Force an application to use VPN, using iptables in Linux

Enforcing an application, for example a torrent client like Transmission, to always use the VPN interface or any particular network interface for that matter, is trivially simple using iptables on Debian, Ubuntu or any other GNU/Linux distro.
Personally, I am running Debian Sid on the Raspberry Pi. Occasionally I use it for downloading files ( legal stuff, seriously, believe me :D  ) using Transmission Bittorrent client over a VPN connection. Sometimes it happens that the VPN connection fails and doesn't reconnect for whatever reason and Transmission continues pulling stuff directly over my internet connection, which I would like to avoid. Fortunately it is very straightforward to enforce rules based on application owner UID. Transmission runs under the owner debian-transmission in Debian (use htop to check this) and the following two lines of iptables ensures that any process with owner having UID, debian-transmission, will not use any other network interface apart from the OpenVPN tunnel interface tun0

pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission -d 192.168.0.100 -j ACCEPT
pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission \! -o tun0 -j REJECT

The first line ensures that, my Mac-mini having IP address 192.168.0.100 on the lan, can always access the web interface of transmission. The second line makes sure, no outgoing traffic can leave via anything other that tun0. 
Peace of mind restored, thanks to iptables.

Intel 520 SSD upgrade on unibody Mac Mini - mid 2011

With the SSD prices dropping significantly in last few weeks, I couldn't resist the temptation to open up my Intel Mac Mini (unibody mid 2011 model) and pop in one.
Although, Apple prohibits users to upgrade anything apart from the RAM, I love voiding warranties. Apple uses a proprietary connector to hook up the SATA disk. Fortunately the people at Other World Computing and iFixit are selling DIY second hard disk installation kit with nicely made video tutorials. iFixit, was showing out of stock, which made my task of choosing, whom to order from, much easier. For the SSD I went with 240 GB one from the trusted and reliable Intel 520 series.

Some, Mac users were cursing at SSDs from other brands at various forums, though it wasn't very clear whether the problem was with the competence of the SSD manufactures in making their products compatible with Apple (or vice versa) or with the incompetence of the users performing the DIY upgrades! Anyway, most were satisfied with this particulars series, so I just decided to play safe. 

 The video tutorials from both the sites are pretty comprehensive, so I am not bothering to add any more jabberings! Just dumping some pics that I had taken during the process!

Back to, having fun with 8bit AVRs

Being the kind of jobless tinkerer that I am, I have again resumed fiddling with my all time favorite toy - the 8bit Atmel AVR microcontrollers. No matter how much I play with these little beasts, they never stop amazing me. I had spent a large part of my spare time in college, having fun with these, making all kinds of stuff starting from usb controlled desk lamp to full fledged webserver showing my current room temperature and ambient light levels. Not being an out-of-the-box genius, I did spent a HUGE amount of time, rummaging through the web, looking for whatever relevant information I could find!

And then after finishing college, I moved to a different country and had to leave behind all my handmade stuff :(
There was a brief period of time, almost a year, during which I focussed on other things and most of my  hobby electronics work went into nirvana. Not that I was completely detached from fiddling with electronics. My PhD experimental work, ensured that I had my regular dose. There was a continous barrage of broken electronics ranging from aom drivers to microwave generators to power supplies and what not in the lab, that I was fixing or atleast trying to fix.

And then on one fine day, came the opportunity to have some fun with my old toy. There was an electro-mechanical optical switch in the adjacent lab, that had to be remotely operated. Functionally it was just a bunch of tiny reed relays, with mirrors glued to it, that directed light from one fiber to another. The relays were hooked up to a National Instruments USB Digital I/O card. In order to make it remotely operable, someone tried hooking up the USB board to an el-cheapo Network USB hub (some generic Chinese equivalent of this), but the NI DAQmx drivers weren't so cooperative and the device refused to work.

