

- Finding existing X-sessions and finding the X login screen works fine with Ubuntu 12.10. Finding existing sessions works fine with Ubuntu 12.04, but finding the X-login screen does not work (needs to be bug-reported).

- Unity 3D with Compiz will not run correctly under Xvfb or Xvnc, so for now, use another window manager (needs to be bug-reported).

- Unity2D works fine on Ubuntu 12.04, however Unity2D is not available on Ubuntu 12.10 and later.

- Detaching from a running KDE4 session may cause KDE to not be able to launch any more KDE programs (needs to be bug-reported).



Experiment and let me know about your experiences in the comments below! Please also help report bugs to Ubuntu/Debian and any other Linux distribution so this mode starts working flawlessly!

Thursday, April 19, 2012

Tunneling VNC over SSH to Mac OS X using bVNC

These instructions pertain to bVNC Secure and Free bVNC Secure, but they can be easily translated to instructions for ssvnc as well. bVNC is an Android and Blackberry 10/Playbook application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for Blackberry Playbook and Blackberry 10 devices.

Ensure you have v3.5.0 of bVNC or newer for this method to work.

0) If the Mac OS X computer is not attached directly to the Internet, forward port 22 to it. Port forwarding instructions are different for every router out there, so look up how to do that for your make and model. Also, having a fixed IP address for the computer helps. Finally, DynamicDNS set up on your router would help you immensely to locate your router on the Internet.

0) Set up Remote Desktop on your Mac:
- Open System Preferences
- Under Internet & Wireless, click on ‘Sharing’

- (a) Enable SSH by selecting the ‘Remote Login’ option (put a check-mark)

- Make sure your 'Remote Login' settings look like the screen-shot above
- The same settings window shows where I've highlighted username (iordan in my case) and hostname or IP address to use (lebigmac.iiordanov.com in my case)

- (b) Enable VNC by selecting the 'Screen Sharing' option (put a check-mark)
- Click on "Computer Settings..."

- Make sure your 'Screen Sharing' settings look like the screen-shot above
- Click OK

1) Start bVNC and configure a VNC over SSH connection:
- Select "VNC over SSH" in Connection Type
- Optionally name the connection in Title.
- Type in your external (Internet) IP address or Dynamic DNS hostname in SSH Server.
- Leave port 22 for SSH port.
- Type in the User name and Password of the Mac user you'd like to connect with in the fields under SSH Tunnel Settings
- Leave localhost in for VNC Server, and port 5900 for VNC port.
- Type the same User name and Password of the Mac user you'd like to connect with in the fields under VNC Connection Settings
- You may need to check "Local mouse pointer" in Advanced Settings, to see where the mouse pointer is.
- Tap "Connect", and you should be in. Please note that not all routers are capable of doing loopback connections, so you may not be able to connect to your Internet IP address while you are BEHIND the router. I.e. unfortunately, due to router limitations, you may have to be elsewhere to test this in some cases.

How to connect to Mac OS X using bVNC

This guide is for configuring Mac OS X for usage with bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client. Only the VNC client configuration would be different.

Ensure you have v3.5.0 of bVNC or newer for this method to work.

Please keep in mind that this method of connecting does not involve encryption and only protects your username and password with a Diffie-Hellman key exchange. There is no session privacy thereafter. To solve both of these problems bVNC Secure supports tunneling your VNC connection over SSH for enterprise-level security of both your authentication credentials and data. If you are concerned with security and privacy, follow my guide for Mac OS X on tunneling VNC over SSH with bVNC. Mac OS X supports tunnelling over SSH out of the box.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


0) Set up Remote Desktop on your Mac:
- Open System Preferences
- Click on Sharing
- Select the Screen Sharing checkbox (put a check-mark)
- Click on "Computer Settings..."

- Make sure the screen looks like the screen-shot above
- Click OK

1) Configure bVNC:
- Start bVNC
- Ensure "Connection Type" is set to Basic VNC
- Optionally name the connection something in Title
- Type the IP or host name of the computer you set up the first step
- Type the User name and Password of the Mac user you would like to connect with
- You may need to check "Local mouse pointer" in Advanced Settings, to see where the mouse pointer is
- Tap "Connect", and you should be in.

How to install and connect to TightVNC on Windows using bVNC

This guide is for configuring Windows for usage with bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client. Only the VNC client configuration would be different.

Please keep in mind that VNC authentication is inherently insecure, because it only allows passwords of up to 8 characters in length. Also, traffic between the VNC client and server is not encrypted and your data is vulnerable to spying. To solve both of these problems bVNC Secure supports tunneling your VNC connection over SSH for enterprise-level security of both your authentication credentials and data. If you are concerned with security and privacy, follow my guide for Windows on tunneling VNC over SSH with bVNC.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


0) Install TightVNC
- Go to: http://www.tightvnc.com/download.php
- Get and install the "Self-installing package for Windows".
- Do a default install and set a (VNC password)** and a control
interface administrative password (up to 8 characters).
- Click on the icon with the "V" in the notification area of the taskbar.
- Disable "Serve Java Viewer to Web clients"
- After you have it working you can look through for any other
settings you want.

