Category Archives: All things Unix

Home-grown Webcam Evolution

Good, fast, or cheap: pick any two. A few years ago, I decided to build a webcam, rather than buy one, which were about $100, plus whatever monthly service charge for hosting the link on the cloud. I’m not sure I beat the cost, quality, or speed, but it’s kept me actively managing the system. Instead of a plug-n-play wifi-enabled little module, I have a rats-nest of wires, USB hubs, USB external disk drives, Raspberry Pi with external camera on a ribbon cable, and, now, extension cords and 50-foot CAT5e cable. About once a year, I wear out the flash drive that the system runs from, so there is some on-going cost. Plus, much coding in Python and Bash, a distributed network system to process the video, cron jobs, an API key and code to get weather information and sunrise/sunset times to turn the camera on and off.
 
Meanwhile, the landscaping has grown up around the office window, so the camera sees mostly flowers and bees (left view). So, I moved it to the office closet, which was not so simple. 1) Being “cheap and fast,” the software wasn’t very “good,” so I had to modify the Python code to provide a way to restart the system during the day without losing all the footage: the system keeps a week’s worth of data, and erases last week’s when starting a new day. This also entailed generating images with a timestamp, rather than a simple index, as the camera software libraries start indexing at 1 each instance.
OK, that’s done, and the system retested, bugs fixed, etc., which ended up losing most of a couple day’s surveillance: “cheap” means not having a second system for development and test, and “fast” means not doing a proper code review before testing, which leaves “good” out of the equation.
Of course, nothing ever goes smoothly: after moving the computer/camera, the USB hub and disks into the closet, we weren’t getting communication with the processor.  So, drag everything out next to the desk so we could hook up a console (keyboard, mouse, and monitor) to the computer, retest with the original ethernet cable, then with the long one.  Everything worked, inexplicably, since nothing really changed except having the console hooked up.  Unhooked the console, and moved everything, still running, back into the closet, then adjust the camera  view, and we’re done–except for resetting the key agent so the computer could talk to the video processing computer.
Our program takes a photo every 10 seconds, updated to the web server, then assembles a timelapse video once an hour, showing one hour in 30 seconds.  After letting the revised program run for a couple hours, we checked the logs and directories: still showing last week’s video.  Aha.  The video compositor program needs a numerical sequence for the images in order to assemble a video: the timestamp doesn’t meet specification.  So, back to the drawing board, rewrite the Bash script on the video processing computer to renumber the files in a format the video assembly utility understands.  Success at last.  The system is now fully functional, but made a bit more complex by the simply addition of a restart ability.
The results can be viewed at http://www.parkins.org/webcam

So, not fast, not good, and not cheap, when you consider the effort put into a custom, one-of-a-kind system. But, it keeps me in practice coding and designing.  And, because it runs on Linux, I can keep the security patches current: many purchased plug-and-play “appliances” have their code burned in at time of manufacture, and may be designed around already obsolete and buggy software.  My little system has undergone several major upgrades of the Debian Linux distribution core system  (Linux kernel 4.9.35, patched 30 June 2017: latest release is 4.12) and gets regular security patches and bug fixes.  That’s even newer than my primary laptop (Kernel 3. 13.0, patched 26 June 2017).  Considering all the little Rasperry Pi machines scattered around the house, it may be prudent to work on configuring them for diskless boot, in order to preserve the flash memory chips on-board.

Not your plug-n-play webcam…

Beware the Wiley Hacker: a Cautionary Tale

Not an approved method of securing your network...
Not an approved method of securing your network…

A while back, we wrote about rebuilding a crashed Raspberry Pi system.  In the course of reinstalling the system (on a new chip–the old SD card that contains the operating system had “worn out”), we had made a fatal slip.  This system happens to be our gateway system, i.e., connected directly to the Internet to provide us access to our files and some web services while out of the office.  Unfortunately, this also provides the opportunity for the world-wide hacker community to try to break in.

Normally, we have safeguards in place, like restricting which network ports are open to the outside and which machines and accounts are allowed login access.  However, in our haste to get the new system up and running as quickly as possible, we connected the device to the Internet to download upgrades before the configuration was complete, meaning the system was exposed without full protection for several hours to several days.

