spod.cx

Blog

Archives

C&C Red Alert under WINE on Hardy Heron

Updated: Fri Sep 26 13:57:33 2008

Back at the end of August, EA Games helpfully made the original C&C: Red Alert game completely free to celebrate the upcoming release of Red Alert 3. This is great for me, since one of my original RA CDs has a big scratch in it. Naturally, there are some caveats with running it under XP or Vista, but I now use Ubuntu Linux on the desktop.

Here's what I did to make it work under Ubuntu 8/04 Hardy Heron.

Download

Download C&C: Red Alert from here. You'll need both the Allied and Soviet disks, and they're about 1GB in total. They're RAR archives, but fortunately Ubuntu's archive manager can open them. You'll only need to extract CD1_ALLIED_DISC.ISO and CD2_SOVIET_DISC.ISO from within the files you've downloaded.

Mount

You have a choice here - either burn them to CD, or mount the ISOs manually. If you burn the ISOs to CD, you won't need to do anything extra to make things work - wine should pick up your CD drive just fine, probably as d:

I didn't want to faff around with CDs, so I mounted the isos directly. You'll need to be root for this. 

sudo -s 
mkdir /mnt/ccra
mount -o loop /path/to/CD1_ALLIED_DISC.ISO /mnt/ccra
logout

This will mount the ISO image as if it's a CDROM. Next, you need to open up a terminal and run 'winecfg'. Click on the 'drives' tab, and add a new drive letter (probably E:) to the list. Set the path to /mnt/ccra, then click OK. Next, you'll need to 'cd ~/.wine/dosdevices' and create a symlink to the physical media for whichever drive you created. In my case this meant:

ln -s /path/to/CD1_ALLIED_DISC.ISO e::

The double colon is not a mistake, and you'll need to substitute whatever drive letter you used in winecfg.

Install

From your terminal, type: 

wine e:\setup.exe

(or d:\setup.exe if you're installing off CD) and follow the prompts. This will install the game under a fake C: that lives in your .wine directory

Run

Nearly there! To run red alert there are a few gotchas to deal with.

There's a compatibility issue with recent linux versions and wine due to a security feature.

This leads to error messages that look like this:

err:dosmem:setup_dos_mem Cannot use first megabyte for DOS address space, please report
err:dosmem:load_winedos Could not load winedos.dll, DOS subsystem unavailable
winevdm: unable to exec '--app-name': 16-bit support missing

This is easy enough to disable temporarily while you're playing the game and doesn't have too much of an impact on the security of your computer. Again, you'll need to run this as root, and it will persist until you reboot or reset the value:

sudo sysctl -w vm.mmap_min_addr=0

To reset it once you've finished playing:

sudo sysctl -w vm.mmap_min_addr=65536

If you've got a PC with multiple CPU cores, you'll need to tie wine to a single CPU instance. This is done with schedtool. I've also found you can't launch RA directly, so I use winefile - a clone of the old windows file manager. It's not pretty but it works. To launch the game:

schedtool -a 0x2 -e winefile

Then navigate to C:\WESTWOOD\REDALERT and double click on RA95.exe

The game should play!

If you get warnings about low disk space and are unable to save game progress, it seems to be because you've got too much free disk space. I moved my .wine directory to a partition with less than 32GB of free disk space then symlinked it back into my home directory, and the problem went away.

Solaris 10 ssh XForward problems

Updated: Tue Jun 24 17:07:24 2008

We've found that a number of Solaris 10 U4 machines that have been recently patched will no longer allow X11 forwarding from SSH. It turns out this is because sshd is trying to use the ipv6 localhost (::1) by default which we don't have enabled.

The error message given in /var/adm/messages is:

Jun 24 16:56:43 tart sshd[6788]: [ID 800047 auth.error] error: Failed to allocate internet-domain X11 display socket.

A quick fix is to run:

ifconfig lo0 inet6 plumb up

and to ensure the change persists across reboots: 

touch /etc/hostname6.lo0

The issue seems to be caused by patch 126133-03.

Online Banking Department of Redundancy Department

Updated: Wed Jun 18 16:05:57 2008

"PIN Number" is one of those things that really annoys me. Personal Identification Number Number. Grrrr. ATM Machine is another good one, although that one is thankfully less common here in the UK. After a story from a friend about a discussion with a member of staff in a bank about this very issue, I considered the following:

Which of the high street banks in the UK use the phrases "PIN Number" and "ATM Machine" on their websites?