1) Configure bVNC Client:
- Start bVNC
- Ensure "Connection Type" is set to "Basic VNC"
- Optionally name the connection something in Nickname
- Type the IP or hostname of the computer you configured in the first step.
- Type the (VNC password)** you chose from the first step in VNC Auth.
- You will probably have to check "Local mouse pointer", because TightVNC doesn't show a mouse pointer in Windows with bVNC.
- Tap "Connect", and you should be in.

Tuesday, April 17, 2012

Tunneling VNC over SSH to a Windows computer using bVNC

These instructions pertain to bVNC Secure and Free bVNC Secure, but they can be easily translated to instructions for ssvnc as well. bVNC is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.

0) If the Windows computer is not attached directly to the Internet,
forward port 22 to it. Port forwarding instructions are different for
every router out there, so look up how to do that for your make and
model. Also, having a fixed IP address for the Windows machine helps.
Finally, DynamicDNS set up on your router would help you immensely to
locate your router on the Internet.

1) Install freeSSHd
- Go to: http://www.freesshd.com/?ctt=download
- Download and start freeSSHd.exe
- Do a default installation
- A user reported that running freeSSHd as a system service on his machine does not work properly. So let's play it safe, and when freeSSHd asks you whether you want to run it as a system service, say NO.
- When freeSSHd finishes installing, there will be a freeSSHd icon on your desktop. Drag and drop this item in Start->All Applications->Startup (the list of applications that start when you log in).
- Restart Windows.
- If you are feeling adventurous, you can try running freeSSHd as a system service, but if you experience problems, you have to completely uninstall it, reboot, and then reinstall it.

2) Open port 22 on Windows Firewall
- Control Panel->Windows Firewall
- Ensure the Don't allow exceptions box is not checked.
- Click the "Exceptions" tab
- Click the "Add Port..." button.
- Type sshd for name and 22 for Port number. Leave TCP selected.
- Click "OK", and then "OK" again on the outside dialog.

3) Click on the little icon with the yellow lock in the notification
area of the taskbar (bottom right).
- If the icon isn't there, run Start->All Programs->freeSSHd->freeSSHd
- Click on Tunneling->Allow local port forwarding.
- Click on Users->Add...
- Type the (Login ID)* of an EXISTING user on the system, and next
to "User can use", tick "Shell" and "Tunneling"
- Alternatively, you can create a user by selecting something
other than "NT Authentication" in the "Authorization" box.
- Click "OK" or "Apply"

4) Install TightVNC
- Go to: http://www.tightvnc.com/download.php
- Get and install the "Self-installing package for Windows".
- Do a default install and set a (VNC password)** and a control
interface administrative password (up to 8 characters).
- Click on the icon with the "V" in the notification area of the taskbar.
- Disable "Serve Java Viewer to Web clients"
- Access Control->Loopback Connections->Check "Allow loopback
connections" AND "Allow only loopback connections".
- After you have it working you can look through for any other
settings you want.

5) Start bVNC and configure a VNC over SSH connection:
- Select "VNC over SSH" in Conn. Type.
- Optionally name the connection in Nickname.
- Type in your external (Internet) IP address or Dynamic DNS
hostname in SSH Server.
- Leave port 22 for SSH port.
- Type in the (Login ID)* and the Windows password associated with
it in the fields next to SSH Auth.
- Leave localhost in for VNC Server, and port 5900 for VNC port.
- Type the (VNC password)** from step (4) in VNC Auth.
- You will probably have to check "Local mouse pointer", because
TightVNC doesn't show a mouse pointer in Windows with bVNC.
- Tap "Connect", and you should be in. Please note that not all
routers are capable of doing loopback connections, so you may not be
able to connect to your Internet IP address while you are BEHIND the
router. I.e. unfortunately, due to router limitations, you may have to
be elsewhere to test this in some cases.

6) If you want password-less ssh to your Windows machine, you have to generate an SSH key in bVNC, and export it in some way (say you share it to yourself by email). Then, what you do is save it in C:\Program Files\freeSSHd in a file named the same as (Login ID)* (without ANY extension), where (Login ID)* is the user name of your Windows user that you set up in step (3).

Sunday, July 3, 2011

How to install Linux (Ubuntu, Debian, etc.) on two drive RAID mirror

Drives are cheap nowadays, and your data is valuable. Next time you are installing Ubuntu, consider buying a second disk, and making your fresh installation on a mirrored drive setup using Linux software RAID (MD).

This is a guide for how to install Linux/GNU on a RAID1 or RAID10 mirrored set of drives. We use a GPT disk label so it works for any size drives, even ones larger than 2TB. For this guide, I used Ubuntu LTS, but Debian, and any newer Ubuntu should work with little modification. Any other distribution, like Fedora that has a LiveCD which one can install from can be installed with little modification.

