Friday, December 19, 2008

I was leaving my office the other day and had my phone in my hand. Its a nokia 3120 ( i think ) and has a little camera in the front for video conferencing or something.

Anyway - I accidently took a photo of myself. Initially I was just going to delete it but thought I would just post it here.

Has anyone else taken an accidental photo of themselves? Maybe we should set up some kind of flikr page for it. Who is keen?
Merry Christmas and a very happy new year to all who follow this blog!

Wednesday, December 3, 2008

Fedora 10 Install Success

I was very reluctant to install Fedora 10. Mainly because of the poor success I have had in the past with it all going smoothly. IE: Typically it all went very bad. I never do an upgrade. Always a backup of important data - never apps or configurations - then a fresh install. I like my system clean.

So after about 5 days of having the new distro, I couldn't wait any more. I was just too curious so I carefully backed everything up not forgetting this time to dump my databases too.

The install went absolutely swimmingly. It was like installing a vanilla ubuntu. Nothing went wrong - everything worked like it was supposed to. Just fantastic!!! I suggest you backup and install Fedora 10 today!

Only thing... ( there is always a but ) Amarok in the new version is unusable. I had to trawl google for like minded individuals. Found a forum where I was able to download a compiled version of Amarok 1.4. ( v10 ) I think. I needed this desparately because I use the REPLAYGAIN extention to keep the volume of my music all the same. We play our music through an FM Transmitter that covers a range of about 50 meters. Basically the whole house and neighbours too. Without volume normalisation we would be constantly adjusting the volume between tracks.

Why REPLAYGAIN. Well check it out. ITs pretty good stuff actually. It is a software tool that scans your music files ( mp3 and ogg in my case ) and stores a note in the id3 tags about the relative volume level. Then when amarok plays the song, it checks to see the volume level and adjusts the play volume automatically to compensate. There is no alteration to the actual source file. ( except for the ID3 tag that is. )

Anyway - INSTALL FEDORA 10 TODAY!!!!!!

Thursday, November 6, 2008

Switched to Orcon


Our internet connection was switched over to Orcon today. First off I should say that everything worked! ( well almost everything )

  1. The router arrived at about 13:30
  2. The connection was made at the local exchange at about 15:45. 15 minutes earlier than promised by an email I received 3 days ago.
  3. When I arrived home, the Caller ID function on our phone was working. We can now check missed calls on our home phone which the wife thinks is FANTASTIC. ( hint: When ever you plan to spend extra on ICT then make sure the wife gets something out of it. )
  4. I unpacked the router, plugged everything in, switched my pc over to DHCP and logged into the admin interface. There was a wizard so I tried that. Before I knew it, I had internet connecting at 8012 Mbit downstream and around 1024 Mbit upstream. In case you would like to know how that translates into actual download speeds then have a look at the screen shot of my Kubuntu download.
  5. My laptop can connect to the wireless network. Setting up mac address access control was easy and did not requrie a full reboot of the router.
  6. Looking up my data usage is VERY EASY. All I need to do is browse to www.orcon.net.nz and look at my usage. Orcon seem to know who I am by how I am connected to them through the router. Very clever.

So what didn't work so smoothly?

  1. My PDA does not connect under the highest WPA2 security setting. It's an old one with older WEP based security. As I use the wireless network to vpn into the office on those call outs at 1am in the morning, I need the extra security so will have to make do without a pda that connects to the internet. If I am VERY lucky, I might be able to find a firmware update for the PDA. I think that's a job for a rainy day.
  2. As I am writing this email, I notice that my fantastic download speed as shown in the picture has dropped to 157Kbs. Not so hot really. Still its about 50Kbs faster than my old ISP so we shall have to see. ( PAUSING AND RESUMING the download seems to have increased the speed back to over 800kbs - Must be something to do with the connection to the ftp server I am downloading from. )
  3. I do not have, as yet, as password for my webmail / online account.
( Just tried a download using a Torrent in case the issues I was experiencing were related to the ftp server I was downloading from.)

It turns out the source ftp server in my first download was reducing my speed after about the first 50Mb. Have a look at this screenshot of my Kubuntu x86_64 download using Bit Torrent.