Screenshot-larye@raspberrypi2: -var-log
One hour’s worth of break-in attempts by hackers. Note that attempts to access system accounts (root, pi) are denied because we don’t allow external logins for these accounts.  The accounts that are allowed are restricted to public-key authentication (basically, a 1700-character random password).  Attempts on this one-hour snapshot come from four different sources: Porto, Portugal; Shanghai and Baoding in China; and Tokyo, Japan (possibly hacked machine, as the name is spoofed).

Now, our security logs record, on a normal day, hundreds of break-in attempts (see screenshot above).  We aren’t the Democratic National Committee or Sony, just a small one-man semi-retired consulting business.  But, the hackers use automation: they don’t just seek out high-value targets, they scan the entire Internet, looking for any machine that isn’t fully protected.  If they can’t steal data or personal information, they will use your machine to hack other machines.  If you use Microsoft Windows, you are undoubtedly familiar with all sorts of malware, as there are many tens of thousands of viruses, trojan horses, adware, ransomware, and other malevolent software that invades, corrupts, and otherwise takes over or cripples your machine.  Unix systems are less susceptible to these common attacks, but, if an account can be compromised, or a bug in the login process exploited, eventually a persistent attacker can gain system privileges and install a ‘rootkit,’ a software package that replaces the common monitoring and logging software, redirecting calls through the rootkit, which hides its existence and activities from the reporting tools, even the directory listing utilities.

Once an attacker takes over a Unix or Linux machine, there is no limit to the damage they can do on the Internet, as Unix/Linux is the basis of most of the servers on the Internet, and can become as a SPAM server, web-spoofer, or hacker-bot itself.  (Microsoft Windows Server has the rest, nearly half, and they are even easier to break into.)  I began to suspect this might have happened when normal system functions failed to terminate or run correctly.  We have a lot of custom software built on this machine, which runs on a scheduler.  The machine got slower and slower, and it was apparent that the jobs run by the scheduler were never exiting, filling up the process table with jobs that weren’t doing anything, except taking up space, which is always at a premium.  Clearing out all the jobs, restarting the machine, and starting the processes manually worked–until about 2:00pm.  Very suspicious: a rootkit, once installed, can repair or re-install itself even if the administrator restores many of the co-opted command files by normal upgrades or by a conscious attempt to recover from the intrusion.

The main problem seemed to be with /bin/sh, the system shell, which is actually /bin/dash, a shared object.  Cron, the scheduler, uses dash to run the jobs, where the normal user login shell uses /bin/bash, a non-linkable executable shell with similar functionality.  A rootkit is generally constructed as a filter, wrapped around the co-opted commands, so it would be easier to link to the *real* /bin/dash in an undetectable manner from the filter program than it would to wrap /bin/bash.  In this case,  assuming an intrusion was the cause, something went wrong, rendering dash non-functional.  Perhaps the intrusion was not compiled for the ARM  processor used by Pi, though most of a rootkit would be scripted to be portable among different CPU architectures and Unix/Linux versions.

An analogy to the problem would be like finding out who let the horses out: it is easy to identify wolf or horse-thief tracks outside the barn when the door is barred, but, if you left it open and the horses have bolted, it is more difficult to find out what happened–the traces are covered. I did install some intrusion-detection software, but running it after the tracks are covered over is usual a futile effort.  However, there were enough questionable traces to warrant taking corrective action.  Besides, even if the problem had been caused by some inadvertent misconfiguration on my part (unlikely, considering the fact that the machine could be made to run for several hours before the problem reasserted itself), the solution was clear:  reinstall everything.

The first step is to backup the data, including configurations.  Now, this is not just an ordinary computer:  Raspbian, the Debian-based operating system distribution designed for the Raspberry Pi computer, comes with a simple desktop intended to introduce new users to Linux.  But, this machine doesn’t use the desktop and is not even connect to a monitor most of the time: it is an internet gateway, web server, and custom webcam driver, so has a lot of “extras,” both loaded from software repositories and written especially for this installation.  Backups are important, since much of the software only exists on this machine.  And, since we only have one camera, fail-over isn’t possible without physically moving the camera from one machine to another, not a trivial exercise, as the connection is on the motherboard rather than an external connector.