If you are looking to convert a running system which *doesn't* use the GPT disk label, consider following my guide for converting a Linux/GNU system to mirrored drive setup.


1) Download, burn, and boot into an Ubuntu LiveCD.

2) After it starts, start a terminal, and run:

sudo apt-get update
sudo apt-get install mdadm

When prompted about the Mail Transport Agent (postfix in LTS) configuration, select "No Configuration".

3) Turn off swap in case the LiveCD discovered and started using a swap partition on some drive in your system.

sudo swapoff -a

4) Delete all partitions on the target drives. Assuming they are /dev/sda and /dev/sdb:

sudo parted /dev/sda
mklabel msdos y
q

And similarly for /dev/sdb.

4) Create a RAID10 or RAID1 with one drive and second drive missing (we will add it later).
a) For RAID10:

sudo mdadm --create /dev/md0 -l10 -pn2 -c512 -n2 /dev/sdb missing

b) For RAID1:

sudo mdadm --create /dev/md0 -l1 -n2 /dev/sdb missing

5) Check that md0 exists and is operational:

cat /proc/mdstat

5) Create partition table and partitions on the RAID, but DO NOT MAKE A SWAP partition. This is important because the Ubuntu LiveCD will try to activate swap on the raw device (/dev/sda) even though the device is part of a RAID and will fail because the device is busy:

sudo parted /dev/md0
mklabel gpt y
mkpart "grub-bios" ext4 0 1
set 1 bios_grub on
mkpart "root" ext4 1 40000
q


I found it necessary to stop and start the array to get the partitions to show up.

mdadm --stop /dev/md0
rm -rf /dev/md0*
mdadm --assemble --scan


The 40000MB size above is just an example. Modify to suit your needs. Also, feel free to create separate /boot, /var, /usr, /tmp, etc. as you see fit.

5) Double-click the "Install Ubuntu" icon on the desktop, and go through the process until you reach the point of partitioning.

6) Select "Specify partitions manually", and click "Forward".

7) On the next screen, double-click the /dev/md0p2 partition.
a) In the "Use as" field, for a production server, select ext3. For a personal computer, you can select ext4.
b) Put a check-mark on "Format the partition".
c) Enter "/" in the "Mount point" field (just forward slash, without the quotes).
d) Click "OK", and then "Forward". You will likely get a warning that no swap has been created, but simply click "Continue".

8) On the next screen, enter your login information, and click "Forward", and on the screen after that, select "Advanced", and under "Device for boot loader installation", select /dev/md0. Installation of the boot-loader will fail, and we'll have to do it manually, but it's better than the installer trying to install it on some raw device.

9) As mentioned above, towards the end of the installation, the boot-loader will fail to install. Select the "Continue without a boot-loader" option, and finish the installation. Click "Continue testing" to stay in the LiveCD session.

10) Edit your fstab, and change ALL the entries that read UUID=XXXXXXXXX to /dev/md0pNN, where NN is a partition number. In other words, you need to make sure your system will not decide to use the raw devices which comprise /dev/md0, but the mirror itself. If your device is indicated by a UUID, then hopefully there is some indication what the device name used to be at installation time in a comment above the entry. So, for example, if the comment says the device used to be /dev/md0p2, delete ONLY the UUID=XXXXXXXXX part (make sure you leave the mount-point intact), and put /dev/md0p2 in place of the UUID=XXXXXXXXX.

11) Save your array into /etc/mdadm/mdadm.conf, and rebuild your initrd in order to make sure the array gets assembled at boot time, and under the correct name (e.g. /dev/md0 instead of something like /dev/md_d0).

sudo chroot /mnt

mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev

apt-get update
apt-get install mdadm
mkdir -p /etc/mdadm/
mdadm --examine --scan > /etc/mdadm/mdadm.conf
update-initramfs -c -k all

If you get complaints that initrd is custom, you can force update-initramfs totake over the custom initrd with these options instead:

update-initramfs -ut -k all

DO NOT EXIT CHROOT YET!!

12) Configure and install grub v2 into the MBR of the mirror. For Ubuntu 10.04, it was trivially easy to do. First we make sure that Grub v2 is installed.

sudo apt-get install grub2

Next, edit /etc/default/grub, and *uncomment* the line that reads "GRUB_DISABLE_LINUX_UUID=true".

grub-mkconfig > /boot/grub/grub.cfg
grub-install --recheck --modules="raid" /dev/sda


13) Reboot into your disk installation, but make sure you are booting off /dev/sda, on which the mirror lives now. To do so, you can usually call up a one-time Boot menu with one of the F-keys (like F8) on many systems. Otherwise, modify the necessary BIOS settings to do so.