Saturday, November 1, 2008

Orcon Home+ Platinum

I have signed up with Orcon Home+ Platinum for my new ISP service to my house. They promised ADSL+2 which means faster internet as well as a whopping 25Gb per month with $1 / gb thereafter. This should come in handy with all the Linux Distro's I download. I am also looking forward to a new router that comes with the deal. The router is included in the monthly fee so that's a bonus.

I chose the platinum plan because I liked the extra data, the included wireless router and the free homeline with all the bells and whilstles ( Caller ID, VoiceMail and Call Waiting. )

I was told it would take about 4 to 10 working days. In the mean time I have received an email telling me exactly the day on which the cut-over will happen. I hope the router arrives in time.

Wednesday, October 29, 2008

What's a kernel?

I tried to describe a kernel in jargon-free english today. It was pretty tough.
Welcome to your new Linux Distro. Linux is the word we use to define a collection of software ( programmes ) that you copy on to your hard disk ( that metal thing inside your computer that uses magnetic magic to store a series of ones and zeros otherwise known as binary ) so that when you turn on your computer something useful will happen. The most important part of linux is the kernel. This is the programme and other resources that tell the different parts of your computer to do something. For example when you open your text editor programme, something has to tell the hard disk to start spinning around and then it needs to tell it how to retrieve the specific ones and zeros that define the text editor programme. Then the text editor programme is loaded into memory ( RAM ) which will then take control. The text editor programme will now tell the kernel to display something on the screen. The kernel will then tell the graphics card installed inside the box on the floor to send some information over that wire with the blue ( or more recently white ) plug on the end and into your screen so that the correct dots on the screen are lit up in the correct positions and colour so that you the user can see a white rectangle with some buttons on it. Then when you the user move your mouse around the screen, the kernel will tell the screen where to draw the cursor. That's that small white or black arrow on the screen that you use to point and click on things. Again when you the user click ( push one of the buttons on the mouse down) the kernel will need to tell the text editor programme which button you just pressed on that you did in fact press it. The text editor programme will decide what to do and then ask the kernel to do it...


Could you imagine trying to write a complete how-to / instructional document without jargon for say, Linux From Scratch?

Monday, October 27, 2008


Hi All,

During Movember (the month formerly known as November) I'm growing a Mo. That's right I'm bringing the Mo back because I'm passionate about tackling men's health issues and being proactive in the fight against men's depression and prostate cancer.

To donate to my Mo you can either:

Click this link https://www.movember.com/nz/donate/donate-details.php?action=sponsorlink&rego=1550521&country=nz and donate online using your credit card
Write a cheque payable to ‘Movember Donations Account', referencing my Registration Number 1550521 and mailing it to:

Movember
PO Box 12 708
Wellington 6144

Remember, all donations over $10 are tax deductible.


The money raised by Movember is used to raise awareness of men's health issues and donated to the Cancer Society of New Zealand and the Mental Health Foundation of New Zealand. These two charities will use the money raised to fund research and increase support networks for those affected with prostate cancer and experiencing depression.

Did you know:

Depression affects 1 in 10 men....Most people who experience depression make a full recovery. The first step is seeking help.
* Last year in New Zealand 2,700 men were diagnosed with prostate cancer and more than 600 died of prostate cancer - (that's nearly two each day).
*
For those that have supported Movember in previous years you can be very proud of the impact it has had and can check out the details at: [Fundraising Outcomes].

Movember culminates at the end of month Gala Partés. If you would like to be part of this great night you'll need to purchase a [Gala Parté Ticket].

Thanks for your support David.



More information is available at http://www.movember.com/.

Movember is proud partners with The Cancer Society of New Zealand and the Mental Health Foundation of New Zealand

Printing from Linux to Vista

We bought a new printer yesterday. HP2280 All in one colour printer, scanner, copier. It was a cheap deal from QMB at just shy of $50 (NZD).

As this is our second printer, bought to replace the one we have that hasn't yet died, we decided to install it on my wife's Windows Vista PC. The install and functions all went perfectly as one would expect with a "Made for Vista" product. The tricky bit turned out how to connect it to Linux for remote printing. I thought I could use the extra printer at times so went to install it...

First step was drivers. I ended up installing a mammoth driver pack and utility tool-set I downloaded from Sourceforge. ( link provided by HP website. )

Next I needed to enable TCP Printing services on the vista host. Did this in control panel / Add remove windows components.