"None", I hoped, thinking that such huge banks would surely have some employees with more than a handful of brain cells between them in charge of making sure their content is not full of illiterate schoolboy english. Sadly, it was not to be.

After literally several whole minutes of research I came up with this list of UK high street banks with internet presences. It's certainly not exhaustive, but I mostly do have better things to do than be overly pedantic on the internet. Honest.

The results

First up, the results for "PIN Number". All these figures are taken from a Google UK search in June 2008.

  1. LloydsTSB - 31 pages
  2. Nationwide - 14 pages
  3. Barclays - 8 pages
  4. Natwest - 8 pages
  5. Co-operative - 3 pages
  6. HSBC - 3 pages
  7. Halifax - 3 pages
  8. Yorkshire - 3 pages
  9. Alliance and Leicester - 2 pages
  10. Clydesdale Bank - 1 page

Notable by their absence are First Direct and Abbey.

Natwest deserve a special mention for getting 'PIN number' into the new software on their ATM machines (see what I did there?) - thanks to dmc for pointing this out.

PIN number fail

Searching for "Personal PIN" was less exciting with only Barclays scoring at all, and only with a single page.

"ATM Machine" was slightly more exciting, but only just:

  1. Barclays - 2 pages
  2. Alliance and Leicester - 1 page

I was disappointed to see that "personal PIN number" didn't find any results across my selection of banks, so I turned to the wider internet. 11,900 results, but a reassuring number of those are at least mocking the "personal PIN number" thing.

Still, to prove that fuckwittery knows no bounds, we have Virgin Money to save the day with this page - under "how do I register" we have the festering turd of 'personal PIN number'.

Disappointingly the BBC News website also deserves a kicking with an article on credit card fraud which also uses the magical phrase:

The introduction of chip and pin cards aimed to cut down on credit card fraud in stores by asking shoppers to verify their identity with a confidential personal pin number, instead of a signature.

A disappointing result indeed. I was pleased to note no occurrences of "Automatic ATM" or "Automated ATM" on my test selection. I'd be interested to see if this holds true for American banks.

WPA and MAC locking with OpenWRT Kamikaze (7.09)

Updated: Sun Apr 6 12:55:40 2008

I've finally got round to sorting out OpenWRT on a spare wireless router I have, and in the process of getting things working as I want, I thought I'd document the process.

Please note that these instructions are probably fairly Atheros specific. If your OpenWRT device is based on a broadcom chipset, a lot of this probably won't apply.

Firstly (and well hidden in the documentation), to get WPA or WPA2 working, you'll need to install hostapd. If you just want to use regular WPA-PSK then hostapd-mini will do:

ipkg install hostapd-mini

If you want to use WPA with radius support (enterprise style) then you'll need the full hostapd:

ipkg install hostapd

Once this is done, you can set the wireless to wpa mode in /etc/config/wireless. Mine looks like this:

config wifi-device  wifi0
    option type     atheros
    option channel  1

config wifi-iface
    option device   wifi0
    option network  lan
    option mode     ap
    option ssid     OpenWrt
    option encryption psk
    option key thisisnotreallymywpakey

Use 'psk' or 'psk2' for WPA in regular shared-key mode - 'wpa' or 'wpa2' implies you want to use radius, and won't work without further configuration. It is better to use wpa2/psk2 if you can, but not all devices support it. WEP alone should be avoided where possible - it's trivial to compromise wep keys in a few minutes these days.

Run the 'wifi' command to reinitialise the wireless configuration and you should be able to connect to the access point using WPA. If this has worked when you run the 'iwconfig' you should see something like: Encryption key:AABB-CCDD-EEFF-0011-2233-4455-6677-8899.

I also wanted MAC address locking, which hasn't made it into the current release yet, although does appear to be in the CVS repository. I lifted the current 'standard' configuration so this should be compatible with future releases, but I added some extra code to pull MAC addresses out of /etc/ethers as well, which will be used for static DHCP entries as there's no point duplicating these. This extra bit doesn't make much sense if you're going to be using the mac address locking as a blacklist, so bear that in mind if you make this change.