Once you're in, you can add /dev/sdb to the array that was created in the steps above.

sudo mdadm --add /dev/md0 /dev/sdb

14) You can watch the process of resyncing the drives with:

watch cat /proc/mdstat

15) If you need swap, create a swap partition and add it to /etc/fstab. If you find that you would like to have this step described here (or linked from here), please post a comment requesting it.

Thursday, June 30, 2011

How to get a free Sipgate account with a US number (DID), and receive calls for free on it through SIP (e.g. on Android)

This guide will help you get a free US number (DID), and receive incoming calls on your Android device *for free* without using minutes on your voice plan, purely over Wifi (or data if you have a good data plan). This guide is part of my larger guide on how to make free calls to USA and Canada using Google Voice.

1) Register for a free Sipgate One account

2) Once you are signed up and your account is active, make note of your Sipgate SIP ID and SIP password.

3) Configure either your built-in SIP client (Android 2.3 and up), or download one of CSipSimple, Sipdroid, or Linphone from the market, and install it on your Android phone. General instructions on setting up Sipgate with a SIP client can be found here.

a) For Android 2.3 and up, you may choose to use the built-in SIP functionality of your device. Go to Settings->Call Settings->Accounts. Select "Receive incoming calls" (this is essential for callback to work), and then hit "Add account". Enter your Sipgate ID and password in the appropriate fields, and sipgate.com under "Server".

b) Once you install and start Sipdroid, hit Menu->Settings->SIP Account (Line 1), and enter your Sipgate ID in the "Authorization Username" field, and password in the "Password" field, and sipgate.com under "Server or Proxy". If you so choose, you can check "Use 3G" (see NOTE below about data usage). If you experience weird audio issues, you can also select Settings->Advanced Options->Use STUN Server, and enter stun.sipgate.net in "STUN Server name", or use the pre-supplied STUN server.

c) Recent versions of CSipSimple have a Sipgate wizard which can be followed to set up your Sipgate account easily. When when you first start it up:
- Select whether you want to be "Always available" or "Available on WiFi", depending on whether you have a generous mobile data plan or not. Also, if using your data plan, check "I'm allowed to use mobile" below.
- On the next screen, click "Add account", then choose the Sipgate wizard, and enter your Sipgate ID and password in the appropriate fields, and sipgate.com under "Server".
- If you experience weird networking issues, one way audio or other issues, you can try enabling STUN, Menu->Settings->Network->Enable STUN. You can elect to use callwithus STUN server (stun.sipgate.net) or the CSipSimple provided server (Thanks for your comment, Ross).
- Finally, you if you want to use your mobile data plan (see NOTE below about data usage), check "Use 3G" in the settings.

d) After installing Linphone, when it is first run, it will do an echo cancellation calibration. After that, you will be in the SIP Account screen. Enter your Sipgate ID and password in the appropriate fields, and sipgate.com under "Domain". You can check "Start at boot time" below, and enter Sipgate's STUN server (stun.sipgate.net) under "Stun server" if you have strange audio problems. Linphone will make use of your mobile data plan by default, so either make sure you have a generous enough mobile data plan (see NOTE below about data usage), or make sure you don't make calls when you are outside WIFI coverage.
(2 - 3 minutes)

NOTE: If you have a mobile data plan, you can tell Sipdroid, CSipSimple, and Linphone to connect even over your wireless provider's data plan (3G), but *beware of potentially very high data charges*, since voip can be very data intensive. In my personal tests, a high quality codec consumes about 1MB per minute.

4) You can either use this number as your real phone number, add it to Google Voice, and make GV forward to it, even use it to activate your GV account. Finally, you can use this number to MAKE FREE CALLS TO USA AND CANADA using my other guide.

How to get a free IPKall US number (DID), and receive calls for free on it through SIP (e.g. on Android)

This guide will help you get a free US number (DID), and receive incoming calls on your Android device *for free* without using minutes on your voice plan, purely over Wifi (or data if you have a good data plan). This guide is part of my larger guide on how to make free calls to USA and Canada using Google Voice.

1) Register for a free SIP service with www.callwithus.com or with www.callcentric.com. For the purpose of this guide we shall work with callwithus as the example.

2) For callwithus, you can give them your Google Voice number as your contact number if you have one, but don't have a "real number". The number is not needed initially, it is for "confirmation of details" later on according to callwithus. I guess you can edit this number later as well.

3) Once you have the confirmation email from callwithus, note your username and password from it (they will look something like this: 234567890 and 123456 respectively).