Now comes the glitch: Since the introduction of the Raspbian operating system, it has been based on Debian 7; but, since Debian 8 was recently released, a new version of Raspbian is also available.  So, the machine was rebuilt with Raspbian “Jessie”, replacing Raspbian “Wheezy” (the releases named after Toy Story characters rather than just the numbers–as with Apple OS/X, Debian releases tend to have names in addition to release numbers).  Installation on Raspberry Pi is not like other computers.  Since there is no external boot device, the operating system “live” image is loaded onto the SD card that serves as the boot device and operating system storage.  Initial configuration is best done without a network connection, since the startup password is preset and well-known.

So, avoiding that mistake (booting on a network with the default passwords, the single most preventable source of hacker intrusions), we booted with the network cable disconnected and a monitor and keyboard attached, changed the password and expanded the system to fill the SD card, set up the other user accounts, then shut down the system, removed the SD card, and mounted it on the backup server to finish transferring vital data, like the security keys and system security configurations.  In larger systems with a permanent internal boot drive, such “hacker-proof” installation is done on an isolated network, but, since the boot drive on a Pi is removable, it is easy enough to edit the configuration files on another system.

So, with the system fairly well hardened by securing the system accounts and user accounts, it was rebooted attached to the network and the system upgrades and extra software packages (like the web server) installed.  So far, so good.  But, since we upgraded the operating system, the server packages were also upgraded, most notably moving from the webserver, Apache, version 2.2 to version 2.4.  Apache has been the predominant web server software on the Internet for 20 years, so it is in a constant state of upgrade, for security and feature enhancements.  Between version 2.2 and 2.4, many changes to the structure of the configuration files  were made, so that not only did the site configuration need to be restored manually, but there was a fairly steep learning curve to identify the proper sequence and methodology by which to apply the changes.

Then, of course, were the additional Python modules needed to be installed to support the custom software, which involved downloading and compiling the latest versions of those, since Python 2 also upgraded from version 2.7.3 to 2.7.9 (we haven’t yet ported the applications to Python 3, which moved from version 3.2.3 to 3.4.2 between Debian 7 and Debian 8).  Finally, there were other tweaks, like comparing system configuration files to update group memberships for access to the camera hardware, loading the camera drivers, and setting file ownership and permissions for data and program files.

We could have saved most of this by sticking with Raspbian Wheezy, but eventually, support for older systems goes away, and the newer systems are usually more robust and faster: open source software evolves rapidly, with new minor releases every six months and new major releases every two years for most distributions, and an average life span of five years for maintenance of major releases and a year for minor releases.  As we said before, Linux is free, if your time is worth nothing.  The price of keeping current is constant maintenance.  Patch releases occur as they are available, with maintenance upgrades almost daily.

Finally, after a week of tweaking and fiddling, the webcam service is back up and running.  And, the security logs show break-in attempts every few minutes, from multiple sites all over the world (one from Portugal recently, others from unassigned addresses–ones with assigned addresses undoubtedly come from computers that have been compromised and used as hacking robots, as hackers don’t want to be traced back to their own computers, ever).

So, the moral of this post is:  don’t ever expose a stock, unmodified computer system directly on the Internet (which is difficult to do, when all upgrades, new software, etc is available only through download from the Internet–which should be accomplished only from behind a proven firewall).  But, you can set passwords and change system accounts before joining a network.  And, if your computer is hacked, take it to a professional, and don’t grumble about the cost or time it takes to restore it.  Pay for malware scanning software and keep your subscription up to date, as well as scheduling upgrades on a regular bases.  And, if you are a professional, don’t take shortcuts (i.e., install and configure off-net or behind a firewall), keep good backups, install intrusion-detection software early, and check for security upgrades daily.  Change the default passwords immediately, and create a new, weirdly named administrative user, and deny external logins for all administrative users.  Use two-factor authentication and public-key encryption on all authorized user accounts.  They are out there, and they are coming for your computer, even if you don’t have data worth stealing: they can use your computer to spread SPAM or steal data from someone else.