...and I got the long awaited excuse to fiddle with the AVRs. Emulating low speed USB protocol purely in software in AVR, is trivially easy, thanks to the hard work of these guys (oops, now feminists please don't come after me, I seriously haven't come across any girls in the forums, would be very much interested to meet any :D ). Spending a couple of hours on a lazy Saturday afternoon, I came up with this

using a ATTiny2313 lying around. Shamelessly copied the code from http://www.obdev.at/products/vusb/powerswitch.html, made some modifications to suite my purpose and voila, the thing worked like a charm, even over the el-cheapo network usb hub. Spending a few minutes, looking at the client side code written using libusb, it wasn't too hard to cook up something using NI VISA to communicate with the "fake USB low speed device" without using libusb. Not that I  am a big fan of National Instruments (not that I dislike their products either :D ), but my prof demands Labview compatibility for every piece of sh*t in the lab, so I didn't have much of a choice here anyway.

Going through this whole thing, I realised I don't have much of something called "memory" in my brain. Even though I had played with AVR MCUs a lot, after just a year of break, most of the info seemed to have had dissipated away from my brain. While doing this, I was literrally re-inventing the wheel at every step. I feel a dire need to avoid googling for the same information over and over. This time I am going to document everything on my blog!

Raspberry Pi -- Installing Samba (Windows Share) File server

Having successfully run Debian Wheezy on my Raspberry Pi, I went forward with my initial idea of setting up a low cost power efficient file server for accessing my external hard disks from my Windows7 desktop, HP-Mini running Ubuntu and Mac Mini running OS X Lion (yeah I do like bragging about my machines :D ).

This turned out to be pretty straight forward.

As expected, the external Seagate USB disk immediately got recognized and appeared as /dev/sda

[  579.948350] usb 1-1.2: New USB device found, idVendor=0bc2, idProduct=3001
[  579.948384] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.948405] usb 1-1.2: Product: FreeAgent
[  579.948421] usb 1-1.2: Manufacturer: Seagate
[  579.948447] usb 1-1.2: SerialNumber: 2GEX323R
[  579.967638] scsi0 : usb-storage 1-1.2:1.0
[  580.970520] scsi 0:0:0:0: Direct-Access     Seagate  FreeAgent        102D PQ: 0 ANSI: 4
[  589.142942] sd 0:0:0:0: [sda] 1953525168 512-byte logical blocks: (1.00 TB/931 GiB)
[  589.144669] sd 0:0:0:0: [sda] Write Protect is off
[  589.144717] sd 0:0:0:0: [sda] Mode Sense: 1c 00 00 00
[  589.146298] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[  589.171762]  sda: sda1
[  589.180680] sd 0:0:0:0: [sda] Attached SCSI disk

Next step is to create a mount point

pi@raspberrypi ~ $ sudo mkdir /media/terradisk

Add the correct entry to /etc/fstab (edit this with your preferred editor)

pi@raspberrypi ~ $ sudo vim /etc/fstab

So that it looks like the following,

And mount it

pi@raspberrypi ~ $ sudo mount -a

The new usb drive should now show up

Next install samba,

pi@raspberrypi ~ $ sudo apt-get install samba samba-common-bin

Once finished, open the samba configuration file

pi@raspberrypi ~ $ sudo vim /etc/samba/smb.conf

and edit as follows.
In the Authentication section, uncomment

   security = user

and add the following section in the end

[SamDataDump]
comment = Data Dump on Sam Raspberry Pi
path = /media/terradisk
writeable = yes
guest ok  = no

Remember to change

[SamDataDump]

with the share name you want and

path = /media/terradisk

with the path to wherever you mounted your external disk.
Add the smb password for the default pi user

pi@raspberrypi ~ $ sudo smbpasswd -a pi

Set permissions so that pi user can access the share,

pi@raspberrypi ~ $ sudo chown -R pi:pi /media/terradisk/

Restart samba

pi@raspberrypi ~ $ sudo /etc/init.d/samba restart

And done!
Try accessing the share,

 And it works!

Running Debian on Raspberry Pi (and SD card woes)

After waiting for nearly 3months, I finally got my Raspberry Pi last week from Element14. Plan was to set it up as a file server for network enabling my external hard disks.

Debugging setup

Attempts to use a SandDisk 8GB Class 10 Extreme SD card and Debian Squeeze image, following the instructions here, were completely futile. Tales of my woes and subsequent hardware level debug attempts can be found in this thread.
Plugging in the card and attempting to boot the RasPi failed miserably initially.