4) Configure either your built-in SIP client (Android 2.3 and up), or download one of CSipSimple, Sipdroid, or Linphone from the market, and install it on your Android phone.

a) For Android 2.3 and up, you may choose to use the built-in SIP functionality of your device. Go to Settings->Call Settings->Accounts. Select "Receive incoming calls" (this is essential for callback to work), and then hit "Add account". Enter your callwithus username and password in the appropriate fields, and sip.callwithus.com under "Server".

b) Once you install and start Sipdroid, hit Menu->Settings->SIP Account (Line 1), and enter your callwithus username in the "Authorization Username" field, and password in the "Password" field, and sip.callwithus.com under "Server or Proxy". If you so choose, you can check "Use 3G" (see NOTE below about data usage). If you experience weird audio issues, you can also select Settings->Advanced Options->Use STUN Server, and enter stun.callwithus.com in "STUN Server name", or use the pre-supplied STUN server.

c) Recent versions of CSipSimple have "Wizaards" which can be followed to set up your SIP account easily. When when you first start it up:
- Select whether you want to be "Always available" or "Available on WiFi", depending on whether you have a generous mobile data plan or not. Also, if using your data plan, check "I'm allowed to use mobile" below.
- On the next screen, click "Add account", then choose the Generic wizard for callwithus or the Callcentric wizard for callcentric, and enter your callwithus username and password in the appropriate fields, and sip.callwithus.com under "Server".
- If you experience weird networking issues, one way audio or other issues, you can try enabling STUN, Menu->Settings->Network->Enable STUN. You can elect to use callwithus STUN server (stun.callwithus.com) or the CSipSimple provided server (Thanks for your comment, Ross).
- Finally, you if you want to use your mobile data plan (see NOTE below about data usage), check "Use 3G" in the settings.

d) After installing Linphone, when it is first run, it will do an echo cancellation calibration. After that, you will be in the SIP Account screen. Enter your callwithus username and password in the appropriate fields, and sip.callwithus.com under "Domain". You can check "Start at boot time" below, and enter callwithus's STUN server (stun.callwithus.com) under "Stun server" if you have strange audio problems. Linphone will make use of your mobile data plan by default, so either make sure you have a generous enough mobile data plan (see NOTE below about data usage), or make sure you don't make calls when you are outside WIFI coverage.
(2 - 3 minutes)

NOTE: If you have a mobile data plan, you can tell Sipdroid, CSipSimple, and Linphone to connect even over your wireless provider's data plan (3G), but *beware of potentially very high data charges*, since voip can be very data intensive. In my personal tests, a high quality codec consumes about 1MB per minute.

Once your SIP client is successfully registered, we can create an IPKall account. If you haven't already done so, make sure that you go through the settings of your SIP client, and ensure that it is set to be AVAILABLE FOR INCOMING CALLS. Every client has this option in a different place, and worded slightly differently, but you must find it.

5) Browse to www.ipkall.com and click the "*Sign up*" link.

6) Fill out the sign up form, making sure that:
- You pick an an area code you're happy with.
- "SIP username is your callwithus username (e.g. 234567890).
- "Hostname or IP address" is sip.callwithus.com
- "Email Address" is valid.
- "Password" is the password to your ipkall account, not your callwithus
account.
- You fill out the two word confirmation correctly.

7) Click "Submit", and wait for a confirmation email at your email address.

8) In the confirmation email, there will be a phone number with the area code you picked. Dialing this number will ring your SIP client provided you have enabled your SIP client for incoming calls. Ensure this works, otherwise, retrace your steps and make sure everything above was done correctly.

9) If you will now proceed to use the ipkall number in Google Voice, keep in mind that these numbers are often recycled from accounts that were deleted, and they may still be present in another person's Google Voice account. If they were used to activate the other person's GV account, you will NOT be able to use this number to activate OR forward to in your own GV account. You won't even be able to "reclaim" it for your purposes to your own GV account. If this turns out to be the case, login to ipkall here:

http://phone.ipkall.com/login.asp

with your IPKall phone number and password (from the confirmation email), hit "Cancel account", and redo steps 1 - 9. I had to do this 3 times before I got a number I could "reclaim".

10) You can either use this number as your real phone number, add it to Google Voice, and make GV forward to it, even use it to activate your GV account. Finally, you can use this number to MAKE FREE CALLS TO USA AND CANADA using my other guide.

Friday, April 22, 2011

How to convert a Linux (Ubuntu, Debian, etc.) system to a two drive RAID mirror (RAID1 or RAID10) using Linux MD

Drives are cheap nowadays, and your data is valuable. Buy a second disk, and convert your system to a RAID1 or RAID10 mirrored drive setup using Linux software RAID (MD). I've done this procedure on Debian Squeeze 6.0 and on Ubuntu Lucid Lynx 10.04, but it should work with slight modifications on any modern Linux distribution like Fedora, Gentoo, Slackware, etc.

If you are in a position to make a fresh installation instead of converting, perhaps you are looking for my guide on making a fresh installation of Linux/GNU on a mirror.

Alignment issues are outside the scope of this document, so if you are planning on mixing disks with 512 and 4096 blocks, my guide won't be of help resolving any performance issues.

Also, please note that recently, I discovered that if you have a GPT disk label (rather than the "usual" msdos disk label), this procedure is somewhat more complicated. I'd have to write a separate guide on how to convert such a system. To find out what your disk label is, run parted on your primary drive, and use the "print" command, e.g. if your primary drive is /dev/sda:

sudo parted /dev/sda
print

Look for the line that reads "Partition Table:", and if it says gpt rather than msdos, do not proceed. Generally speaking GPT is used on drives of size 2TB and larger.