TIAMTOW (There Is Always More Than One Way): Or, Just Say “No” to Microsoft

In a couple of previous posts, we detailed the efforts we went through to get Windows 10 running at Chaos Central–if only for the tax season.  As it happens, the new year brings an anguished thread on the Facebook “cousin network” on the problems others, mostly not computer professionals, are facing or have encountered with either upgrading to Windows 10–which is, after all, a choice–or, even more ominously, keeping the Windows 7 or 8 systems they already have, in the face of the changes Microsoft is making to services to take advantage of new Windows 10 capabilities, that also require forward-compatible changes to older systems.

Despite the shortcomings of Microsoft and Windows in general, the fact remains that every computer sold that doesn’t have the Apple logo on it comes pre-loaded with the current shipping version of Windows, like it or not.  This is the result of all-or-nothing sales contracts between Microsoft and every major computer manufacturer that persist despite anti-trust litigation that flares up from time to time across the planet.  If you don’t want to pay the Apple premium for what is admittedly high-end hardware packaged in a designer shell, your choice is a range of quality and capability (and corresponding price) in a box that comes with Windows.  For the sake of argument, we focus on desktop and laptop computers, rather than the choice of tablets and phones, which offer a third choice, Google’s Android system.

But, speaking of Android, there is a third paradigm available for desktop and laptop users.  This third range of choices doesn’t even require you to buy new equipment–it is available to replace Windows on the computer you have.  Or, if you want, you can take advantage of competitive sales of competing Windows models and just accept the slight “Microsoft Tax” for the installed system you will not be using.  This third choice is the family of Open Source systems based on GNU/Linux, which, coincidentally, is also the core basis for the Android system.

Despite having paid the Microsoft Tax for the existing system on your old (or new) computer, switching to GNU/Linux costs nothing, unless you choose to purchase–at nominal cost– a set of DVDs or CDs for the installation rather than downloading and burning your own network installation disk.  The principal behind this is the idea, espoused by Richard Stallman’s Free Software Foundation, that openly shared software benefits the entire economy rather than enriching a small cadre of individuals who hide their code–which may be of dubious quality and may not do exactly what you want or need.  Open Source means that anyone with the skill and need can improve, extend, or adapt the programs, and is obligated to share with others.

We call this a paradigm rather than a fixed choice because there are many versions, or distributions, of GNU/Linux from which to choose.  There are currently three different “families” of distributions that are popular:  Red Hat Enterprise Linux (RHEL), which is an industrial version that comes with expensive licensed technical support, but also provides “free” versions as CentOS (Community ENTerprise Operating System), that is a proper subset of RHEL, and Fedora (a jaunty, experimental Red Hat).  A slightly different offshoot distribution, SuSE, evolved in Europe and is also more suited to industrial and high-end server use.  The widest variation in distributions is based on the Debian model developed by the late Ian Murdock.  A distribution consists of the core, essential GNU/Linux packages, plus a distinctive set of desktop presentations and productivity applications, with a repository of optional packages.  Pure Debian and the Gentoo bare-bones file set are popular with developers, but users looking for an alternative to Windows find that Ubuntu Linux or Mint Linux are more suited to “zero-administration” use, are very easy to install, and have a default set of productivity applications that meet the needs of most casual users.

Ubuntu Linux 14.04 Desktop (shown in a virtual machine window on another Linux machine)
Ubuntu Linux 14.04 Desktop (shown in a virtual machine window on another Linux machine)

So, what does the Linux experience look like?  Installation consists of downloading a network installation image, burning it to a CD or DVD, rebooting from the new disc, and either replacing the existing Windows system or repartitioning the hard drive to make room for both Windows and Linux, with the choice at boot time.  Once Linux is running, Ubuntu shows the Unity desktop, which is somewhat similar to the Windows 8 or 10, with a disappearing icon bar on the left from which to choose programs.  Mint Linux, based on Ubuntu, offers MATE or GNOME desktops, which are more familiar to Windows XP users, with a menu panel at the bottom and a popup menu at the lower left.