Next I used the standard linux printer dialogue to attach the printer using Cups with the Samba backend. That worked just fine too. I could even send a test print and the print jobs dialogue on Windows showed the print and the printer even woke up and began some initial cartridge moving about. No paper load and nothing beyond that point.

I found a reference buried in a forum post that said I should try disabling bi-directional printing on the vista host. Lo and behold! This fixed it. I can now print from my Fedora 9 over to the printer plugged into the USB port on the Vista box.

Bi-Directional Printing is:

( http://www.dewassoc.com/support/networking/bidiprint.htm )
During normal print cycles, print signals or print instructions are sent in one direction, from your computer to your printer. Printers that are Bi-directional (also known as bi-tronic) capable also have the ability to talk back to your computer in order to advise your computer of a print job's status, paper status including the occasional jam, etcetera. This two-way or Bi-directional communication technology can be found in most of the more popular printers offered today, such as HP, IBM, Panasonic, and other laser or color printers, especially where bi-directional communication between the computer and the printer is imperative. In color printing, as an example, the printer will advise the computer of its constant availability status in order to mix color inks correctly for optimum output.

And from Microsoft...
( http://support.microsoft.com/kb/132465 )

Network Protocol

Most network protocols support bi-directional printing. Networks protocols such as the AppleTalk protocol and Data Link Control (DLC) protocol can provide bi-directional communication in Windows NT. Although TCP/IP can carry the signal, the Line Printer Remote (LPR) specification has no facility for this signal. Therefore, the Windows NT TCP/IP protocol does not support network bi-directional printing.

So there you have it. The printer was trying to tell my linux machine something and windows was not sending the message. The printer was not giving up so the print stalled at the last minute. Turn off support for bidirectional printing and then the printer doesn't try to chat back and the prints just work.

Wednesday, October 22, 2008

Setup Linux For Wndows Terminal Services


Windows Server 2003+ only supports ( last I checked ) two remote desktop connections at the same time. At least that's the default behaviour. I believe one can increase this through the purchase of a Terminal Server license. Essentially in order to allow more than two users to use Remote Desktop to log in to a machine on your LAN at the same time, you need to start paying extra.

The only reason - and its a good one - for needing to do this is because your vpn assigned ip address is not on the same subnet ( for security reasons ) as the servers you need to access.

Specifically: your dynamically assigned VPN IP address is not listed as an object on your firewalls. So when you try to RDP from your laptop at home, to that server in your data centre you get nowhere because your IP address is blocked by the firewall.

JUMP BOX TO THE RESCUE. I call that box you set up and leave running at work a jump box because you will use it for receiving your remote desktop connection and then establishing a new RDP session from there to your servers in the data centre. Because the Jump Box has its IP address confiured in the firewall you should be ok.

Fedora and all linuxes don't have a restriction to the number of concurrent desktop sessions. ( RAM might get in the way eventually ) but even then that can be mitigated. More that later.

Environment:
Laptop at home  ( WINDOWS )
| +--------ANOTHER LAPTOP ( WINDOWS )
| |
V V
JUMP BOX ( FEDORA )
|
|
V
FIREWALL ( CISCO for example)
|
|
V
Destination Server. ( WINDOWS )
( please excuse the ASCII art )

  • Windows have RDP clients built into them already.
  • Fedora will require one to be installed. ( use tsclient )
  • The Laptops have dynamic IP addresses not in the same subnet as the destination servers.
  • The jump box has a static IP address with access allowed through the firewall on RDP ( 3389 ) to the destination servers.
  • The destination servers support remote desktop connections ( limited to 2 concurrent connections )
We will install xrdp on the jump box and enable port 3386 through the built in IPTABLES firewall:

Before you start make sure you have an up to date version of gcc and all the required dependancies. I usually make sure I have kernel-devel installed too. These installation steps are for Fedora. Checkout this link for Debian based distros:

http://venturehosting.net/howto-get-xrdp-working-on-ubuntu-610-server/
//Make sure you have the right dependancies.  INCLUDING X.  So I did mine on a default gnome fedora.