If your system is using GPT indeed, consider making a fresh installation with my guide on making a fresh installation of Linux/GNU on a mirror.

0) Prerequisites:
- A working Linux installation that you want to convert to use a mirrored system drive.
- Mdadm and Grub v2 installed on your hard drive installation (mdadm and grub2 packages in Debian/Ubuntu) .
- A second drive of the same capacity as your system drive. If you are in a tight spot and have to make do with drives of slightly different capacity, instead of picking the new drive to make the mirror on in step (3), pick the old drive, and skip to step (6). In step (7), make enough space at the end of the drive so that the data would fit on both drives and still have enough left over for the md superblock. Finally, in step (9), make sure you add the "--size" parameter to mdadm to tell it not to use the entire device. Make careful calculations so that your choice of "--size" would work for both drives. Also, keep in mind that in this case, you are working on your main drive and not on a backup.
- If you have two drives of different capacity, see my example at the end of this guide for a rough idea on how to proceed.

1) Boot into a LiveCD that preferably matches your hard drive installation, like Ubuntu 10.04.

2) Turn off swap in case the LiveCD discovered and started using a swap partition on your system drive.

sudo swapoff -a


3) Let's say your system drive is /dev/sda and your new drive is /dev/sdb, and the drive capacities are the same (see step (0)).

4) Make a "backup" copy of your system drive:

sudo dd if=/dev/sda of=/dev/sdb bs=1024k

5) If you are bored, you can monitor the progress of dd by running this command, which will make dd issue progress information:

sudo killall -SIGUSR1 dd


6) When done copying, you need to make a bit of space at the end of the drive for the md superblock, so run gparted on the drive what you wish to start the mirror with. For instance, let's say you've decided to start the mirror with the new drive first, and then add your original drive to the mirror:

sudo gparted /dev/sdb


7) Shrink the last partition on your drive (the right-most one) by anything more than 128 kilobytes. Let's say 8MB to be absolutely safe. If you are using an msdos label, don't forget that if the last partition is a logical partition (i.e. lives within an extended partition), you need to shrink the extended partition that houses it as well. First shrink the logical partition, THEN, the extended partition. To shrink partitions, right click on them and select Resize. To right-click on an extended partition is tricky, as you have to click on a very narrow strip of pixels at the edge of the box that represents your drive. Click apply, and wait for all operations to complete.

8) Make sure md is installed in your LiveCD, and load the md module:

sudo apt-get update
sudo apt-get install mdadm
sudo modprobe md_mod
sudo modprobe raid10

9) Create the array. I decided to make a RAID10 array instead of a RAID1 array, which gives me faster sequential reads, but amounts to the same thing in terms of data replication. RAID10 with two drives and "n2"
layout provides you with two identical drives with normal layout. See "man mdadm" for information on what each option below means.

sudo mdadm --create
--metadata=1.0 /dev/md0 -l10 -pn2 -c512 -n2 /dev/sdb missing
You should see output that reads something like "mdadm: array /dev/md0 started."

If you want a RAID1 mirror, then the line above is simpler:

sudo mdadm --create --metadata=1.0 /dev/md0 -l1 -n2 /dev/sdb missing


10) Depending on what LiveCD you are using, you may or may not already have the partitions on /dev/md0 detected. If you do, you should see devices like /dev/md0p1, etc. If you don't, you can try some of these
ways to make them appear:

sudo mdadm --assemble --scan
sudo udevadm trigger
sudo mdadm-startall


11) Once you see the partitions, mount your root partition (mine was /dev/md0p5):

sudo mount /dev/md0p5 /mnt

Also, if you have a separate /boot, /usr, and /var, mount those too:

sudo mount /dev/md0p1 /mnt/boot
sudo mount /dev/md0p7 /mnt/usr/
sudo mount /dev/md0p8 /mnt/var/

12) Edit your fstab, and change the entries that read either UUID=XXXXXXXXX or /dev/sdaN to /dev/md0pN. In other words, you need to make sure your system will not decide to use the raw devices underlying /dev/md0, but the mirror itself. If your device is indicated by a UUID, then hopefully there is some indication what the device name used to be at installation time in a comment. For example, where the device used to be /dev/sda1, it should now read /dev/md0p1

13) Save your array into /etc/mdadm/mdadm.conf, and rebuild your initrd in order to make sure the array gets assembled at boot time, and under the correct name (e.g. /dev/md0 instead of /dev/md_d0).

sudo chroot /mnt

mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev

apt-get update
apt-get install mdadm
mkdir -p /etc/mdadm/
mdadm --examine --scan > /etc/mdadm/mdadm.conf
update-initramfs -c -k all


If you get complaints that initrd is custom, you can force update-initramfs totake over the custom initrd with these options instead:

update-initramfs -ut -k all


DO NOT EXIT CHROOT YET!!

