Android Marshmallow not re-connecting to ActiveSync/Exchange

Looks like the prepackaged 'Exchange' service running on Android Marshmallow can't deal with being disconnected from the service for too long... If it is, it appears to crash and forget how to sync. It will perpetually say 'Last Sync at:' with the time it was last able to get data.

Even after you've fixed the outage it still won't reconnect. You have to manually remove the account under Settings->Accounts->Exchange and then re-add it again. Hopefully they fixed this bug in Nougat.

Apparent fix for dropped packets on Scaleway Amsterdam

I had a few days of problems with Nextcloud, OpenVPN and even SSH applications crashing out complaining about HMAC/MAC errors. These are the message digests which are sent between the two hosts that provide verification of packet integrity.

To help Google lead you here, the exact error for OpenVPN on the client side was:

Authenticate/Decrypt packet error: packet HMAC authentication failed

After spending hours trying to figure out whether my TLS libraries were bust and asking Scaleway themselves if they were having networking troubles, I decided to power down the server and 'Archive' it to use Scaleway's terminology.

Brought it back up about two hours later... Everything was working just fine.

The only thing I can think happened is that whatever network segment or switch port I was on was having some sort of trouble. By pushing my server to their archive system and then bringing it back I must have re-triggered the network deployment and something must have sorted itself out.

Hope this helps anyone with similar troubles.

How to set Docker 1.12+ to NOT interfere with IPTABLES/FirewallD

For some reason the powers that be at Docker have decided that with version 1.12 (or perhaps earlier, I don't track how lax I get between versions), the approach of using a SystemD override file for IPTABLES no longer works. At least, that is true if like me you had DOCKER_OPTS="--iptables=false" in /etc/systemd/system/docker.service.d/noiptables.conf.

Instead you now have to use environment variables rather than command-line-style parameters, so it is more along the lines of DOCKER_IPTABLES=false rather than --iptables=false. Still, this didn't work and it appeared that from some SystemD digging that the default Docker Systemd config file ignores my override file anyway.

It turns out the solution is explained (not obviously) here (no at the time of writing there is no FQDN, just an IP):

http://54.71.194.30:4110/engine/reference/commandline/daemon/

You must manually modify /etc/docker/daemon.json, which is a file that the Docker daemon DOES check at startup. Ensure there is a line there with "iptables": false. However since these are effectively default behaviour overrides, you can get away with just that in the file. So my file looks like:

{ "iptables": false }

Then reboot the docker daemon. I guess in hindsight that is a much easier way of doing it and is better for other overrides going forward, but they did an excellent job of informing their long-standing users of the changes.

Fix for BTRFS: open_ctree failed when running root FS on RAID 1 or RAID10 - Arch Linux

This bug is a known issue in Arch Linux, see here

There are also bug reports and discussion filed here and here

The Problem

The bug appears to reside in systemd or mkinitcpio, as the ArchWiki suggests. Whichever process is responsible for disk discovery and identity allocation seems to get itself in a twist with BTRFS on multi-device volumes. Things were fine for me on RAID 1 before I upgraded to my current RAID 10 set up, so the problem may be more prevalent or pronounced on RAID10 deployments.

I followed the suggestion on the Wiki for a fix to no avail. Besides, why would adding 'btrfs' to the MODULES array rather than HOOKS work anyway? The 'udev' hook handles that stuff in place of the 'btrfs' hook, but nevermind.

The Solution

After some experimentation I discovered that if you change the /etc/fstab directive to mount a single device from the BTRFS array rather than using a group identifier like the examples shown below, the system would boot successfully.

BAD

LABEL=btrfs_root    /    btrfs etc.etc.etc.  
UUID=fd047936-9253-421a-8d48-219612cb4915    /    btrfs etc.etc.etc.  

GOOD

/dev/mapper/disk1-root    /    btrfs etc.etc.etc.

But, doesn't this mount only the one disk?...... NO! :) BTRFS is smart enough to discover and/or remember that the one disk is a member of an array. As a result, it mounts the entire pool along with the single device being called by /etc/fstab at boot (see the two snippets at the end of this post for my particular deployment).

So long as the chosen disk survives, everything is fine. In theory I have a 25% chance of that particular disk failing and leaving me locked out and requiring a Live-CD style recovery. If one of the other three fails I should still be able to boot the array albeit in a degraded mode and replace the disk.

If this one particular disk does bite the dust - not a problem. It's not any more complication, really. The solution would be to:

  • Boot into an Arch live memory stick
  • Set the fstab and kernel parameters to degraded see here
  • AND change the disk which is mounted at boot in /etc/fstab - in my case swap out /dev/mapper/disk1-root to /dev/mapper/disk2-root or disk3-root etc.

To close, yes there's a bug somewhere in mkinitcpio or systemd and yes it does add a complication to multi-disk builds which store the root partition on them. It's pretty minor though and hopefully the instructions here will help solve the problem and save people time.