Screenshot from 2016-01-02 21:55:48
A document shown in page mode in LibreOffice

Default installations include LibreOffice, which has the same tools as Microsoft Office–word processor, spreadsheet, presentation, graphics, etc., and can read and write in Office-compatible formats as well as the native Open Document Format files.  Mozilla Firefox is the default internet browser, but Google Chrome is easily installed.  Mozilla Thunderbird is an excellent email client, and the alternate Evolution email client is similar to Microsoft’s Outlook client.  The Totem video player will play MP4 video files or movie DVDs.  VLC is another video player that is very good.  If you want to edit your own videos, OpenShot is easy to learn.   There are several different photo gallery managers and editors available, and the GIMP is equivalent to Photoshop for image editing. Scribus is a page layout/desktop publishing  tool, like Microsoft Publisher.  Incidentally, all of these Open Source productivity tools, with the exception of OpenShot, are available for Windows or OS/X as well (OpenShot depends on some Linux intrinsic libraries and the UNIX philosophy of multiple elements working together, the best way to develop complex applications, but a Windows version might be forthcoming: part of the issue is that it is the creation of a team of exactly one programmer).

Ubuntu Software Center--a place to download free programs
Ubuntu Software Center–a place to download free programs

The software repositories include thousands of applications, tools, and games, all downloadable for free.  Almost any application you can buy for Windows has a corresponding free app that serves the same function.  Also, many popular programs written for Windows can be installed and run on Linux through the WINE (WINdows Emulator) system.  Alas, Quicken, TurboTax, and Garmin Connect are not in that category.

Fiberworks PCW, a Windows program for designing weaving drafts, running under WINE on Linux.
Fiberworks PCW, a Windows program for designing weaving drafts, running under WINE on Linux.

If you don’t want to trust yourself to install a dual-boot Linux partition on your existing computer, you can convert an old XP or Vista computer to Linux, or, if you have a TV with a spare HDMI connector, you can buy a Raspberry Pi starter kit (originally designed in Great Britain to teach computing to children) with a Raspian system on an SD card and extra mouse and keyboard for less than $100 and try it out.  If, like me, you decide Linux is the “one true operating system” and want a “pure” environment without inflating Microsoft’s “shipped system” statistics, you can buy a more powerful machine with Linux pre-installed on it from one of the handful of vendors who build them.  Of course, these low-production-run, built-to-order custom machines are much more expensive than a big-box-store commodity Windows machine, even without the Microsoft license, but they run out-of-the-box, without the user needing to become a system administrator or installer.

There are any number of advantages to running GNU/Linux instead of Microsoft Windows, not the least of which is relative immunity from viruses and other attacks, mainly due to the increased security inherent in systems built on the UNIX mult-user model.  The multi-tasking model is much more efficient as well.   The obvious disadvantage is that most commercial software vendors make their programs exclusively for Microsoft Windows, or maybe also for Apple OS/X.  Another disadvantage, which also applies to Apple products, is that many features offered by Microsoft and Apple depend on proprietary access to the vendor’s cloud services.  However, there are system-neutral independent cloud services if you need that sort of thing, like Dropbox and Google Drive.

So, there is another solution to the aggravation and insecurity of Microsoft and the expense of Apple:  GNU/Linux is not owned by anyone–it is free as in Liberty as well as available at no cost other than your own time and a blank DVD or thumb drive.  GNU/Linux is developed by hundreds of ordinary people all over the world, most of whom are not millionaires, but work at regular jobs, at companies that embrace the Open Source philosophy.  This world-wide community  creates software not as a means to an income stream, but to support the services they provide, leveraging contributions from others and freely sharing their own enhancements.

GNU/Linux is stable and safe: Linux runs more than half of all web servers in the world, and is the foundation for most of the world’s supercomputers, as well as the core of the Android system in the majority of cell phones and tablets.  After 20 years of grass roots growth, Linux only owns a small percentage of workstation desktops, but many of those are also listed on the Windows ledger, as the machines were originally sold with Windows.  Many businesses and government agencies are switching to Linux throughout their organizations.  Is your household next?

Windows 10 Arrives at Last: Be Careful What You Wish For

The only reason we keep a copy of Microsoft Windows at Chaos Central is to run “must have” programs that are only published on the Microsoft platform (and, sometimes, OS/X, for which we don’t have a reliable machine).  Today was one of those days…  We have been getting warnings for some time about updating the GPS in our car.  We have avoided doing that because, until we got the refurbished Windows machine, we had to fire up XP in a virtual machine on Linux and assign a USB port to it.  Except, Garmin no longer supports Garmin Express on Windows XP.

