Debian/Ubuntu and MacOS X. Sharing files using netatalk


If you are trying to share files using a fast protocol (that’s not samba) which fits into debian and MacOS you should install netatalk package.

You will find the trap only if you are using netatalk from the usual Debian apt-source and if you have altered MacOS X default to do not use clear text passwords.

You’ve 2 solutions:

  • MacOS X won’t connect to the Debian Linux server, just saying that the access name or password wasn’t right, but has never asked for one. Just enable clear text passwords in MacOS X when you connect to an afp server and it will work like a charm.
  • OpenSSL support is currently disabled, because of licensing issues: The Free Software Foundation and Debian consider the GNU General Public License (GPL) under which Netatalk is licensed to be incompatible with the OpenSSL license.You can build locally with OpenSSL using the following commands

Using netatalk you can use any Debian server as a time machine backup, just read some manuals to know how.

Quick reference

To be up to date, look into /usr/share/doc/netatalk/README.Debian
usuario@LOCAL:~/$ sudo aptitude install devscripts
usuario@LOCAL:~/$ sudo aptitude build-dep netatalk
usuario@LOCAL:~/$ apt-get source netatalk
usuario@LOCAL:~/$ cd netatalk-*
usuario@LOCAL:~/$ dch -l +ssl -D local –force-distribution “Local build with OpenSSL.”
usuario@LOCAL:~/$ DEB_AUTO_UPDATE_DEBIAN_CONTROL=1 DEB_BUILD_OPTIONS=openssl debuild -us -uc
(You my need additional build-dependencies not resolved automatically.)
usuario@LOCAL:~/$ dpkg -i ../netatalk*.deb

Alternatively you can subscribe to unofficial(!) precompiled packages by adding the following to your /etc/apt/sources.list:

usuario@LOCAL:~/$ cat /etc/apt/sources.list
#where following $DIST=stable, testing, unstable, wheezy, …
#look into to know which one are available
deb $DIST netatalk

Here are my config files

usuario@LOCAL:~/$ cat /etc/netatalk/afpd.conf
# default:
# – -tcp -noddp -uamlist, -nosavepassword
– -transall -uamlist -nosavepassword -advertise_ssh
usuario@LOCAL:~/$ cat /etc/netatalk/AppleVolumes.default
# The line below sets some DEFAULT, starting with Netatalk 2.1.
: DEFAULT: options:upriv,usedots
/PATH/TO/MY/disk MYDISKNAME allow:myselecteduser cnidscheme:dbd options:usedots,upriv
# End of File

Links and references

Debian Tip. Purge Removed Packages

Some packages are not *totally* removed when you select them for removal in Debian &Co. They usually left some user customized info, etc. That’s why you should totally remove them, or in Debian world, purge them

dpkg -l |awk ‘/^rc/ {print $2}’ |xargs sudo dpkg –purge

Change trash IMAP folder in Mozilla Thunderbird (Icedove in Debian)

  1. Exit icedove (thunderbird)
  2. Insert a line like the code attached next into “prefs.js”, with the correct server# and correct name for the Trash folder:
  3. Start icedove (thunderbird)

enrgar@jack-sparrow:~$ emacs .mozilla-thunderbird/0w697id6.default/prefs.js

user_pref(“mail.server.server6.trash_folder_name”, “[Gmail]/Trash”);

References and links

Compact a VirtualBox Window$ Guest on Debian

If you run Window$ as a virtual machine in a dynamically expanding storage within Debian/Linux using VirtualBox, maybe you’re interested in compact the VDI to save space.

First, you need to download the SDelete application from the Sysinternals web site and extract the zip file in your Window$ drive.
From a command prompt (Start/Run and type ‘cmd‘ to open a command prompt) move to the directory which contains the “sdelete.exe” file and type the followind command:

scdelete -c C:

Shutdown your Windows Guest Machine after fill with zeros the free space in the disk with the previous command and type the following commands from a terminal replacing “MACHINE.vdi” with the name of your VDI:

enrgar@jack-sparrow:~$ VBoxManage modifyhd –compact MACHINE.vdi

Adding as mental note.


Debian Eeepc 901: Mount SD card as part of root filesystem (like /var)

Back again? Time will answer.

Beginning September I couldn’t wait any longer and I decided to buy an eeepc 901. As one of those mobility and digital-ubiquity believers I am. Of course this acquisition will worth an article.
But what I want to explain right now is that today I’ve finally fixed one of those horrible errors that gets your frustration arise because you don’t find a good (google) search pattern or any valid solution.

My main problem

Previous acquisition phase there is always a documentation phase. There I found that Solid States Disk (SSD), in their firsts versions suffer from a write limit.
As I’m skeptical and ignorant in this hardware topic I “believe and panic” about it.

