id3 tags were meant to be a simple way to store metadata in MP3 files, slowly but steadily, things became a bit more complicated

Originally, ID3 tags were meta data near the end of a file, then ID3V2 came along, and meta tags were moved to the beginning (With an ID3V1 copy at the end added by most ID3 editors)

Album artwork is another complication, As it may be embedded in the file, An older method used to depend on keeping an image called “cover.jpg” in the folder where the file is stored.

You can also have “user-defined fields”, which can be helpful if you are developing a music player that has some novel ideas

ID3 tag information can be obtained from gnudb.org, MusicBrainz, Discogs, Amazon

Gnome

• EasyTAG: GIT = tag editor for MP3, Ogg Vorbis files and more
  Written in C,
  Dep: libid3-3.8.3v5 libid3tag0 libopusfile0 – Suggested: libid3-tools

KDE

• KID3

LINUX Command Line

• id3:
• id3edit: GIT = id3edit is a command line ID3v2 tag editor and debugger

Windows

• MP3TAG: Freeware (Not free as in freedom), But great software nonetheless 😉

This is much simpler than you’d expect (provided there are no hardware passthoughs, and there usually isn’t), All you need to do is copy both the Disk and the XML file (Typically in /etc/libvirt/qemu) then

1- edit the following in the XML file

Create a new virtual machine ID

uuidgen

Create new MAC addresses for every network adapter

https://olavmrk.github.io/html-macgen/

Change the path to the disks to point to where you put the new copy of the disks

Thats it, now you need to tell KVM about it so….

2- Tell KVM about the new definition with the define function

virsh define /etc/libvirt/qemu/newxmlfile.xml

Hyper-v disk files, with extensions such as vhdx and vhd can be mounted under linux directly with the libguestfs-tools tool, mind you, many packages will be installed… mostly libraries relating to the formats it is capable of mounting

sudo apt-get install libguestfs-tools

Now, the following command should mount the disk inside the virtual machine

guestmount --add diskname.vhdx --inspector /mount/dir/name

If the system does not detect a system, you will need to tell guestmount what partition to mount, to explore the partitions, you will need ….

 virt-filesystems -a disk.vhdx

Once you know your partitions

guestmount --add disk_d.vhdx -m /dev/sda1  /hds/loop

If you would rather mount the disk as read only, you can add the –ro switch

guestmount --add yourVirtualDisk.vhdx --inspector --ro /mnt/anydirectory

To unmount, you will need to use the following command

guestunmount /mnt/anydirectory

VNC and RDP are great and all, and for so many purposes, they are the goto solution for remoting into a machine.

Now, another solution which is great (And much better if you have the bandwidth) is to broadcast your screen video and do all the work on the server rather than the client

The solution used to be nvidia’s game stream, which was abandoned by nvidia, the new solution based on nvidia would be the sunshine (Server) and moonlight client

The sunshine+moonlight duo work on almost every platform I need, Windows, Mac, Android, iOS, Even LG TVs running web OS… in short, it is a more universal solution. You can even create a virtual non existent monitor under linux and stream that to a different device !

So, let us start with the server (Sunshine)

Installing sunshine on debian is very easy as a .deb installation file is provided, sunshine is not yet in the debian repositories, but if i understand the license correctly, it can be some time in the future

Now, go to the sunshine website, and download the deb file., in my case, I visit this webpage, and download the sunshine-debian-bookworm-amd64.deb file

Now, from the command prompt, su (to run as root), then cd to the directory where your deb file resides, then “sudo apt install ./sunshine-debian-bookworm-amd64.deb”, We should now have the server running and waiting to be opened in the web browser, Now, on the command line , type “sunshine”

Point a web browser to https://localhost:47990/, ignore the problem with self signed certificates, and set your username and password

Now, your debian computer is running a sunshine server, go to any other machine where you want to install the client (moonlight) from here , and connect to your server by its IP address.

You are done !