The following additions are to /lib/wifi/madwifi.sh

--- madwifi.orig        2008-04-06 12:07:45.000000000 +0100
+++ madwifi.sh  2008-04-06 12:07:45.000000000 +0100
@@ -194,6 +194,38 @@    
                        iwconfig "$ifname" rts "${rts%%.*}"
                fi

+               config_get maclist "$vif" maclist
+               [ -n "$maclist" ] && {
+                       # flush MAC list
+                       iwpriv "$ifname" maccmd 3
+                       for mac in $maclist; do
+                               echo "Adding mac: $mac"
+                               iwpriv "$ifname" addmac "$mac"
+                       done
+               }
+               ## Remove this if you're doing MAC blacklisting
+               [ -e "/etc/ethers" ] && {
+                       # add ethers entries to mac acls
+                       for mac in `cut -f 1 /etc/ethers`; do
+                               echo "Adding mac: $mac"
+                               iwpriv "$ifname" addmac "$mac"
+                       done
+               }
+
+               config_get macpolicy "$vif" macpolicy
+               case "$macpolicy" in
+                       allow)
+                               iwpriv "$ifname" maccmd 1
+                       ;;
+                       deny)
+                               iwpriv "$ifname" maccmd 2
+                       ;;
+                       *)
+                               # default deny policy if mac list exists
+                               [ -n "$maclist" ] && iwpriv "$ifname" maccmd 2
+                       ;;
+               esac
+               
                ifconfig "$ifname" up
                iwconfig "$ifname" channel "$channel" >/dev/null 2>/dev/null

Then, to only allow approved mac addresses to connect, add the following to /etc/config/wireless under the wifi-iface section, editing the addresses in the maclist to your own wireless devices:

    option maclist "00:00:00:00:00:01 00:00:00:00:00:02"
    option macpolicy allow

Rerun the 'wifi' command to load the new config and you should have mac address locking enabled.

One useful command to remember is 'wlanconfig ath0 list' - this will show all associated mac addresses and their connection speed/mode/channel.

Things That Make Me Angry

Updated: Mon Mar 31 23:46:46 2008

Lately I've found myself feeling the need to rant on subjects including but not limited to: government and local council ineptitude, civil rights and privacy violations, religious extremism, and simple assholery.

I've set up a new site at angry.spod.cx to vent. Non-ranty infrequent updates will continue here as normal.

Networking, VLAN tagging and IPMP on LDOM vswitches

Updated: Mon Jan 7 22:25:36 2008

Or why MTUs are a pain in the arse

I've spent some time configuring some Logical Domains on one of our T2000s for some development machines at work, one of which is a test environment for our main webserver. Having spent the best part of a day debugging some odd networking and NFS problems, I figured I'd write this up in case it saves anyone else some hassle.

I'd done most of the setup work and had the machine up and running, and all seemed to be working fine. I mounted the NFS shares which contained the development webserver files and user home directories at which point it all went a bit wrong. I could perform an 'ls' on the web server directory just fine. Trying that on the user home directories caused both NFS mounts to hang completely.

While checking that the relevant bits of NFS config on our Sun Cluster were ok (they were) and the network settings (also fine), I happened to run an ifconfig on the development LDOM, but forgot the '-a' to output the information for all interfaces. This caused my SSH session to hang.

Normally on Solaris, running ifconfig without -a displays the usage instructions. A quick test on a different machine revealed that this usage information is 1365 bytes long. Another quick test (running an ls in a directory on the local machine) also caused my connection to hang. Aha! This smells like an MTU problem.

Some background

Because we need to present multiple networks to these machines and use IP Multipathing (IPMP), we're using the built-in Solaris support for 802.1Q VLAN tagging.

On regular Solaris, this involves plumbing a virtual device with the vlan number and interface ID encoded:

vlan 10, device e1000g1 = e1000g10001
vlan 999, device bge0 = bge999000

On LDOMS, this involves creating a vswitch in the service domain that's attached to a physical interface as you would normally. You then have to create a vlan-style virtual interface in solaris like you would normally, but within each LDOM - you can't do this at the vswitch level yet.