14) Configure and install grub v2 into the MBR of the mirror. For Ubuntu 10.04, it was trivially easy to do. First we make sure that Grub v2 is installed.

sudo apt-get install grub2 # Just in case the prerequisite was not satisfied.


Next, edit /etc/default/grub, and *uncomment* the line that reads "GRUB_DISABLE_LINUX_UUID=true".

grub-mkconfig > /boot/grub/grub.cfg
grub-install --recheck --modules="raid" /dev/md0


15) Reboot into your disk installation, but make sure you are booting off /dev/sdb, on which the mirror lives now. To do so, you can usually call up a one-time Boot menu with one of the F-keys (like F8) on many
systems. Otherwise, modify the necessary BIOS settings to do so.

Once you're in, you can add /dev/sda to the array that was created in steps 1-16 above.

sudo mdadm --add /dev/md0 /dev/sda

17) You can watch the process of resyncing the drives with:

watch cat /proc/mdstat


================================
Example of two 80GB drives of slightly different capacity, and how I dealt with them:
================================
[ 2.272122] sd 0:0:0:0: [sda] 156301488 512-byte logical blocks: (80.0 GB/74.5 GiB)
[ 2.441572] sd 2:0:0:0: [sdb] 156250000 512-byte logical blocks: (80.0 GB/74.5 GiB)

Using gparted, I shrunk the last partition by 32MB, and using fdisk, determined it ends at block 156232124. Then I used --size=78116352 with mdadm to make the mirror fit on either drive.

The kibibyte value I gave to --size was arrived at thus: 78116352=((156232124+580)*512/1024)

The value 156232124+580=156232704 was arrived as the smallest amount of 512byte blocks that gave me a round value in kibibytes (bytes/1024).

Tuesday, December 28, 2010

How To Tether Your Samsung Gravity 2 to Wind Mobile on Ubuntu Lucid Lynx Linux 10.04 LTS

The following instructions will probably work with any modern Linux distribution like Fedora, Kubuntu, Xubuntu, or any other distro which has network-manager and a mobile-broadband-provider-info package.

If you don't meet these requirements, or these instructions don't work out for you, see below for the instructions for connecting with wvdial on any Linux distro (not as user friendly).

You can also probably use these instructions to tether to Mobilicity, or other providers with some modifications.

I) Graphical User Interface Instructions using Network Manager:

0) Make sure your computer is not connected to the Internet via any other method like an Ethernet or Wireless connection.

1) Acquire a cable for your Samsung Gravity 2. In Toronto, I bought mine from "GTA Wireless" near College and Spadina, but their official price is $15, which is a tad high. Other stores in the area may have it too - call ahead of time to make sure. Also a cable can be purchased for far cheaper online on (for example) from http://www.amazon.ca/marketplace

2) Connect your Samsung Gravity to a USB port on your computer.

3) Left-click on Network Manager applet (top right corner).

4) Select "New Mobile Broadband (GSM) Connection...".

5) Click "Forward"

6) Select Canada, and click "Forward"

7) Select "WIND Mobile" from the list, and click "Forward"

8) In the next two screens, just click "Forward", and then "Apply"

9) If you would like for the connection to be established automatically,
- Right-click on the Network Manager applet
- Select "Edit Connections"
- Select "Mobile Broadband"
- Edit the "WIND Mobile Default" connection
- Make sure the "Connect automatically" check-box is checked.

II) Command-line instructions using wvdial:

0) Make sure your computer is not connected to the Internet via any other
method like an Ethernet or Wireless connection.

1) Create a /etc/wvdial.conf file, and paste the following in it:

[Dialer Defaults]
Init1 = AT+CGDCONT=1,"IP","internet.windmobile.ca"
Modem Type = USB Modem
Phone = *99#
ISDN = 0
Password = *
New PPPD = yes
Username = *
Modem = /dev/ttyACM0
Baud = 460800


2) Run wvdial with ROOT PRIVILEGES, e.g.:

sudo wvdial


This should be all that is necessary.

Tuesday, July 21, 2009

Sipdroid, Csipsimple, Linphone + Google Voice Callback FREE = Free Calls to USA and Canada, and cheap calls to the world

This guide explains how to make FREE calls to North America, and receive calls made to your Google Voice phone number. It takes about 20 minutes to complete, and in the end you get free incoming and outgoing North American calls on your Android phone over WiFi or 3G if you have a good mobile data plan, wherever you are in the world. Calls to your Google Voice number will ring your Android phone, and outgoing calls to USA and Canada are free.

Over WiFi, all of this does not involve your carrier, goes entirely over the Internet, and can be done WITHOUT a SIM card or a calling plan subscription in the case of CDMA. Basically, this gives you a phone number, and unlimited calling in North America with a data-only plan, or even without any cell phone plan (as long as you have WIFI coverage). You also get call-waiting, caller ID, and Voice Mail totally free. You can imagine the possibilities!