Before you start

This may look like a long post at first, but in reality, it is but a few commands, the rest is output and small simple explanations, so don’t be discouraged by the length, it is really neither complicated nor lengthy.

Yet, you do need to check the hardware requirements before you get your hands dirty, you will find them in the “Minimum hardware requirements” section of this post

Continue reading “GPU PCIe passthrough on KVM”

First, the tools you need

apt-get install qemu-utils

Now, enable NBD

modprobe nbd max_part=8

Once that is enabled, connect the file as a block device

qemu-nbd --connect=/dev/nbd0 /hds/usb/virts/Windows/main.qcow2

Now, the block device should appear like any other, alongside the partitions inside !

fdisk -l

On my machine, this resulted in

Disk /dev/nbd0: 95 GiB, 102005473280 bytes, 199229440 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xc5324c42

Device      Boot     Start       End   Sectors  Size Id Type
/dev/nbd0p1 *         2048    104447    102400   50M  7 HPFS/NTFS/exFAT
/dev/nbd0p2         104448 198138958 198034511 94.4G  7 HPFS/NTFS/exFAT
/dev/nbd0p3      198139904 199225343   1085440  530M 27 Hidden NTFS WinRE

This disk was around 40GB, but fdisk will see the number corresponding to the largest allowed size, 100GB in this case ! let us mount the drive

mount /dev/nbd0p2 /hds/loop

Now, in this case in particular, like any other block device that held the windows operating system, more often than not, you will get the message saying

The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
Falling back to read-only mount because the NTFS partition is in an
unsafe state. Please resume and shutdown Windows fully (no hibernation
or fast restarting.)
Could not mount read-write, trying read-only

The solution to that is simple, follow the following two steps to remedy the issue and then force mount the file by using remove_hiberfile

ntfsfix /dev/nbd0p2
mount -t ntfs-3g -o remove_hiberfile /dev/nbd0p2 /hds/loop

The result of NTFSFIX was

Mounting volume... The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
FAILED
Attempting to correct errors...
Processing $MFT and $MFTMirr...
Reading $MFT... OK
Reading $MFTMirr... OK
Comparing $MFTMirr to $MFT... OK
Processing of $MFT and $MFTMirr completed successfully.
Setting required flags on partition... OK
Going to empty the journal ($LogFile)... OK
Checking the alternate boot sector... OK
NTFS volume version is 3.1.
NTFS partition /dev/nbd0p2 was processed successfully.

And the following mount command worked as you would expect, silently

Now, if you want to disconnect the NBD image, you need to unmount (Like you normally would) THEN

#Disconnect the image from the NBD device
qemu-nbd --disconnect /dev/nbd0;
#Unload the NBD module
rmmod nbd;

The full version of this, with an explanation of everything is here, this one is written for copy-paste and speed.

This version is meant to create unprivileged LXC containers owned by root subordinates, which in my opinion provides the best balance of security and flexibility.

• Install Debian 12 (bookworm) on a computer or virtual machine or what have you.
• I personally enable root access under SSH, so all the commands you see here are run as root, you may use another user with sudo if you wish, but i execute as root
• Execute the following to install LXC (I am installing LXC and KVM) but you might want to remove KVM

apt-get update

apt-get install bridge-utils lxc libvirt-clients libvirt-daemon-system debootstrap qemu-kvm bridge-utils virtinst nmap resolvconf iotop net-tools

Most installations will have 2 users, root and another username you chose while installing the operating system,

IMPORTANT NOTE: This is the full version, if you just want to come in, copy some commands, and end up making unprivileged containers under root, THERE IS A SEPARATE POST FOR THAT HERE.

0- Intro

Don’t let the length fool you, I am trying to make this the simplest and fastest yet most comprehensive tutorial to having LXC (both privileged and unprivileged) up and running on debian bookworm !

I sent a previous version of this to a friend to spare myself the need to explain to him what to do, and he found the tutorial confusing ! instead of the old arrangement, having colors to denote what lines are for what task, I have decided to SEPARATE THIS INTO PARTS….