On the host machine, e1000g0 and e1000g1 are identically configured tagged switch links with a number of VLANS fed down them. They have both been configured as the physical devices for a vswitch in the service domain, which then provide the networking to the guest LDOMS.

Example config for the service domain:

ldm add-vswitch mac-addr=0:14:4f:1:aa:aa net-dev=e1000g0 primary-vsw0  primary
ldm add-vswitch mac-addr=0:14:4f:1:aa:ab net-dev=e1000g1 primary-vsw1  primary

It's important to specify the mac-address of the interface you're 'replacing', or the LDOMS won't talk to the outside world properly.

On the service domain, we then plumb some 'vsw' interfaces instead of the regular e1000g devices to provide its connection to the rest of the network, for example:

vsw10000 - VLAN 10, interface vsw0 (so e1000g0)
vsw10001 - VLAN 10, interface vsw1 (so e1000g1)

You can then use these as regular interfaces.

On this particular guest LDOM, we have the following config:

ldm add-vnet vnet0 primary-vsw0 webdevldom
ldm add-vnet vnet1 primary-vsw1 webdevldom

And the following devices are plumbed:

vnet200000 (connected to vlan 200, vswitch 0)
vnet200001 (vlan 200, vswitch 1)
vnet991000 (vlan 991, vswitch 0)
vnet991001 (vlan 991, vswitch 1)

Vlan 991 is the private network for NFS to the backend cluster, and 200 happens to be the vlan for this machines public facing services.

Solving the problem

VLAN tagging adds 4 bytes to the length of an ethernet frame - from a maximum size of 1518 bytes to 1522 (that's 1500 bytes of data, plus ethernet header information). What seems to be happening with using vlan tagged devices on LDOMS is the vswitch (or perhaps vnet driver) drops ethernet frames over 1518 bytes - a reasonable thing to do for a switch that doesn't support tagging, but unreasonable given that it otherwise passes the data on without interference.

Reducing the MTU of the LDOM by 4 bytes to 1496 immediately and completely cured the problem:

ifconfig vnet991000 mtu 1496

This has to be done for every interface on an LDOM for which you're using VLAN tagging or you'll mysteriously get some large packets simply disappearing. This was only happening for one of my NFS mounts because it happened to contain a lot of entries in its root directory, so sent at least one 1500 byte packet which never arrived - the other only had a couple of subdirectories, so the return data was under the maximum packet size.

To enable IPMP on an LDOM across two VLAN tagged interfaces, you need to do the following:

Create entries in the /etc/hosts file for the host and two test addresses:

192.168.1.42 webdevldom-priv
192.168.1.43 webdevldom-priv-test0
192.168.1.44 webdevldom-priv-test1

In /etc/hostname.vnet991000

webdevldom-priv mtu 1496 netmask + broadcast + group webdevldom-priv-ipmp0 up
addif webdevldom-priv-test0 mtu 1496 netmask + broadcast + deprecated -failover up

and in /etc/hostname.vnet991001

webdevldom-priv-test1 mtu 1496 netmask + broadcast + group webdevldom-priv-ipmp0 deprecated -failover standby up

Remember to set the MTU for each and every interface within each LDOM guest, or you'll have intermitted networking problems. Interestingly, you don't need to do this for the vsw interfaces in the service domain even though it's connected to the same vswitch as the LDOM where the problem occurs, so it appears the oversize ethernet frames are being dropped somewhere between the LDOM and the vswitch, possibly in the vnet driver - the vswitch itself seems happy to forward them on.

A new word: Thripxel

Updated: Thu Jan 3 15:18:37 2008

Along with many other people who now have TFT monitors, I've encountered the new threat of the Thunderbug, or Thrip.

In early summer these little buggers manage to get in between the layers of the LCD, attracted by the light and warmth then helpfully die, leaving the annoying outline of a small dead bug stuck forever inside your screen.

After a conversation at lunchtime with some friends I'm inventing a new word: 'thripxel', a derivative of 'thrip' and 'pixel', to be pronounced thrip-sell:

Argh, this screen has a dead thripxel!

As of today (3rd Jan 2008), Google finds no other results for thripxel.

Sky+ Hard Disk Replacement

Updated: Sat Dec 22 16:20:58 2007

A couple of weeks ago our V3 Thomson Sky+ box started to misbehave. Blue screen on power up, 10 minute hang followed by a reboot on anything to do with the sky plus planner or program playback. This sounded like a failing disk and a bit of research with google suggested the same, but that a planner rebuild or a full reset might fix it.