I switched the big monitor from external display on my Linux laptop to the Windows 7 box and plugged in the GPS.  Of course, Garmin Express couldn’t find the GPS.  This is usually some Windows setting, but annoying to have to wade through the manual hardware detection.  Meanwhile, the Windows 10 upgrade agent, which, up until now, had steadfastly insisted we needed to buy a new machine, decided that the Nvidia graphics card I installed back in August was really present and functional, and started the upgrade, which pretty much put doing any useful work on hold until it completed.

But, while it was downloading, I was also downloading the Garmin utility, fighting with Firefox, which had caught an adware virus during configuration of the new machine.  As most Windows users are aware, adware viruses flood the screen with bogus warnings insisting you immediately purchase protective software to prevent the very thing it is doing, and will undoubtedly scale up the infection if you accept.  Other ads a flood in, opening new tabs and windows unbidden, faster than you can close them, if indeed you can close them safely.  So, I also downloaded an adware cleaner (???) but couldn’t run it while the Microsoft update was running.

By the way, none of this ever happens on Linux–adware and viruses just don’t happen.  yes, there are attacks that might install rootkits to allow unauthorized use of the machine, but these are relatively easy to avoid with good administrative practices, but rarely would a program be able to take over the machine or alter the operation of an existing program.

winX100_4608

Soon, the machine completed downloading and preparing the upgrade, then started the process, during which the machine is unavailable. After a fairly long time, involving multiple reboots, the configuration process started, with a succession of “friendly” messages, along with the admonition to not turn of the machine (or, by inference, unplug it, and hope the power company doesn’t have an outage).

winX100_4609

All this waiting is tedious, but the messages are hopeful, and then, after a while, refreshingly honest…  The admonition to not turn off the machine might indicate the upgrade process is not idempotent, i.e., that it might not succeed if restarted, a scary thought.  This one feature of Windows makes me extremely reluctant to ever consider using a Windows mobile system, on battery, or Windows anywhere without uninterruptible power.

winX100_4612

Finally, the new system is ready for use, and detects the GPS immediately.  As much as I have denounced Microsoft and Windows over the years, I was as hopeful about moving from Windows XP to Windows 10 as I was about moving to Windows NT from Windows 3.1 back in the 1990s (NT was a “real” operating system; Windows 3.1 was a graphical user interface running on top of MS-DOS).  For the record, I had abandoned Windows 3.1 for IBM’s OS/2 (another “real” operating system, but which ran Windows 3 programs) early on, and had been a dedicated Unix user since MS-DOS 5 and  Windows 2.

Windows XP seemed an improvement over NT and 2000, which explains why it persists after 13 years, during which the embarrassingly dysfunctional Windows Vista spawned Windows 7, which was essentially Vista with an updated XP desktop, followed by the baffling Windows 8, which replaced the old desktop metaphor with a giant phone screen that didn’t make phone calls, with the tools locked in a secret compartment in the trunk, under the spare tire and the “Desktop” tiled with large “buttons” titled with incomprehensible icons. According to users (I never did use it), in operation, it was permanently wired in the “parental consent required” mode in a largely ineffective attempt to prevent users from inadvertently inviting malware into their systems.  The core system is still vulnerable to intrusion, and the monolithic application architecture is statistically prone to code bugs from sheer volume of code. (Unix architecture encourages a building-block approach to programming, leveraging existing bug-free code.)

The Windows 10 preview, released over a year ago, seemed to have promise: a fairly responsive system with a reasonable work surface modeled after the venerable desktop but with some updated graphics. Well, OK, usable–when you absolutely have to use it, but still Microsoft Windows. Still, Microsoft, under new leadership, (Nidella, replacing corporate plank owner Ballmer as CEO, represents a second generation of management, 35 years after the founding of the company), seems on the mend from a decade of missteps in their flagship operating system. Even though the usability factor seems improved, the cumbersome design concept legacy leaves the platform still more vulnerable to malware than the rival systems based on Unix system design principles, Apple’s OS/X on the desktop, and the Open Source GNU/Linux in the server room.

winX100_4613

Microsoft’s next target is the computer in everyone’s pocket, the smart phone, but struggling from behind against Apple’s iOS and Google’s Android platforms, the former based on the tried-and-true Apple desktop model and the latter built on the GNU/Linux core. Meanwhile, here we are, finally able to refresh our GPS maps on the Garmin (based, naturally, on GNU/Linux). Time to switch the display real estate back to Linux and get some work done.