Solving the problem

Solving the write limit problem had a easy solution, a SD card where most often written/modified files will live. That means putting /var on that card-disk. That’s easy, just a simple move and link.
But what you don’t expect is that SD reader gets detected after mounting file systems which brokes boot sequence. If you have this kind of bad boot sequence, you have to re-init from command line after mounting by hand.
You should be having a message that looks like “Enter root pass for maintenance or enter crtl+enter to continue”

Remount and reinit by hand

root@miniyo:~$ runlevel (to know which runlevel you are)
N 1
root@miniyo:~$ mount /dev/YOUR SD CARD some-options
root@miniyo:~$ init 2 (as a common example)

Getting things donde, but properly

We have to regenerate our init kernel, so it loads usb devices as soon as posible.
Of course SD reader is connected through USB internally in eeepc

This is how my “pre kernel loading” modules file looks like now that everything works.

user@miniyo:~$ cat /etc/initramfs-tools/modules
# List of modules that you want to include in your initramfs.
# Syntax: module_name [args …]
# You must run update-initramfs(8) to effect this change.
# Examples:
# raid1
# sd_mod
enrgar@miniyo:~$ update-initrafms

References and links

Howto to intercommunicate processes in different(remote) machines through DBus


In this post I’m going to try to connect two processes in different machines through DBus. The method is a little bit complex, so be patient if you try.
Also is to advert that this has been the result of 3 days of tests (reference1). So maybe this method may be improved with time and use reference2.

Tools (The actors)

  • dbus
  • gabriel
    • socat
    • libssh
  • ssh
  • your apps

Debian official packages are dbus libssh-2 socat
gabriel is not part of Debian yet (but I’ve build one for myself)

Knowledge (Actors curriculum)

In this section I will describe the basics about the tools we are going to use.

DBus. Extracted from DBus page:

D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a “single instance” application or daemon, and to launch applications and daemons on demand when their services are needed.

D-Bus supplies both a system daemon (for events such as “new hardware device added” or “printer queue changed”) and a per-user-login-session daemon (for general IPC needs among user applications). Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). Currently the communicating applications are on one computer, or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories.

Gabriel is a simple utility to enable D-Bus clients to connect to a D-Bus daemon running on a remote machine, through SSH.
This is the main piece of this puzzle. If you are interested in understanding how it works you should take a look at socat and libssh. As I’ve had to take a look at code, and make some modifications, you should read it as a punishment.

Extracted from socat man page:

socat – Multipurpose relay (SOcket CAT)
socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes. It might be one of the tools that one ‘has already needed´.

Libssh. Extracted from libssh page:

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).

You should know about ssh and about your application.


Local host will run gabriel and your application.
Remove host will need a running ssh server, a running dbus server and will need socat installed and ready to use.
We need to run gabriel, that will act as a server that will connect our host to the remote host through SSH. After that gabriel will use this SSH connection to intercommunicate our local application with remote DBus applications by using socat.

Remote DBus communication Architecture
Remote DBus communication Architecture

Howto (Main action)

At the moment I’ve only achieved to connect a process using session-bus, I’m still testing until I get connection through system-bus which was my initial purpose.
After reading next information, you will be able to connect using session bus and system bus.

As I commented somewhere else, I’ve made some modifications on gabriel code. I needed some common parameters as SSH port (my virtualbox testing environment ), better help explanations or add a verbose output.
Gabriel establish a connection with the remote ssh and by socat commands it communicates with the remote DBus “environment”. You should administrate ssh parameters and Dbus parameters to gabriel.

We have to put special attention to -d, –bus-address=BUS_ADDRESS because this info must be gotten from the REMOTE machine.
That address is the one used by processes to communicate through DBUS. It’s something “internal” and automatically done when you use DBus api/library. I’m going to show you where to get it.


Again, this info should be gotten from REMOTE machine.
At the moment I don’t know any nice command where to get this info.
We have two main options of DBus buses. System and Session (more info in DBus page).
If you need SESSION bus address, you can choose what it better fits you:

  • You can can get it from process environment
  • You can stole it from any other process suspicious from being involved in DBus activities…
  • You can create your own dbus-daemon (which, actually, I don’t know if it uses it’s own BUS_ADDRESS)

If you need SYSTEM bus address, you can choose what it better fits you:

  • You can can get it from process environment. If it’s not defined, take a look at /etc/dbus-1/system.conf where you should locate a string like <listen>unix:path=/var/run/dbus/system_bus_socket</listen>
  • You can stole it from any other process suspicious from being involved in DBus activities…


This command gives you a dbus-daemon in your session with the one you can contact.

Howto (Main action): Back to local host

Those ugly unix:stri:ngs/asdkaj/numbers we have seen is what we need for -d, –bus-address=BUS_ADDRESS.
See a session example:

See a system example:

The moment we have or gabriel server running we (may have nothing) need to set DBUS_XXX_BUS_ADDRESS. Many apps would use, or have, this environment variable to connect to a DBus instance and intercommunicate with other process.
This is is easy, DBUS_XXX_BUS_ADDRESS should be the address gabriel shows few instants after being launched.
When we have defined this environment variable (in command line) we can execute our app, and it will happily communicate with the remote DBus world.

dbus-browser is a program that uses a session bus.

Curiosity: DBus protocol messages interchanged

Modifying a couple of lines in gabriel can let you see DBus raw protocol messages. It’s a didactic info.
If you enable verbose code at least at level 2, you will get raw DBus protocol messages.