# yum install pam-devel openssl-devel vnc-server

//Download the xrdp source tar ball
# wget http://waix.dl.sourceforge.net/sourceforge/xrdp/xrdp-0.4.1.tar.gz

//Extract the tar ball
# tar xvfz xrdp-0.4.1.tar.gz

//Enter the source tree
# cd xrdp-0.4.1

//Compile
# make

//Install
# make install
xrdp is now installed in /usr/local/xrdp/

If you are like me and want a nice lightweight, no-nonsense desktop environment presented when you rdp in over your 3g connection from your laptop then you will need to install fluxbox.
# yum install fluxbox fluxconf
Now you need to create a new startwm.sh script so that fluxbox and not Gnome will be used for the window manager ( desktop environment ) once you have successfully opened an RDP session on your linux box.
# mv /usr/local/xrdp/startwm.sh /usr/local/xrdp/startwm.sh.old
# vim /usr/local/xrdp/startwm.sh

make it look like this:
#!/bin/bash
/usr/bin/startfluxbox
exit 0

Ensure you have an account and password set up so that when you establish the RDP session you will be able to log in.
# system-config-users
//Add user and set password.
Make sure you have tsclient installed
# yum install tsclient
Now test xrdp with:
# /usr/local/xrdp/xrdp_control.sh start
Allow port 3389 through the firewall. I am not sure if UDP is required by TCP is definately required. I could give you the IPTABLES script but its easier to use the tools provided by Fedora.
# system-config-firewall
//Custom -> Add -> Select 3389 TCP. ( add UDP if it doesn't work. )
//Save Configuration
//Close

# service iptables restart


Now use RDP from a windows machine to log into your linux box. You will be asked for credentials by a utility that came with xrdp called sessman which will check your username / password with pam and if approved xrdp will start fluxbox up and you will see adefault fluxbox session.

Now when you want to connect to those remote servers, start up tsclient either by typing it into a session or using the run tool on the fluxbox menu.

That's about it. You can do all sorts of cool things with fluxbox to make it nicer to look at but remember, this is a JUMP BOX. Not a desktop. It's sole purpose is to provide a means for your access those remote servers.

Wednesday, October 15, 2008

Howto Install Microsoft Core Fonts on Linux

Linux does not ship with Microsoft's core fonts. This means that fonts like Arial are simply not available with a default distro. Here is how one gets them installed using Fedora 9 x86_64. I have posted them in an RPM on http://forum.thelinuxcdstore.com under the General section.

ALL THANKS to http://corefonts.sourceforge.net/ for a great guide and for their hard work.

1. Set up a build environment in your home directory:
Create a file in your home directory called .rpmmacros
Add the following line to the file.

%topdir %(echo $HOME)/rpmbuild
2. Create the following directories:

~/rpmbuild/BUILD
~/rpmbuild/RPMS/noarch
3. Log in as root and install some prerequisites.

# yum install rpmbuild ttmkfdir cabextract

4. You will need chkfontpath. I found my copy here: http://dl.atrpms.net/all/chkfontpath-1.10.1-2.fc9.x86_64.rpm. I downloaded it and installed it with:
yum --nogpgcheck localinstall chkfontpath-1.10.1-2.fc9.x86_64.rpm
5. Make a temporary directory for your spec file.
mkdir ~/mscorefonts && cd ~/mscorefonts
5. Download the mscorefonts spec file from: http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec
wget http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec
6. Build the mscorefonts rpm with:
rpmbuild -bb ~/mscorefonts/msttcorefonts-2.0-1.spec

7. Finally install the mscorefonts package with:
yum --nogpgcheck localinstall ~/rpmbuild/RPMS/noarch/msttcorefonts-2.0-1.noarch.rpm
8. Your fonts will be saved in:
/usr/share/fonts/msttcorefonts

Saturday, October 4, 2008

Using SMBCLIENT to transfer files.

This information is gathered from a few different sources. I have it here for reference:

Step 1:
Create a file that contains authentication details. In my test case I had no domain to bother with so just added the username and password fields.

I also made a point of ensuring that the file permissions for this file were set to the owner having access only. Ie: rw- --- --- or ( 600 )

Thanks to: http://www.javascriptkit.com/script/script2/chmodcal.shtml for the very useful chmod calculator.

smbclient_authentication.txt
username = backupuser
password = Pa$$w0rd

Step 2:
In your script or whatever the way to put a file onto the windows share is like this:

~> smbclient -A smbclient_authentication.txt ////192.168.0.96//data -c "put myBackupFile.tar.gz"
That's about it. Piece of cake. When I test this on an SELINUX environment, I am sure this tutorial will be extended somewhat!

