Category Archives: Uncategorized

Samba 4 + Windows 10 time synchronization issues

Where does ListeningThread -- Recvd 52 of 48/68 bytes come from?

If you follow the instructions for setting up Samba 4 AD DC for time synchronization, ntpd (coming out of Debian’s ntp package at some version 4.2.8) should just work.1

I came to this discovery after giving up and discarding my /etc/ntp.conf. Suddenly, after restarting ntpd and running w32tm /resync, things just worked. It’s not the software that’s broken — it’s me that was crazy.

The packet was now 110 bytes in Wireshark (68 of which was data). This was a stark improvement over seeing a 94 byte packet (52 of which was data). C:\temp\ntpDebug.log 2 no longer contained this:

ListeningThread -- Recvd 52 of 48/68 bytes

Hoozah! Now I wanted to figure out what was causing ntpd to send 52b packets, and not either 48b or 68b packets.

Turns out that my restrict statements had unexpected side effects. For instance, Samba wiki-recommended config tries to unrestrict localhost using restrict 127.0.0.1. 3

But I wanted to do the same for IPv6 localhost, so I did restrict ::1. This seems to have greatly confused ntpd.

The way out?

restrict -4 127.0.0.1
restrict -6 ::1

Second mistake was restrict 10.10.10.0 mask 255.255.255.0. It didn’t specify that mssntp should be enabled. For good measure I threw in -4:

restrict -4 10.10.10.0 mask 255.255.255.0 mssntp

Given that Samba config doesn’t recommend any special allowlisting for my internal IP range, I’ll just remove this line completely; the default restriction from the wiki should cover everything clients need to do anyway:

# Access control
# Default restriction: Allow clients only to query the time
restrict default kod nomodify notrap nopeer mssntp

Moral of the story? ntpd seems to be awfully sensitive to restrict statements. If w32time service complains or breaks in some way, be sure to remove the statements bit by bit, or make sure IPv4 and IPv6 statements don’t stomp over each other.


  1. Granted, I needed to modify the path to the socket to say /var/lib/samba/ntp_signd/ instead of /usr/local/samba/var/lib/ntp_signd/, but otherwise it just worked. 
  2. That file was created using w32tm /debug /enable /file:C:\temp\ntpDebug.log /size:102400 /entries:0-300 which I found somewhere online. 
  3. Apparently, passing no restrictions at all after the address simply means “unrestrict these peers”. 

On Mastodon and the "fediverse"

I do like the freedom from lock-in. That’s why I run my own federated XMPP server (though a domain whitelist applies due to spam – contact me if you want to interop).

I do want to regain control over my social postings. I don’t use Facebook; I’m mainly on Twitter. I don’t mind Twitter as much, but it would be nice to host my own posts.

That’s why I will not be signing up for a Mastodon instance. Allegedly migration to another instance is easy. But permalinks to posts would still be stored on a domain owned by someone else. Thank you – but then I might as well stay on Twitter.

What about running my own? I have a test deployment I can spin up, but I don’t want to pay for the resources that would be required to make it a permanent thing. Mastodon’s minimum requirements are huge.

Why not GNU Social? I am trying to reduce my consumption of PHP.

Why not Pleroma? Maybe I’ll do that. I need to check it out, however, I’m not well versed in Erlang and fediverse stuff seems like something I may want to customize.

Customize in what way? Bridging to XMPPs microblogging seems like an interesting possibility. And sharing more than just “notes” (Twitter’s tweets, Mastodon’s toots) seems like a good way of weaning myself off of WordPress. ActivityStreams vocabulary (which makes an appearance in OStatus and is basis for ActivityPub) has more than just Notes.

Convert MySQL tables to use UTF8 character set and collation

I moved a Gerrit installation to use MySQL. The tables turned out to be using latin1 encoding.

