Noting this here because all the information I could find on the Interned told me “use MakeMKV for it”. And while MakeMKV seems like a fine product, it’s a bit harder to install, since it doesn’t seem to be packaged for Debian at least. I still gave Handbrake a try (since it is packaged for Debian) and lucky me, it turns out it does work with BlueRay disks.

Now, the following instructions are a bit fuzzy, since I used a bit of a round-about way to achieve this, but here is what I did:

• Installed VLC (just from the repositories, nothing fancy)
• Made sure that it could play BDs
  • It was giving the error “Missing AACS configuration file”. Luckily this askUbuntu answer pointed me in the right direction (and worked for Debian 13)
• Once VLC could play back the BDs, turns out Handbrake could also read them!

Since this is short and sweet, here is an extra tip, courtesy of /r/linuxquestions: how to update the chapter names after encoding? Turns out ffmpeg can do it (què surprise :)):

$ ffmpeg -i movie.mp4 -f ffmetadata movie.metadata.txt
# edit movie.metadata.txt
$ ffmpeg -i movie.mp4 -i movie.metadata.txt -c copy -map_chapters 1 movie_out.mp4

(image taken from bluecinetech.co.uk with permission under a CC license)

It was fun to see

• Installing anything other than ChromeOS on it requires complex fiddling (including reflashing parts of the firmware from “some random website” on the internet) which maybe will void your warranty and has a non-trivial chance to brick your box
• With all the respect to the people creating the custom firmware: it’s a hobby for them, and it shows (again, it’s a great thing they are doing, just setting expectations here). For example, I can’t set a BIOS password. Also, even though SecureBoot is half-working (as in, when it’s enabled, it refuses to run MemTest because it’s “unsigned”), Ubuntu still can’t use the TPM to encrypt the disk.
• Finally, the hardware support is probably less than stellar. For example I couldn’t get HDMI audio out to work. It may be related to the driver (here is a tweak I didn’t try yet) or I might need to get a HDMI audio injector (or two). Oh, and the Ubuntu install just managed to corrupt itself. I didn’t have time yet to do a reinstall and try diagnosing it…

That said, here are the cliff-notes:

• Enable developer mode – this will wipe your device!!
• Shut down the machine. Disassemble it (here is my iFixit guide showing how to) and carefully short the write protection jumpers, as shown here: https://docs.mrchromebox.tech/images/wp/Duffy_wp_jumper.png
  • Make sure that the paperclip is not pushed through too much, such that it shorts to the metal shield on the bottom
  • This is also a good opportunity to do any SSD/RAM upgrade you might want to do. If you upgrade the SSD, you first need to use a recovery stick (see my iFixit guide).
  • The “remove the battery” mode didn’t work for me. Plus, the battery holder is very flimsy and easy to break! (ask how I know :/)
  • As written in the guide, you can use an USB-C (laptop)charger to temporarily power the box while it’s opened up to make the setup less awkward (because the 19V input jack is on the upper panel you just removed)
• Boot up in developer mode, log in
• Now switch to the second terminal (Ctrl+Alt+F2), login with “chronos” as instructed (doesn’t need a password). Using Ctrl+Alt+T to launch a shell does not work! It will give an error when trying to use sudo:
  The “no new privileges” flag is set, which prevents sudo from running as root.
If sudo is running in a container, you may need to adjust the container configuration to disable the flag .
  Use the second terminal! (Ctrl+Alt+F2)
• Run the commands:
  cd
curl -LO mrchromebox.tech/firmware-util.sh
sudo install -Dt /usr/local/bin -m 755 firmware-util.sh
sudo firmware-util.sh
• Yes, we need to download random scripts from the internet to make this work :(. Yes, the shell script really needs to be copied to /usr/local/bin, we can’t run it from the home directory, even if we try to set the executable bit.
• Choose option 2 (“Install/Update UEFI (Full ROM) Firmware”). On the first run it will talk about disabling software write protect and ask you to reboot. Do so.
• After rebooting log in. Even though you’re able to enter the second terminal (Ctrl+Alt+F2) without logging in, you won’t see the install script! Have a USB stick read to back up the original firmware. Confirm that you can see it in ChromeOS before switching to the terminal.
• Switch to the terminal (Ctrl+Alt+F2). Login as “chronos”. Run the install script again (sudo firmware-util.sh) and choose option 2 (“Install/Update UEFI (Full ROM) Firmware”).
• This time it should run to the end and reboot your box. You can now remove the short on the write-protect pins and re-assemble your chromebox.
• Now you should be able to use an USB stick to install your GNU/Linux distribution of choice. If the box doesn’t seem to want to boot from the USB stick, even after adjusting the boot order, select the “Boot options” (or something similar, I’m writing this from memory – it’s the first menu option) and select the USB stick directly.

That’s it folks!

alias less='/usr/share/vim/vimcurrent/macros/less.sh'

Note:

• You have to have vim installed (which doesn’t come by default, but it is as simple as sudo apt-get install vim-nox)
• It supports viewing directly bz2 and gz archives as well as pipe input from stdin (but in that case it fails sometime to highlight)
• Edit commands (like dd) are disabled, so you can’t accidentally modify the file you are viewing

URL='http://10.0.0.1' MIME='image/jpeg' 
  bash -c 'wget -q -O - "$URL/wiki/index.php?title=Special:MIMESearch&mime=$MIME&limit=500&offset=0" 
  | grep -Po "/wiki/images[^"]+" 
  | xargs -n1 -I {} wget "$URL{}"'

What it does: it uses the “MIME search” functionality on the wiki to locate files of a certain mime type and then xargs+wget each of them.