Monday, September 8, 2008

VMWare Player and VMWare Server on same box

Darn it! I can't have my cake and eat it. Turns out that I can't install both VMWare server and VMWare Player on the same PC.

BUT WHY would one want to dot that?

The answer is simple. I was hoping to have access to the player so I could use my machines, and close them and restore them when I needed to. I don't leave my Desktop on all day every day. It would be handy to not have to save a snapshot of the guests I am using prior to shutting my machine down at the end of each day.

Anyway - no hope. Too many conflicts and so trashed the player and am sticking with the server.

Friday, September 5, 2008

Canon LBP 3300 Driver for Fedora 9 x86_64

I have compiled the Canon Drivers for the LBP-3300 - B&W duplexing laser printer.

A list of supported printers:

  • LBP3310
  • LBP5100
  • LBP5300
  • LBP3500
  • LBP3300
  • LBP5000
  • LBP3210
  • LBP3000
  • LBP2900
  • LBP3200
  • LBP-1120/1210
I used to host a forum which had these drivers linked to them. A while a go, I removed the forum because it was not being used but have since found a posting on another forum that referred to them. So I have found them again in an old email I once sent and placed them here for people interested.

Here is the content of the email to lend it all some context:
Ok - They are attached. Intall the common one first because the other
one depends on it.

I have also attached a text file that gives information about the
driver.

I downloaded the source, met the dependencies and compiled it. I dont
have a cannon printer so I couldn't test it. This driver is purely
experimental in that it seemed to compile without errors and that it is
untested.

The guide package contains an HTML guide. Extract it then open the
contents.html in your browser.

Please don't blame me if this screws with your system.

Regards
Dave L


These drivers were compiled on Fedora 9 x86_64 and are totally untested. I would very much appreciate someone to download the rpm drivers and test them out for me. I don't own a Canon but have a customer who does and so I tried to help out. Unfortunately the customer has not let me know if it worked or not.


Friday, August 29, 2008

Hex Editor for GNome

Lately, I have been working on a project to parse a binary log file into text format. The requirements are that logs with 30 000 + records must parse quickly with low overhead on the production server.

In order to achieve this, I needed to know how the binary log was formatted. This was the most difficult part and I quickly realised I needed a descent Hex Editor. I settled on GHex ( Hex Editor for Gnome. ) Fedora 9 ships GHex in the Yum repositories.

# yum install ghex
HEX data can be viewed as bytes, words or long words. The data can be selected and there is a search tool.

Find the project's home page here: http://directory.fsf.org/project/ghex/

Sunday, August 24, 2008

Google Gadgets on Fedora 9 x86_64


If you have Fedora 9 64 bit and want to check out the google gadgets then read on.

Google Gadgets is very much like the Windows Vista sidebar. You can add all sorts of little toys to the side bar. I have a resource meter, news feed and pictures gadget.

Installing the gadgets application was relatively simple.

Here are some links to get you started:
  1. http://code.google.com/p/google-gadgets-for-linux/ - The homepage
  2. http://code.google.com/p/google-gadgets-for-linux/wiki/HowToBuild - Official Build instructions
  3. http://groups.google.com/group/google-gadgets-for-linux-user/web/building-instructions-addendum - Build instructions for different distros.
So here is a little command line script to make the instructions work.

( I executed this a root - and I run gnome so didn't worry about the QT stuff. )
# yum install dbus-devel js-devel libxml2-devel gstreamer-plugins-base-devel gstreamer-devel libtool-ltdl  xulrunner-devel xulrunner-devel-unstable gtk2-devel librsvg2-devel curl-devel
I decided to ignore the comments on the addendum about requiring a patched version of js-devel and I am glad I did. It worked fine without it.