Here’s a vile concoction, composed of many StackOverflow answers and swamp creatures:

-- update database and each table to use utf8 according to http://stackoverflow.com/a/6115705/39974.
-- to apply to each table, used http://stackoverflow.com/a/18294520/39974
-- use utf8_unicode_ci due to: http://stackoverflow.com/a/766996/39974

DELIMITER $$

DROP PROCEDURE IF EXISTS utfAllTables $$

CREATE PROCEDURE utfAllTables()

BEGIN
        DECLARE table_name VARCHAR(256);
        DECLARE end_of_tables INT DEFAULT 0;

        DECLARE cur CURSOR FOR
            SELECT t.table_name
            FROM information_schema.tables t
            WHERE t.table_schema = DATABASE() AND t.table_type='BASE TABLE';
        DECLARE CONTINUE HANDLER FOR NOT FOUND SET end_of_tables = 1;

        OPEN cur;

        tables_loop: LOOP
            FETCH cur INTO table_name;

            IF end_of_tables = 1 THEN
                LEAVE tables_loop;
            END IF;

            SET @s = CONCAT('ALTER TABLE `', table_name, '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci;');
            PREPARE stmt FROM @s;
            EXECUTE stmt;

        END LOOP;

        CLOSE cur;
    END $$

DELIMITER ;

Let’s use this stored procedure, and then drop it.

ALTER DATABASE reviewdb CHARACTER SET utf8 COLLATE utf8_unicode_ci;
USE reviewdb;
CALL utfAllTables;
DROP PROCEDURE utfAllTables;

Sadly, it looks like ALTER DATABASE is not PREPAREable, nor does it accept a variable or a function
call as its database name. Therefore, I could not pass DATABASE() here, nor could I move the ALTER DATABASE
statement inside the stored procedure.

Importing laptop into Ireland from outside EU

I am not a lawyer nor an accountant. This is not legal advice. I may be wrong.

Bureaucracy == exercise in exploration!

First, you want to read the general information for individuals, including PN 1878a – Customs and Excise Information for Travellers Arriving in Ireland from Countries Outside the European Union.

In PN 1878a there is an odd reference to digital cameras being 0% duty, and VAT 23%. Where does that come from?

In the section intended for businesses we can find the document A Guide to Customs Import Procedures (PDF) which mentions a system called TARIC. What is TARIC?

Apparently TARIC is an EU-wide system for determining duty on imports. Customs Directorate of Croatia (or whatever the name in English is) apparently also maintains their own TARIC query system with matching data.

Now we need the appropriate code. What is the code for laptops?

It’s 8471410000. If you enter this code and then drill down into ‘for use in civil aircraft’ and ‘other’, you’ll see that in both cases the duty is 0%, in most countries. (In Croatian mirror site, pick ‘Section XVI’ and ‘Chapter 84’. I find it curious that the Croatian system’s UI seems cleaner than the official EU system. More outdated, but nonetheless cleaner.)

Since USA is not on the list, I would presume it fits under the ‘Erga Omnes’ list.

Alright, what about VAT? There is a list of tax rates maintained by the Irish Tax and Customs. Laptops seem to fit under Computer Hardware – Supply, which has a Standard VAT rate. As of 1 January 2014, this rate is 23%.

My conclusion is that the duty is 0%, and that only VAT of 23% is paid.

Considering top-of-the-line 15″ Macbook Pro Retina costs $2.599 = 1877.21 EUR * 1.23 = approx 2309 EUR – versus 2649.00 EUR – we get the difference of 339 EUR that are still saved by buying the laptop from the US.

Fun. 🙂

For the record, no, I did not choose to buy a laptop (nor this laptop in particular) — but exploring my options is good.

Ubuntu 13.10 live CD: Blank screen with EFI

Ubuntu 13.10 fails to start X11 on a Macbook Pro with retina display, and it fails to start X11 on VirtualBox when EFI mode is turned on. Even the failover mode fails. This has been tried with 64-bit version of Ubuntu 13.10. Machines: a 2013 Macbook Pro; and a virtual VirtualBox 4.3.6 machine configured for Ubuntu (64-bit) OS, with EFI turned on.

Ubuntu’s failover configuration tries to use vesa module, which is not available when running under native EFI or UEFI mode.

Let’s fix this by using fbdev module.

  1. Hit ctrl+alt+f1 to switch to console.
  2. Type sudo -i to become root.
  3. Now let’s fix the relevant files:
    cd /etc/X11/
    sed 's/Driver.*"vesa"/Driver "fbdev"/' xorg.conf.failsafe > xorg.conf
  1. Restart X11 et al: service lightdm restart
  2. If necessary, switch to the VT dedicated to X11: hit ctrl+alt+f7

Note that the screen will stay blank for a while longer; give the system some time to proceed.

Good luck!