My modifications and hacks

Code will be publish under GLKM project page.

Links and references
  • dbus site
  • gabriel site
  • socat site
  • libssh site
  • reference 1. (informational note, it had implied jumping into gabriel, libssh, and dbus code and testing with a virtualbox machine)
  • reference 2. (personal note, take a look at “Securing traffic between two socat instances using SSL” article in socat page)

Allowing DISPLAY needed apps in remote machines on local machines to root user using ssh and xauth


(As you can read in xauth man pages…)
The xauth program is used to edit and display the authorization information used in connecting to the X server. This program is usually used to extract authorization records from one machine and merge them in on another (as is the case when using remote logins or granting access to other users). Commands (described below) may be entered interactively, on the xauth command line, or in scripts. Note that this program does not contact the X server except when the generate command is used. Normally xauth is not used to create the authority file entry in the first place; xdm does that.

xauth to root user

Para permitir que todo funciones de forma óptima y ssh realice automáticamente la parte responsable de securizar flujos de datos (gráficos y textuales) hay que modificar primero el servidor SSH de la máquina remota (fichero /etc/ssh/sshd_config). Activaremos las dos variables indicadas. Activar estas opciones conllevan ciertos riesgos de seguridad.

X11Forwarding yes
AllowTcpForwarding yes

Ahora basta con conectarnos usando la opción -X (X11 forwarding) y -Y (X11 trusted forwarding) del cliente SSH. En Debian -Y es una opción que funciona por defecto si no se especifica nada en otro sitio (~/.ssh/config, /etc/ssh/ssh_config).

usuario@LOCAL:~$ echo $DISPLAY
usuario@LOCAL:~$ ssh -Y usuario@maquina-remota
Linux maquina-remota 2.6.18-3-686 #1 SMP Mon Dec 4 16:41:14 UTC 2006 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
No mail.
Last login: Mon Mar 5 03:55:53 2007 from XX.XX.XX.XX
usuario@maquina-remota:~$ echo $DISPLAY
usuario@maquina-remota:~$ xlogo
[Por pantalla se muestra una ventana con el logotipo X]
usuario@maquina-remota:~$ exit
Connection to XY.XY.XY.XY closed.

WHYFLOSS Madrid Conference 08


En los días 8 y 9 del mes de Mayo se celebrará la cuarta edición de la WhyFLOSS Conference, con entrada libre y gratuita.

Con un importante apoyo de la Escuela de Informática de la Universidad Politécnica de Madrid, Campus Sur se presentarán conferencias variadas entorno a las tecnologías abiertas de IT.

Estarán colaborando en la IV edición del evento compañí­as como SUN, Red Hat, OpenBravo, Andago, SIE, Liferay, Opentia, Monolabs, Accenture, Avanzada7 y universidades como la UPM y la URJC, así­ como comunidades de proyectos como LibreSoft, OpenSolaris y FFII.


El evento se realizará en la Escuela de Informática de la Universidad Politécnica de Madrid. Se encuentra ubicada en el Campus Sur de la UPM en la carretera de Valencia Km. 7 en la Ciudad de Madrid (España).
Información de localización de la Whyfloss Madrid 2008



Inauguración WHYFLOSS Conference 08.
Alejandro Sánchez Acosta, Neurowork

Open-Cities: el reto de la administración electrónica
Guillermo Pastor, Ándago Ingeniería S.L.

VII Programa Marco en la UE: FLOSS Include y FLOSS Metrics
Jesús Gonzalez Barahona, LibreSoft

Modelos de negocio basados en Asterisk (la plataforma de VoIP basada en Software Libre)
Juan Ignacio Cabrera, Avanzada 7

Clustering Computacional en CSIC
Raul Diaz Medina, Sistemas Informáticos Europeos S.L.

Descanso para comer

La implicación de la FFII en los estándares abiertos en Europa
Alberto Barrionuevo, Presidente de Foundation for a Free Information Infrastructure (FFII) / OPENTIA, S.L.

Caso de exito OpenSolaris en Accenture
David Galan Ortiz, Accenture Outsourcing

¿Es viable el software Open Source en la Industria? El caso de Red Hat Linux y JBoss
Jesús González de Buitrago, Red-Hat


Evolución e influencia del Software Libre en los 10 últimos años
Juantomás García, Monolabs

Liferay Enterprise Portal: The project, the product, the community and how to extend it
Alvaro del Castillo San Félix, Liferay Inc.

Openbravo: las claves del éxito del desarrollo en las aplicaciones en software libre
Representative, OpenBravo Inc

Rocks: Distribucion para clusters computacionales
Jesús Espino García, Sistemas Informáticos Europeos

Descanso para comer

Seguridad en OpenSolaris
Victor M. Fernandez, SIA / OpenSolaris Hispano

Django: Framework MVC en Python
Jesús Espino García, Sistemas Informáticos Europeos

Notas personales (idem a la pasada edición):

  • He de decir que conozco al organizador principal.
  • Yo voy
Referencias y enlaces