The next step is to get the latest version from the subversion repository. I followed the second half of the instructions from http://penguinenclave.blogspot.com/2008/06/installing-google-gadgets-in-fedora-9.html

# cd /usr/local/src
# svn checkout http://google-gadgets-for-linux.googlecode.com/svn/trunk/ google-gadgets-for-linux-read-only
# cd google-gadgets-for-linux-read-only/
# sh autotools/bootstrap.sh
# cp /usr/share/automake-1.10/mkinstalldirs ./libltdl/

# ./configure
# make
# make install
If you ever want to uninstall it again, then leave the source directory in place and remove it with the following:
# cd /usr/local/src/google-gadgets-for-linux-read-only/
# make uninstall
Once it is all installed, you will find launcher in the Applications -> Accessories menu.

Have fun.

Sunday, August 17, 2008

Allow httpd ( apache ) to write to files and folders with SELINUX

You may have read my previous post about configuring apache for public_html with selinux. Now today we look at extending this a little with enabling write permissions on special folders with SELinux enabled. There is sweet little help on this available on google so I thought I would throw in my two cents.

In summary the file context needs to be changed for folders where the httpd daemon needs write access. These would folders that contain cache, images, logs and other things...

To recap:
Step 2 - Ensure that selinux is enabled for user_dir
#> setsebool httpd_enable_homedirs true

Step 3 - Ensure the correct access permissions are set on the home directory
As normal user in home directory
~> chmod a+x ~
Step 5 - Create the public_html directory
~> mkdir public_html
Step 6 - Set the selinux type label for public_html
~> chcon -t httpd_sys_content_t public_html


Now your installer script for modx ( say for example ) tells you that it can not install because the cache folder is not writeable. You scratch your head and wonder why... You need to make a change to the file context for the cache folder ( and any folders you wish httpd to be able to write to ).

Setp 7 - Turn on the boolean switch for allowing httpd access to files.
#> setsebool allow_httpd_anon_write true

Step 8 - Set the selinux type lable for public_html/assets/cache
~> chcon -t chcon -t public_content_rw_t ~/public_html/assets/cache
Step 9 - Set file permissions to everyone ( I have yet to work this out properly. ) It may be better to provide ownership to the apache user and group to the home directory... I just do a chmod 777 to give all permissions to all users on the public files.
~> chmod 777 -R ~/public_html_assets/cache


So that should about cover it then. Apply to all folders or specific files if you want httpd to have write access.

Wednesday, August 6, 2008

VMWare Server on Fedora 9 x86_64

A little while ago ( like when I first installed my 4Gb of RAM ) I thought I might give VMWARE server a try. VMWARE server is available for free from http://www.vmware.com/download/server/.

Needless to say it didn't work. There was an issue with compiling the 64bit modules for networking with the kernel and kernel-devel packages at the time.

Happily, Fedora has updated the kernel and kernel-devel packages and the issue is gone! Last week I gave it another go and now have VMWare Server running smoothly on my Fedora PC. I use it for a range of different things and prefer it to Qemu for a range of different reasons.

My list of VMWare pros over Qemu:
  1. VMWare is very good at sharing host resources amongst the guests. One can assign more virtual memory to each guest and have them run concurrently without incurring exorbitant overhead costs.
  2. VMWare deals with bridged networking without much input from the person behind the keyboard. All I had to do was tell VMWare server that my guest should use bridged networking and the software simply made it so.
  3. VMWare can be run as a regular user because its services are started up as part of xinetd during boot time. Guests are executed as the user that started them or made available to all users.
  4. VMWare provides greate commandline access to both the host and the guests allowing for all kinds of nifty scripting. The guests can be pinged to check if they are alive. This is handy in a high availablity environment where one might have a cron that checks for a live ping and notifies to an email address if a guest is found to be down.

The install process was relatively smooth. The required dependancies were the kernel-devel package matching kernel version: 2.6.25.11-97.fc9.x86_64. There was one dependancy that I had to install manually.