Limitations:

• A maximum of 500 files are downloaded
• Downloads are not parallelized, thus slower than they could be

1. Remove the HWADDR line from /etc/sysconfig/network-scripts/ifcfg/eth0
2. Delete the file /etc/udev/rules.d/70-persistent-net.rules (hat tip)

These two steps are specific to CentOS 6 (on 5.x the first step is sufficient). Also, the second if is recreated at the next boot, thus after rm-ing it, you should shut down the machine and package it (not start it again, or if you do, you should remove the file again).

1. Boot from the CD (we had Internet connection)
2. Mount the Linux partition and chroot into it

sudo su
cd /media/..
chroot .

3. Reinstall the kernel with aptitude
4. Reboot and go into Grub2 command mode
5. Now do the following (commands need to be adjusted to match your partition – also, tab completion works, so you don’t have to guess)

   insmod part_msdos
   insmod ext2
   set root=(hd0,3)
   linux /boot/vmlinuz-2.6.32.38-generic root=/dev/sda3 ro
   initrd /boot/initrd.img-2.6.38-6-686
   boot

It seems that most of the examples on the ‘net are for Grub 1 and little is out there for Grub 2. I found the following three: How to use Grub2 to boot Linux manually, The Grub 2 Guide, GRUB 2 bootloader – Full tutorial. Also, I didn’t perform steps 4-5 because he just reinstalled Ubuntu (it was a fresh install anyway), but I tried it out separately on my laptop and it works.

HTH

Credit where credit is due: this guide is taken mostly from the Ubuntu wiki page. Also, this is not an easy “one-click” process. You should proceed carefully, especially if you don’t have much experience with the command line.

1. Start Ubuntu (from a separate install, from the LiveCD, etc) and mount the source filesystem (this is usually as simple as going to the Places menu and selecting the partition)
2. Start a terminal (Alt+F2 -> gnome-terminal) and navigate to the partitions home directory. Usually this will look like the following:

   cd /media/9e6325c9-1140-44b7-9d8e-614599b27e05/home/

3. Now navigate to the users ecryptfs directory (things to note: it is ecryptfs not encryptfs and your username does not coincide with your full name – the one you click on when you log in)

   cd .ecryptfs/username

4. The next step is to recovery your “mount password” which is different from the password you use to log in (when it asks you, type in the login password used for this account – for which you are trying to recover the data). Take note of the returned password (you can copy it by selecting it and pressing Shift+Ctrl+C if you are using the Gnome Terminal)

   ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase

5. Now create a directory where you would like to mount the decrypted home directory:

   sudo mkdir /media/decrypted

6. Execute the following and type in (or better – copy-paste) the mount password you’ve recovered earlier

   sudo ecryptfs-add-passphrase --fnek

   It will return something like the following. Take note of the second key (auth tok):

   Inserted auth tok with sig [9986ad986f986af7] into the user session keyring 
   Inserted auth tok with sig [76a9f69af69a86fa] into the user session keyring

7. Now you are ready to mount the directry:

   
   sudo mount -t ecryptfs /media/9e6325c9-1140-44b7-9d8e-614599b27e05/home/.ecryptfs/username/.Private /media/decrypted
    Passphrase:  # mount passphrase
    Selection: aes
    Selection: 16
    Enable plaintext passthrough: n 
    Enable filename encryption: y # this is not the default!
    Filename Encryption Key (FNEK) Signature: # the second key (auth tok) noted
   

   You will probably get a warning about this key not being seen before (you can type yes) and asking if it should be added to your key cache (you should type no, since you won’t be using it again probably).

That’s it, now (assuming everything went right) you can access your decrypted folder in /media/decrypted. The biggest gotcha is that home/username/.Private is in fact a symlink, which – if you have an other partition mounted – will point you to the wrong directory, so you should use the home/.ecryptfs/username directory directly.

HTH

JProfiler is a great tool, however under 32 bit Ubuntu you can run into the problem of having a too low limit for open filehandles. This is a problem for JProfiler because it uses temporary files to work around the address-space limitation created by 32 bit (yeah, I know, I should upgrade to 64 bit – but 32 bit works great for now…)

To raise the maximum filehandle limit, do the following:

sudo gedit /etc/security/limits.conf
# add the following two lines before the # End of file marker
# yes, the initial star is also part of line, and you should add it
*       hard    nofile  4096
*       soft    nofile  4096
sudo gedit /etc/sysctl.conf
# restart your system

You can check if the changes were successful by using the ulimit command:

ulimit -n
# it should print out 4096

Disclaimer: I’m not a network head, just an amateur who dabbles with it when he needs to fix a problem.

Given one Ninjabox (the nickname for packet capture boxes from Endace) with a DAG card (some kind of custom packet capture network card from the same company), you could get the following error when trying to use tcpdump on the dag interface:

tcpdump: dag_attach_stream: Permission denied

The problem seems to be unrelated to your privilege level (you will get this even if you are running as root), but rather to the fact that some other program is/was using the particular interface. You can quickly check this by doing a lsof | grep dag0. In my case it was softflowd. But even after killing the softflowd process, I was getting the same error message. I had to reset the card using the following commands:

/etc/init.d/dag_drivers_load stop
/etc/init.d/dag_drivers_load start

After this tcpdump worked like a charm. Hope that this information will save people from searching around as I had to do.

Off topic minirant: why use custom hardware / software? In my experience they almost never deliver the performance they promise and are hard to troubleshoot because of lack of information.