Some Assembly (and/or Compiling) Required: Epson, Linux, and the ongoing quest for Windows 10

epson100_4596

Despite being “mostly retired” here at Chaos Central, we are still heavily dependent on our computing resources.  Unfortunately, that also includes having at least one working copy of Microsoft Windows, in addition to a plethora of iOS devices  and the workhorse stable of Linux machines and servers.  Of course, the complete enterprise also includes a collection of paper-handling implements, like printers and scanners.

We’ve had a succession of laser printers since the early 1990s: an HP LaserJet2, replaced after 10 years with a LaserJet 1200, and in this century by a succession of Xerox Color Phaser printers.  The latest, a 6500, is on its 3rd set of cartridges.  A set of four “Genuine Xerox” high-capacity cartridges runs just slightly more than the retail price of a new printer, i.e., about $450.  As semi-retirees, that just won’t quite fit the budget, so we tried a 3rd-party set, priced at under $100, which has resulted in faded, muddy colors, absolutely unusable for business purposes, but more or less OK for printing recipes and mostly black-and white documents.  Lessons learned.

We also have gone through a progression of inkjet printers, mostly HP, a Lexmark or two, all with the same marketing principle: the ink costs more than a new printer.  Nevertheless, we keep feeding cartridges into them until they die or can’t color inside the lines anymore.  We currently have several in that condition: since most printers these days combine the functions of printer with scanner, copier, and FAX machine, we have long since consigned our dedicated scanners and FAX devices to the recycle pile.  We gave up our hard-wired telephone connection several years ago and second phone line with the demise of dial-up Internet access, so FAX, for us, is a relic of the 20th century, but the feature seems to come combined with the scanning function.

We do keep the old partially-broken devices around for scanning, though, and even bought a portable scanner to pack in the “on the road” system.  At the office, we used a Raspberry Pi as a scanner-server, to put one scanner on the network, accessible by other Linux systems.  The last of the inkjet printers failed, and with the laser printer quality not suitable for work, we were in the market for yet another inkjet.  Costco had an Epson multi-function system on sale, so it somehow slipped into our cart when we went shopping for bagels and dates, along with a book or two.

Out of the box, the new printer is our first wireless system, and the first Epson since the pin-feed dot-matrix days in the 1980s.  Setup was fairly straight-forward, and, since we have the Windows system we are trying to upgrade, we set that up first.  Despite taking “nearly forever,” that went fairly smoothly, and printed out a test page, because everything is designed to work with Windows: the install program comes on a CD in the box, after all.  The delays were certainly due to all of the updates being installed, not the least of these was the device driver for the new graphics card we hope will convince Microsoft to send us the Windows 10 update eventually–the upgrade status still says, “buy a new machine.”  We might have to wait another month for the update assessment to rerun and detect the driver and/or hardware–unless it has permanently written off our “new” old machine as hopeless.  But, I digress–back to the issue at hand, installing a new printer…

Linux was another issue:  manufacturers don’t publish drivers on their sites, but, thanks to the Common Unix Printing System (CUPS), used by Apple and all other Unix system vendors, Postscript Printer Description (PPD) files are available for almost every printer immediately after it goes on the market.  CUPS is Open Source, and the PPD files are essentially text files describing the printer features and settings (i.e., the “device driver,” a systems term that means the program or collection of functions that understands how to control the hardware device), so it is easy for Unix/Linux vendors to write their own setup systems, and for anyone familiar with the printer specifications to modify the driver to suit themselves, using setup programs they have written.  Of course, one can also modify the driver directly in a text editor, or via an existing setup program, and there lies the crux of our tale…

When I installed the Linux driver package (which essentially just installs the appropriate CUPS configuration file), the test pages and subsequent printouts were faint, with pale colors and grayed-out text.  Whoa!  I knew immediately that this was a function of the PPD file, because the Windows test page and the self-generated status printouts from the printer were normal, sharp, black on white.  A Google search quickly revealed a partial solution: set the print density to “High,” and gave a step-by-step procedure using the Gnome “system-config-printer” graphical printer administration tool.