Damn ugly pull up resistors on the
SD IO lines

Implementing the pull-up resistor hack suggested by jhasler, resulted in a fugly looking but partially working RasPi. It was atleast attempting to boot now, although it was throwing up a kernel panic immediately after loading the kernel.

After loading kernel card drivers

SD DAT0 line, before kernel is loaded.

Probing the SD card IO lines with a high BW scope, revealed some glaring anomalies. The SD Clk speeds up and the pulses on the SD DAT lines become terribly distorted once the kernel mmc driver is loaded. Apparently the kernel driver is pushing things outside the hardware specs of the RasPi. Hopefully this will be addressed in the future firmware or patched kernel releases.

Anyway, finally had great luck with a 4GB SanDisk Class 4 SD card and the 2012-06-18-wheezy-beta image. It immediately booted up and within a few seconds, I was greeted by the friendly raspi-config menu similar to the one below, which lets the user configure the GPU memory share, KB layout, locale and a few other useful stuff.

raspi-config menu inside a ssh session.

A few simple choices and finally I get the much awaited Debian login prompt!

For powering the RasPi I was initially using my Nokia 5800 (yes I am still using this pre-historic phone!) micro-usb cable connected to my desktop but later on replaced it with a Belkin powered usb hub.

RasPi powered by Belkin USB Hub.

One of the downstream ports of the hub powers the RasPi. while the upstream port of the hub is plugged back to the USB port of the Pi. The arrangement looks a bit funny though ( no, this is not a perpetual machine, the external power connector to the hub is yet to be connected :P )

The external HDD, one additional USB to ethernet connector (I am connected to 2 different subnets) and keyboard (temporarily) were all plugged into the HUB. My Mac Mini's HDMI to DVI connector, was of great help during the initial setting up. Once that was done, SSH is now working just fine for me, no longer need the KB or display.
I'll keep jabbering about my further experiences with this tiny beast, in the next few posts!!

What quantum physicists and movie/music industry have in common

Recent attempts to purchase 780 nm laser diodes for my experiment, made me realize how much atomic physics and laser cooling labs have become entangled with the optical disk industry. Rapid developments in optical drive industry, which made Rubidium so easily accessible to every Tom, Dick and Harry working on  atomic physics few years back is now making our lives difficult by rendering, once easily available technology, obsolete faster than ever. 150 mW 780 nm laser diodes which formed the heart of 48X CD burners, could be picked up for a few bucks from Digikey or Farnell, a few years back. Diodes with similar specs are now only available from specialized industrial and research laser vendors for a price that is atleast 2 orders of magnitude higher than the price when CD burners were ubiquitous.

Ofcourse the silver lining is, with the shift towards Blu-ray, wavelengths around 400nm, which once could only be achieved with the not-so-cheap non-linear frequency doubling crystals, have now become much more easily accessible.

(Anyway, have been successful in getting a handful of obsolete 150mW 780nm diodes from some random Chinese seller on eBay at dirt cheap prices! Yet to check their mode stability though, but quite hopeful from the specs! All hail the great Chinese manufacturers. Someone said it right-- God made the Chinese, rest was "Made in China"!)

BSNL Self Care Portal on Chrome/Firefox in Linux

BSNL has recently (not sure how recent, since I returned to India after quite a few months) made some changes to their accounting system and the old intranet site (10.240.43.216) for checking unbilled usage no longer seems to be working. It has been replaced with an ultra crappy, barely functional, CRM portal from Siebel and it manages to suck better than the most powerful vacuum cleaner ever made. To make matters worse, it is labelled as "Internet Exploder only", so any other standards compliant browser, which doesn't cause the internet to explode doesn't seem to work. Having nothing better to do, I delved a bit deeper to find out why non-IE browsers fail to render this piece of shit. A little bit of Googling made me stumble upon this - link. Apparently the login window seems to be some kind of popup with some applet inside. Whichever brain-dead retard designed it, something seems to be horrendously wrong with the way the login window captures the mouse focus. Clicking on the username and password field doesn't work! Some users have reported success (see the posts on the above mentioned link) after resizing the window to a very small size and then clicking on the username field. This works most of the time, but the rest of the site after logging in, remains still unusable with a mouse. Fortunately "TABbing" seems to work and makes it possible to navigate around the site.
(BTW this - http://selfcare.edc.bsnl.co.in is the portal I am referring to.)