My /etc/fstab (last example is correct)

#UUID=fd047936-9253-421a-8d48-219612cb4915      /               btrfs           rw,relatime,space_cache,subvolid=5,subvol=/     0 0
#LABEL=btrfs_root       /       btrfs           rw,relatime,space_cache,subvolid=5,subvol=/     0 0
/dev/mapper/disk1-root  /               btrfs           rw,relatime,space_cache,subvolid=5,subvol=/     0 0

My BTRFS Array - The other three devices are auto-mounted by BTRFS after disk1-root gets triggered by /etc/fstab.

 root@nasbox ~]# btrfs fi show
Label: 'btrfs_root'  uuid: fd047936-9253-421a-8d48-219612cb4915  
    Total devices 4 FS bytes used 768.09GiB
    devid    1 size 831.51GiB used 385.03GiB path /dev/mapper/disk1-root
    devid    2 size 831.51GiB used 385.03GiB path /dev/mapper/disk2-root
    devid    3 size 831.51GiB used 385.03GiB path /dev/mapper/disk3-root
    devid    4 size 831.51GiB used 385.03GiB path /dev/mapper/disk4-root

[root@nasbox ~]# 

How to Fix Chromium/Google Chrome Black Screen in VirtualBox

The bug is in VirtualBox's Guest Additions, which probably badly translates 3D controls from applications like Chromium and delivers the weird black flickering garbage.

The solution is to simply replace the version of VirtualBox Guest Additions you're using. I found that VBoxGuestAdditions_5.0.10.iso worked fine. Insert the disk into the OS via VirtualBox and do the normal sudo ./VBoxLinuxAdditions.run. This will remove the existing broken version of Guest Additions and install the working replacement.

Fix for audio sync issues on VLC for Android (May 2016)

Using VLC on Android to watch videos and you get audio sync issues? I knew the files were fine, but every time I started a video on my tablet and scrolled forward or back, the time would be offset by around a second. Many times the sound was off as soon as I played the video 'from cold'.

After some experimentation I found you have to go into VLC-Settings>Hardware Acceleration and ensure it is set to Disabled. In my case it was set to the default 'Automatic' and VLC was trying to use hardware acceleration and getting it's sync messed up.

Even the VLC app says hardware acceleration is experimental, just make sure it's disabled.

Fixing Natural Scrolling in Arch Linux

Due to my habit of switching between desktop environments semi regularly, including GNOME-based ones, multiple configuration files exist in my ~/.config/ governing the same things. In this case, my mouse scrolling.

I was never able to figure out which files were conflicting with each other, but this answer on AskUbuntu worked for me first time, system-wide. http://askubuntu.com/a/685873

Pebble Time opens port 9000/tcp6 on Android Devices

Pebble Time opens port 9000/tcp6 on Android Devices

Did a port scan the other day and was surprised to find my phone was listening for connections on the LAN. Port 9000 on tcp6, which Nmap decided to call CSListener.

Nmap scan report for 192.168.0.3 Host is up (0.0072s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
9000/tcp open cslistener
MAC Address: C0:EE:BE:EF:BQ:15 (OnePlus Tech (Shenzhen))

Googling didn't turn up much so I ran an adb shell to the phone.
Turns out that the process occupying the port was the Pebble Time app.

root@A0001:/ # fuser 9000/tcp6 1417
root@A0001:/ # ps | grep 1417
u0_a123 1417 253 1779444 105092 ffffffff b6db5340 S com.getpebble.android.basalt:framework
root@A0001:/ #

Then I remembered seeing an option in there ages ago about allowing developer access, which I did when I was playing with creating tutorial apps for the watch. The 'Developer Connection' was still switched on, turning it off kills the listener on port 9000.

Pebble Time App

Docker, Arch Linux, and User Namespaces

Docker, Arch Linux, and User Namespaces

I recently tried to run Jess Frazelle's Chrome Docker image, she explains how to do that here. Whilst there is a little bit of understanding needed with what's going on (such as passing X11 through from the host to the container), it's pretty simple.

However, Chrome seemed to break for me every time. At first I couldn't work it out, but help in this Issue Thread showed that the lack of User Namespacing in my kernel was the problem.

The stock Arch Linux Kernel for some reason doesn't seem to have User Namespacing built in. Chrome needs this. The reason Chrome needs this is that the sandboxing security feature needs to utilise namespacing segregation to isolate web page processes. The idea being if they can't interact with anything outside the container, it minimises risk to the other processes on the system.

Unfortunately to enable User Namespacing, you have to enable the feature in a kernel config file and rebuild your Kernel. This isn't an easy process but the Arch Build System can help.

To test you've got User Namespacing enabled successfully, check zgrep CONFIG_USER_NS /proc/config.gz it should return CONFIG_USER_NS=y. Anything else means it is not enabled.

My config.gz for Kernel 4.2.5-1 is here

The image below shows I've got Chrome running in Docker fine now. You can also tell from Archey that I'm running the custom kernel.

Picture of Chrome Running