First off, we tried the planner rebuild as this doesn't delete recorded content:

The box will chunter away for a minute or two then reboot.

This didn't make any difference, so next up was a full reset:

At this point the playback circle should start to rotate backwards for a few minutes, then the box will restart.

I also did a firmware reset just to make sure:

After this the sky+ box will restart.

This made things significantly better for us for a few days. Unfortunately one recorded program started to refuse to play back, and would consistently make the sky+ box hang while making a 'clicking' noise as the disk tried to re-read the bad sectors.

At this point, rather than risk calling sky and getting a replacement Sky+ box (and a £65 callout charge, and the danger of getting one of the crappy Amstrad boxes) I ordered a new 160 GB drive, the same size as the original - a Seagate 7200.10 (ST3160815A). I picked this model because it's well known for being fairly quiet and has a 5 year warranty. The old problems with 7200 RPM drives taking too long to spin up seem to have been solved in the recent Sky+ Firmware.

Our box is well out of warranty, so it's probably only worth trying this if yours is, or you're happy to invalidate it...

Fitting it was a bit of a bugger, but the procedure goes something like this. Again, this is for a V3 Thomson box - it will be different for other types.

Once the drive has been replaced the Sky+ box will initially seem to not work. Going through the 'full reset' procedure above to format the drive solved this, and it all seems to be working.

Scrabulous Cheats Are In The Minority

Updated: Mon Dec 10 21:21:20 2007

Along with the rise in popularity of the Scrabulous application on facebook, my cheat-o-matic has seen a vast increase in the number of people using it. At the beginning of July 2007, I was seeing around 6,000 'page views' per day according to Google Analytics. By August this had risen to 40,000 and was up to 85,000 by the end of October. At the time of writing at the beginning of December, I'm seeing over 110,000 page views per day from about 15,000 unique visitors. Impressively, something like 75% of these are returning visitors.

Is it reasonable to assume the majority of users of the cheat-o-matic are Scrabulous players? Yes, for two reasons. Firstly, he cheat-o-matic only started to get really busy shortly after the Scrabulous facebook app was launched. The second is immediately obvious whenever Scrabulous is having technical issues. If Scrabulous is down, the load on the webserver on which this website lives decreases significantly.

To compare my figures with the number of people using Scrabulous on a daily basis, we can look at the figures provided by facebook. Today, it reports: '505,449 daily active users, 27% of total'. Assuming this is a typical day then I'm seeing the usual 15,000 of those which is roughly 3% of the daily Scrabulous userbase. Obviously, mine isn't the only cheating tool, but I suspect it is one of the busiest, given my ranking on Google when you search for 'scrabble cheat'.

Clearly I can't guarantee that 97% of Scrabulous users are completely honest, but the figures suggest that on average the vast majority of those users aren't cheating. At least, not on my cheat-o-matic.

Hold The Line

Updated: Sat Nov 10 23:02:17 2007

Remember

Nathan Rogers - Hold The Line

We were farmboys in the spring of 'fourteen
A few miles from mother's door the furthest I'd ever been.
One short month of training and we're off to foreign shores to hold the line.

And now a year's gone by and I've never let my mind count the minutes of these murders, the brothers now behind.
"We'll all go home by Christmas. The weather will be kind. Will you hold the line?"

"Your mask protects you from the poison yellow smoke."
"They will time their charge to take you when they think the line has broken."
"None of them expecting that we got their trenches mined."
"And we'll hold the line."

They sent us out to murder on the empty foreign fields.
There is crimson in the umber of a kind that doesn't yield.
Our youth gave in to anger, our shoulder to the toil.
A million names and faces in a mile of bloody soil.

Have I been here a lifetime or just these thousand horrid days?
Will the guns ever go silent?
Will the winds of time erase the scars upon the battlefield?
The would within our mind while we hold the line?

And of all the faces that have come and gone (while in this tomb I've grown),
The one I've come to like the least's the one that is my own.
For within this bloodied hero a murderer you find and you hold the line.
Hold the line.

Go to Archive

Contact: ben@spod.cx