Wireless power management in Ubuntu

Tested on: Ubuntu 11.04 (natty)

I have been experiencing extremely slow network connection whenever my laptop has been on battery. Speedtest results showed a 50 fold speed reduction when my laptop was on battery. I speculated that lower speed has to do with power-management, which reduces network speed in order to save battery. Ubuntu, like other operating systems, also has power management options installed by default. There is a frontend/GUI for Power Management preferences. But I could not find any thing related to wireless or Wi-Fi in the GUI. Looking around on internet, I found many pages. Here is a log of the things I found.

• Confirming the behaviour: In order to make sure that power-management is the culprit of the slow network access run following command both when on power and when on battery.iwconfig The output should look like following: wlan0 IEEE 802.11bgn ESSID:"USC Wireless" Mode:Managed Frequency:2.462 GHz Access Point: 00:00:00:00:00:00 Bit Rate=65 Mb/s Tx-Power=15 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on Link Quality=68/70 Signal level=-42 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:27329 Invalid misc:204 Missed beacon:0 Notice line five of the output. If it says anything other than Power Management:off while on battery, then it could be power management which is slowing down then network. Check power argument in iwconfig man page for other possible options.
  
  
• Temporarily disable the power-management: While on battery, run following command (replace wlan0 with your Ethernet name) sudo iwconfig wlan0 power off This will only affect the wireless settings of power management. and should change the output of previous command to Power Management:off and most-likely revert the network speed to usual speed. However, on restarting the system the power management will be enabled.
  
  
• Permanently disable power-management for wireless: If you do not want to keep running the above command each time you restart you laptop, create a file /etc/pm/power.d/wireless with following content: #!/bin/sh /sbin/iwconfig wlan0 power off Make the file executable by running following command:sudo chmod +x /etc/pm/power.d/wireless This new file will override the default wireless script run by power management and will also make sure that wireless power management is turned off. The above trick is taken from Ubuntu Documentation (Check few lines before the example). It says:
  
  When you run pm-powersave it combines the scripts in these two directories and executes them in sorted order. If both directories contain a script with the same name, the one in /etc/pm/power.d/ has a higher precedence and only this one will be executed. Therefore to disable a script from /usr/lib/pm-utils/power.d/ simply create an empty file in /etc/pm/power.d/ with the same name and without the execute bit set.

Read more ...

vsftpd behind router/firewall

Tested on: Ubuntu 11.04 (natty)

This is how I got vsftpd server work behind a router. If you are getting errors like "Server sent passive reply with unroutable address. Using server address instead." or "500 illegal port command" on list (ls) command, this post might help. Setting passive mode configuration correctly is the trick.

Please note that this may not be the perfect solution or even worse - not very secure. Read vsftpd.conf manual before applying any changes.

Make sure port 20, 21 and few more ports, for example 4242-4252, are being forwarded to the server. We will need these extra ports for passive mode - set pasv_min_port and pasv_max_port accordingly in the configuration file. Add following to /etc/vsftpd.conf . connect_from_port_20=YES pasv_enable=YES pasv_addr_resolve=YES pasv_address=myaddress.dyndns.com pasv_min_port=4242 pasv_max_port=4252 Set pasv_address to your domain name. You can use dyndns for dynamic ip-address. vsftpd will convert your domain name to ip address when vsftpd server starts. Note that if your ip address changes after vsftpd has started it will not update the ip-address. There has been some attempt to the solve it.
Here are some more configurations with comments: # Only allow FTP access to users listed in file /etc/vsftpd.userlist # Other users will not have ftp access userlist_enable=YES userlist_deny=NO userlist_file=/etc/vsftpd.userlist # Disable delete commands cmds_denied=DELE,RMD # Verbose logging log_ftp_protocol=YES # You may restrict local users to their home directories. See FAQ for # the possible risks in this before using chroot_local_user chroot_local_user=YES
For more security, you can also modify the login-shell of a dummy ftp user to something like /bin/false - which does not exist. Use following command sudo usermod -s /bin/false <username> In order to make this work you have to add /bin/false to the file /etc/shells. Or else vsftpd will generate login error when the user logs in using ftp.

Read more ...

Encryption + Dropbox + Android

Dropbox is a great application which syncs data across different computers and devices. This makes Dropbox ideal for syncing important, & often sensitive, information across devices. Saving sensitive information on cloud makes me feel uncomfortable and cranky. This is log of softwares/apps required for encrypting data. Explicit goals are:

1. Data should never be saved to disk unencrypted.
2. Encrypted data should be readable, even without internet access, on Windows, Linux, & Android devices.
3. Encryption algorithm should be well known standard algorithm. Open source programs are preferable.

Following are some of the possible solutions with some notes. Not all of them achieve all the goals mentioned above.

EncFS provides encrypted filesystem in user space. It allows mounting an encrypted folder to a user defined location. Cryptonite is an android app which supports mounting of encrypted EncFS. Unfortunately, I found Cryponite to be buggy and the android app did not work out well for me. EncFS is definitely among perfect solutions for "desktop-only" systems.

BoxCryptor comes very close (and probably is heavily inspired by EncFS). It has been developed with tight integration with dropbox. It uses very popular AES-256 standard. Unfortunately its Android app requires internet connection to read the encrypted folder. Another drawback is the tight integration with dropbox. The Android app requires dropbox credentials to access data. I feel uncomfortable to give the dropbox credentials to any place other than dropbox itself.

enotes is the perfect solution for individual text files. So, each encrypted file is an independent text file and hence each individual file has to be encrypted/decrypted seperately. This can be advantage or disadvantage depending on the purpose. It also has an Android app: Encrypted Notepad. It uses AES-128 encryption and is good enough for me. The software is written in Java and hence is cross platform. Similar apps: Secret safe Lite, NoteCipher, OpenNoteSecure.

APG is an Android app which aims to provide a OpenPGP implementation. It uses public-private key or pass-phrase for encryption. But it saves unencrypted data to disk. Another app Encryption Manager Lite works in very similar fashion but with AES encryption. Similar apps: File Encrypter, Pattern Encrypt (Cool idea to use patterns for passwords).

PS: There are numerous desktop applications which can be used to encrypt/decrypt data using standard algorithms like AES. When accessing files on android device is not an issue, then any of these can be a solution. TrueCrypt is worth a mention in this category for its simple interface and powerful features. EncFS, as mentioned above, may also be suitable for some systems.

Read more ...

xpdf & X resource

Tested on: Ubuntu 11.04

xpdf man page is not very detailed in terms of possible values for X resource file. Following are the places where xpdf settings can be specified:

• Ubuntu X resource file: ~/.Xresources The exact files being read can be found by looking into /etc/gdm/Xsession. My settings in ~/.Xresources # xpdf settings xpdf.geometry: 1280x1024 xpdf.initialZoom: width Run following for immediate effect: xrdb -nocpp -merge ~/.Xresources
• xpdfrc can be found at ~/.xpdfrc and at /etc/xpdf/xpdfrc. My ~/.xpdfrc file: include /etc/xpdf/xpdfrc initialZoom width

Read more ...