1. Intro – About this post (You are already in it)
2. LXC info
3. Shared system setup (Privileged and unprivileged)
4. Privilaged LXC step by step
5. Shared setup for unprivileged containers
6. Unprivileged LXC run by new user, step by step
7. Unprivileged LXC run by root user, step by step

I hope this clears things up, the color codes will still exist, mostly because I have already done the work !

Why yet another tutorial ?

Most of the tutorials online focus on creating an extra user to use with LXC, that is one way to do it with a few drawbacks, the other way is to create a range of subordinate IDs for the root user, the advantages of this way of doing it are related to “Autostart” and filesystem sharing between host and guest.

As per usual, the primary goal of every post on this blog is my own reference, the internet is full of misleading and inaccurate stuff, and when i come back to a similar situation, I don’t want to do the research all over again.

Continue reading “Unprivileged containers made simple on Debian 12 (Bookworm)”

I will here assume you already have a remote Linux machine that you can SSH into with putty, the instructions are simple from this point on

Putty Setup

1- Basic putty settings, assuming you have already downloaded putty from chiark.greenend.org.uk, now open putty, enter the IP of the server you wish to tunnel through, and save it with a name, the steps are…
– Open putty,
– enter the IP of your remote machine
– give it a name of your choice
– save (You don’t need to save now, you will save again in a bit, but you can do it anyway)

2- Go to Connection and expand it, then expand SSH, then select Tunnels, this will show a dialogue such as the below, fill in the data as follows

• A Source port between 1025-65536 (of your choice), i chose 8081 but you can chose any other in that range
• Check Dynamic and Auto, the click Add

3- From the menu on the left, go back to Session, and click the save button again (So that the new tunnel settings are saved for next time)

4- You are almost done, Now double click the saved session name or select it and hit open, the remote machine should now prompt you to enter a username and a password, once you enter those, you have a tunnel ready on your localhost (127.0.0.1) on port 8081, next we will setup Firefox to use that tunnel

Firefox setup

1- Go to firefox settings (Click the accordion menu to the right, and chose settings), once open, scroll down under general, until you find the Network Settings section, click the settings button in that section

Clicking settings above will show the following popup dialogue, setup your system as follows

• Manual Proxy Configuration
• SOCKS Host enter 127.0.0.1 and in the port area of that the port we chose in putty (In my case, 8081)
• Optional – Add the IP address ranges of the IPs that you do not want to have tunneled through the remote machine
• For more privacy, and sometimes functionality (When access is blocked from abroad), make sure you tunnel your DNS queries as well (See checkbox below)

Now, to verify that you are conencted to the remote machine, google the following

what is my ip

and google should tell you what your IP address is, at this stage, it should be the same as the remote machine’s IP (Not yours)

Whenever i get the following message

mount /dev/sdd1 /hds/sgt2tb
The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
Falling back to read-only mount because the NTFS partition is in an
unsafe state. Please resume and shutdown Windows fully (no hibernation
or fast restarting.)
Could not mount read-write, trying read-only

The command

ntfsfix /dev/sdd1

resolves the issue, and produces the following message

Mounting volume... The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
FAILED
Attempting to correct errors...
Processing $MFT and $MFTMirr...
Reading $MFT... OK
Reading $MFTMirr... OK
Comparing $MFTMirr to $MFT... OK
Processing of $MFT and $MFTMirr completed successfully.
Setting required flags on partition... OK
Going to empty the journal ($LogFile)... OK
Checking the alternate boot sector... OK
NTFS volume version is 3.1.
NTFS partition /dev/sdd1 was processed successfully

The same mount command you see here will now work flawlessly

mount /dev/sdd1 /hds/sgt2tb

I am still unsure what process from the mentioned above is responsible, as this oftentimes pops up on drives that were never system drives, so there is no hibernation file problem