On my primary system, I ended up opening the configuration file in a text editor (when you have the Source, use it) and selecting the “Normal” print density, rather than “High,” noting that whoever submitted the PPD file to the CUPS repository had left the print density setting in “Draft,” hence the faded appearance.  One could sympathize with the developer for testing in “Draft” mode to save ink, but the final step should be to reset to “Normal” and retest, as a courtesy to users who are not system developers or administrators, and to the Epson help desk, who won’t have a clue how to solve this problem.  In the Linux help forum article I found, the user had contacted Epson, with the usual ineffective “help” rendered to Linux users, which is usually less useful than the ineffective help rendered to users of closed systems like Windows, iOS, and OS/X–they were told to reinstall the driver, update the driver (i.e., download a fresh copy–of the one you just downloaded), and buy the special Epson paper. None of these “fixes” addressed the underlying problem: the driver default settings were simply not what most people wanted, and the settings were not intuitively obvious, but buried several layers deep in the configuration and used obscure descriptions.  Here’s what the file (the pertinent 9 lines out of 1200, anyway) and the graphical utility look like:

*OpenUI *MediaType/Media Type: PickOne
*OrderDependency: 20 AnySetup *MediaType
*DefaultMediaType: PLAIN_NORMAL
*MediaType PLAIN_HIGH/plain papers-High: "<>setpagedevice"
*MediaType PLAIN_NORMAL/plain papers-Standard-Vivid: "<>setpagedevice"
*MediaType PLAIN_DRAFT/plain papers-Standard: "<>setpagedevice"
*MediaType PLAIN_SUPERDRAFT/plain papers-Draft: "<>setpagedevice"
*MediaType LETTERHEAD_HIGH/Letterhead-High: "<>setpagedevice"
*MediaType LETTERHEAD_NORMAL/Letterhead-Standard-Vivid: "<>setpagedevice"

The original setting in the /etc/cups/ppd/WF-3640-Series.ppd file was “PLAIN_DRAFT.”

In the Gnome system-config-printer utility, the Media Type is set in the “Printer Options” screen, down in the middle of a menu, between what might be interpreted as “extremely advanced” and “void your warranty.”  Of course, “plain-papers-Standard-Vivid” doesn’t really translate to “NORMAL” in the minds of most users, unless they ignore the “Vivid” and assume “Standard” is what it means.  Programmers don’t often think about what gets presented to the user or how the users will interpret what they present.

system-config-printer "Printer Options" window on Linux Mint 17 MATE desktop
system-config-printer “Printer Options” window on Linux Mint 17 MATE desktop

The next issue is getting the scanner to work on Linux. For this, it appears, even though there is an iscan package available for “Network” connection, the printer/scanner itself does not support this: the device needs to be connected to a computer via the USB connection. Since our now preferred network appliance building tool is the Raspberry Pi computer, and the utilities and drivers are only packaged for RedHat-Fedora-CentOS and Debian-Ubuntu-LinuxMint variants, it is necessary to build the software from source. Of course, in both the binary packages and the source configuration files, some, but not all, the prerequisite packages and libraries are checked in the pre-processing, so the build process is a trial-and-error affair, tracking down and installing missing packages and header files (-dev or -devel packages for the libraries).

So far, an afternoon of trial builds has come up against a brick wall, finally, with at least one more library version to track down.  And, even if it does work, there is no guarantee that the Iscan system plays with the Xsane server software we currently use to provide network scanning services to all the Linux computers from one scanner.  However, the new Epson multi-function machine will scan directly to PDF and write onto a USB drive or SD memory card, which may be a better groupware solution than the user moving back and forth from the scanner to his or her workstation between pages.  The old HP scanner only produced image files (PNG or JPEG), which had to be embedded in a document file using LibreOffice or Scribus to convert to PDF.

So it goes, just another day at Chaos Central.   Always a new way to do old things, and problems to solve just to stay in one place.  After we got back from Idaho last week, the fan on my big laptop wouldn’t spin up, so it shut down from overheating.  I pulled the back off, spun the fan by hand, blew in it to see if it spun easily, wiggled the wires; did this a couple times, and it started working.  Naturally, we had to go out and buy something new to break in…