Some Dell systems include only USB ports by default, making it difficult to use a PS/2 keyboard or mouse for low-level OS hacking. It turns out that, for the Optiplex 755, there is a Dell product that adds PS/2 keyboard / mouse ports and an additional serial port to the system. However, the European and US Dell accessories pages list the item differently. The European item is shown to be compatible with the Optiplex 755, while the US item is not.
I took a leap of faith and ordered the US version anyways. It is now here, and it works perfectly.
Unfortunately, the Optiplex 755 User’s Guide does not mention the expansion connector on the motherboard that is required for this device. My regular desktop-sized Optiplex 755 included the necessary connector, and everything worked out of the box!
When clicking around in the Gnome-based desktop environment, it can often be useful to quickly start a shell in the current directory. Gnome’s file browser (at least for Debian Lenny) is Nautilus. One adds this capability by adding a custom script that can then be made to appear in the context menu (i.e., right-click menu). Here is an explanation and an example script. Script itself shamelessly stolen:
# From Chris Picton
# Replaces a Script by Martin Enlund
# Modified to work with spaces in path by Christophe Combelles
# This script either opens in the current directory,
# or in the selected directory
base="`echo $NAUTILUS_SCRIPT_CURRENT_URI | cut -d'/' -f3- | sed 's/%20/ /g'`"
if [ -z "$NAUTILUS_SCRIPT_SELECTED_FILE_PATHS" ]; then
while [ ! -z "$1" -a ! -d "$base/$1" ]; do shift; done
However, this page gave me the additional insight that scripts added to
~/.gnome2/nautilus-scripts will only become available after navigating to the scripts directory within Nautilus. This strikes me as rather odd, and I am quite amazed that I found an explanation for why my new script wasn’t appearing in only a few minutes with google.
I installed 32-bit Ubuntu 10.04 on an HP Elite 8100 PC. With the stock kernel, all is well. However, I custom-compiled a kernel, and upon bootup, the text messages scrolling by suddenly disappear, and a lone line of text appears at the top of the screen such as the one in the title of this post. Here’s a bug that describes the issue. I tried removing ‘quiet splash’ from the kernel command line by editing /etc/default/grub (actually, I did that before I even encountered these problems; I hate splash screens); same result. I ended up enabling a serial console so that I could see all the bootup messages. Suddenly, I realize the problems with plymouth (which is apparently more than just a splash screen package; it is the boot-time UI; thus, trying to remove it will cripple your system’s ability to, e.g., prompt you if a disk’s fsck fails) are just symptoms of a larger problem. The first obvious error message is:
udevd: failed to create queue file: No such file or directory
The real problem is that a new version of udevd requires an entry for /dev in /etc/fstab, as suggested here. I added at the end of /etc/fstab the following line:
dev /dev tmpfs rw 0 0
My system booted smoothly with my custom kernel, and this fix does not appear to have harmed the ability of the stock kernel to boot either. So, solved!
The Dell PowerEdge T105 is a nice low-cost entry-level server. Thus, Dell seems to think it should only ever run server-specific OSes. Consequently, I was unsuccessful in finding a TPM driver for this system on the normal Dell page. This system contains an STMicro TPM. I was able to find a driver for Lenovo systems that include the same TPM chip in a file with the following name:
stmicro-tpm-6iza02ww.exe. Hopefully your favorite search engine can lead you to it.
I was also successful in installing Dell Embassy Trust Suite by Wave System v18.104.22.168, which I found on Dell’s site. This is the system where I tested integration of the TPM into a SAML-based single sign-on solution using id.wave.com, as per this post.
TPM 1.2 Version Info using the
tpm_version utility in linux:
Chip Version: 22.214.171.124
Spec Level: 2
Errata Revision: 2
TPM Vendor ID: STM
TPM Version: 01010000
Manufacturer Info: 53544d20
So some of the facilitized systems here at CMU use kerberos for authentication. This means simple public-key based SSH login won’t work. For simple tasks, like editing text files on the remote system, it’s not worth going through too much pain to make this work.
1. Use password caching with the ‘tramp’ feature for emacs, as suggested here. However for reasons beyond me I couldn’t get this to work. If I figure it out I’ll update this poist.
2. Use sshfs to mount the remote home directory locally. Then it’s only necessary to authenticate with one’s password once.
sshfs -o workaround=rename server.using.kerberos: /path/to/local/mount/point
workaround=rename was necessary for me because emacs would complain about a renaming failure with “operation not permitted”.
Note that following
apt-get install sshfs I couldn’t immediately use sshfs successfully. My user was not part of the
fuse group. Even once I added myself (
sudo adduser username groupname), it was necessary to start a new login for the system to “know” that I was a member. In lieu of actually logging out, one can do
su - username to start a new session. The command
id will list the groups in which the current user is a member. If
fuse isn’t listed, it’s not going to work.
Don’t have time to make this detailed yet, but experimenting with SAML (Security Assertion Markup Language). For some fun, setup your own IdP by following the first two links:
simpleSAMLphp Installation and Configuration
Identity Provider Quickstart
Once that works, upgrade to a 30-day free trial of a Google Premiere account. All of the steps for Google Apps for Education apply equally well to a Premiere account. I haven’t tested yet whether the SAML settings remain in-place once the free trial is over.
Setting up a simpleSAMLphp SAML 2.0 IdP to use with Google Apps
This is a really neat capability, however. I can now be in charge of authenticating users for my Google Apps domain however I want. I.e., it doesn’t have to be passwords, and I also don’t have to expose the exact same identity to every site. I.e., if I trust my own identity provider, then I can have single sign-on without two different service providers (i.e., websites I actually want to visit) necessarily being able to tell that the same user is accessing both sites (modulo network monitoring, timing, and other ways of correlating traffic).
I hope to explore this in more detail and write about it.
A very interesting Identity Provider (IdP) is id.wave.com. You can create an OpenID and access sites that use OpenID, and you can also access sites that use SAML for single sign-on. Notably, Google Apps is one such site that allows users to authenticate via SAML (if you have a Premiere or Education account).
Also interesting, is that id.wave.com is capable of authenticating users based on public-key credentials stored in their system’s TPM chip. If your system includes Dell Embassy Trust Suite by Wave Systems, then a small browser plugin to IE 8 will enable seamless authentication without passwords.