If you plan to use this outside the United States, and you are in the States, set this up BEFORE you leave, as it makes setting up the Google Voice account easier. If you are outside the States, look for other guides that cover how to set up Google Voice from outside the USA (you need a US IP address).

As a prerequisite to this guide, you need to either follow my guide for getting a free Sipgate number OR follow my guide for getting a free IPKall number..

SETTING UP:
1) Sign up for a Google Voice account if you don't already have one.

2) Follow ONE of my guide for obtaining a Sipgate number OR guide for obtaining a free IPKall number. Make a note of your Sipgate or IPKall phone number. Let's call this your FW number.
(5 - 10 minutes)

3) Add and confirm your FW number in Google Voice, and tell Google Voice to forward to this number when it receives calls (important). If you've followed one of my two guides in step (2), then your phone is ready to receive the confirmation call from Google Voice (for your FW phone).
(3 - 5 minutes).

4) Download the Google Voice Callback FREE app by Xinlu from the Android market on your phone, and set it up with your Google Voice account. Please note that the official Google Voice application is not capable of doing what this guide describes. Once you launch GV Callback, you will need to go through a set-up process.

a) Enter your Google Voice username and password on the first screen.
b) For your callback number, from the list, select the "FW number" you set up in step (2) above.
c) On the third screen, select whether and when you want to do callback, and for your convenience, you can even add a homescreen shortcut to toggle callback.
d) Click "Done".
(2 - 3 minutes)

5) If you are using Sipdroid, optionally you can make Sipdroid use another ringtone in the advanced settings, in order to distinguish incoming SIP calls from incoming regular cell phone calls.
(0.5 - 1 minute)

NOTE: If you have a mobile data plan, you can tell Sipdroid, CSipSimple, and Linphone to connect even over your wireless provider's data plan (3G), but *beware of potentially very high data charges*, since voip can be very data intensive. In my personal tests, a high quality codec consumes about 1MB per minute.

TESTING YOUR SETUP:
1) Make sure that the built-in SIP, Sipdroid, CSipSimple or Linphone is registered to whichever service you picked in step (2) above. For the built-in SIP, it should read "Receiving calls" under your SIP accounts in Settings->Call settings->Accounts. For the other apps, you can check the top-left corner of your screen. For Sipdroid, there should be a green dot there. For CSipSimple, there is a black icon that has a phone handle and "ip" in it. For Linphone, there should be an orange icon there.

2) Now, we make sure Google Voice Callback FREE is forwarding to your FW number (see step 2) properly. First of all, make sure that in the Google Voice settings, you have disabled forwarding to your cell phone (Thanks for your comment, Kristin). Now, call your Google Voice number and see if your cellphone rings through the SIP application (for Sipdroid, the call icon should be teal in color, *not green*). If you performed step (5) above, you should also hear the different ringtone now. You can pick up the cell phone to make sure audio works both ways by talking to yourself (sounds crazy, I know!).

At this point if you are wondering why you did all of this, here it is. If you dial a number through GV Callback, which we installed in step (4) above, you get an alternative Dialer, Contacts, etc. To cut things short, let me outline how to make a free incoming and outgoing calls to the USA and Canada.

MAKING OUTGOING CALLS:
0) If you have installed the toggle widget on your desktop, flip it to enable Google Voice Callback.

1) Select a contact your contacts, and call that contact. If you haven't configured Google Voice Callback FREE to always do callback, you will be presented with a dialog asking you how to complete the action. Select "Use Google Voice Callback".

2) Instead of the expected outgoing call, you should receive an *incoming* call from your Google Voice number. This happens because we set the callback number in GV to your "FW number" in step (4) above. Pick up this incoming call.

3) At this point, Google Voice's servers call the contact that you selected and bridges the two calls (the one to you and the one to your contact).

RECEIVING INCOMING CALLS:
1) For the purposes of this guide, please make sure that in your settings, Google Voice is *only* forwarding to your FW number. When everything is working, you can experiment with forwarding to other numbers as well.

2) When you have data coverage, and your SIP application is able to receive calls to your FW number (see the guides in step 2), if somebody calls your Google Voice number, you will receive the call through SIP, through data, free of charge, daytime minutes, roaming or any other such nonsense.

If using WiFi, don't forget to stay within wifi coverage during a call, since the incoming call is coming over the Internet. Most importantly, this works with your SIM card removed, or with a SIM card from any country in your phone! Try it if you don't believe it!

Long distance to destinations other than USA and Canada will charge your Google Voice credit, which can be recharged any time. Also, the Google Voice rates to worldwide destinations can be accessed by clicking "Rates" near where your balance is displayed in your Google Voice account (lower left).

This guide should work even if you are outside USA, as long as you already have your Google Voice account set up. For users outside USA, use any one of hundreds of guides to set up your GV account.

Enjoy, and please post your experiences!