# yum install libXtst-1.0.3-3.fc9.i386

ASIDE -> if you are using Fedora and need to remember what was installed a week ago when you were filling in missing dependancies, you should have a look at /var/log/yum.log
Usually when I receive an rpm package I install it like this:

# cd /path/to/downloaded/rpm/file.rpm
# yum localinstall --nogpgcheck file.rpm

Sometimes yum will also let you know that it needs to fill some dependancies in order to install the package correctly. It makes sense to allow yum to manage all installs of rpms for you. You can then use yum to remove stuff and find a history of installed applications in /var/log/yum.log

So why should you try VMWare Server?
  1. Its free now and it might not be forever.
  2. You will have the ability to try out other linux distro's or if you have a licensed copy of one of the Microsoft Operating Systems you might wish to have it run inside your Linux. There seems always to be one or two MS apps that one can't do without. For me it's Cashbook Complete!
  3. You may wish to try your hand at setting up a domain, a network, a dns server, or simply a 3 tiered web/app/data suite which you wish to set up with PHP or Python...
  4. The list goes on. Why do you use VMWare? Comments welcome.

So all in all, I am happy with my VMWare Server experience on Fedora Linux. The 4 gb RAM definately helps. I would not recommend it for anyone with less than 2gb ram.

Monday, July 21, 2008

Marshalling ones thoughts with Freemind

Not too long ago, I was sitting at work with a thousand and one things to do and no idea where to start. I ended up surfing the Internet. What else does one do when one is swamped with work?

I was thinking at the time that I knew of a way to get things straight in my head. Mind Mapping was always a useful tool that allowed:
  1. Structure concepts in a logical order
  2. Link things together in ways that don't seem apparent at first
  3. Brainstorm
  4. Prioritise
You have heard all this before. Mind maps were all the rage when I was in school and later in college. It was the miracle answer to study. Never worked for me though. At least in school. I guess, like so many things that other people suggest, application of ideas to one's own situation often requires a little experimentation, trial and error and a lot of perseverance. In short, there is no easy solution to anything.

So back to my "hell day." There I was surfing the internet, steadfastly ignoring the pile of work I had and thinking about mind maps. At the same time, I was wondering if a mind map would work for me in our fresh new PAPERLESS OFFICE! No mind maps without paper. How can one doodle the little skull and crossbones next to the items that pose the most risk for example?

In a flash of inspiration I typed, "Open Source Mindmaps" into Google.

ASIDE: ( AGAIN ): I never use the proper noun Google as a verb. It makes me feel cheap! ( another aside: ) Why doesn't "proper noun" have capital letters?

Up came Freemind. It had the two magic words combined into one. Fate or something deeper. I will never know.

All I can say is this, "Download your copy of Freemind for Windows or Linux or anything Java runs on today!" http://freemind.sourceforge.net/wiki/index.php/Main_Page

I now use it as link to everything. Freemind provides a way to access information about the many different projects I have on the go. Each project has its own set of documentation, tasks, contacts and other bits and pieces. I can very quickly add new nodes, link nodes together with nice graphics, hyperlink to any kind of document including other mind maps and websites and add free text notes to nodes.
Parent nodes can be folded up with automatic re-arrangment of nodes to make things easier to read. Nodes can be heirachial in terms of font size, colour and special effects. Icons that represent the status of a node can be applied at will.

Its a gem of an application. The software runs equally well on Linux and windows so long as the appropriate Java runtime is installed.

I usually don't blog about other people's software, but this time I am making an exception. I have found this tool to be a fantastic way of storing information and marshalling my tasks and thoughts and TO DOs in one nice-to-look-at environment.

Thursday, June 26, 2008

pyVerify version 2

Following on from my previous post that shows how to verify cd or dvd integrity, I have this following update:
  1. The volumeid.sh script now reads the whole isoinfo -d -i from the dvd and pipes it through to md5sum to generate a "signature" that identifies the disk. The thinking here is that it would be near impossible to have have two disk headers that match completely. Even those that share volume ids... For example openSUSE 11.0 i386 and openSUSE 11.0 x86_64
  2. The Verify class now includes checking for more than one row in the database that has the same volume label. ( md5sum result from volumeid.sh ) This is to catch anything that matches for some strange reason.
The updated code for all the files is included below.

volumeid.sh

#!/bin/sh
#
# small utility to find the md5sum of the isoinfo header information
#

isoinfo -d -i /dev/cdrom | md5sum | cut -d " " -f 1


verify.sh

#!/bin/sh
#

# Start with verifying CDs
#

device="/dev/cdrom"
checksumtype=$1

#Find details of the device
blocksize=`isoinfo -d -i $device | grep "^Logical block size is:" | cut -d " " -f 5`
if test "$blocksize" = ""; then
echo catdevice FATAL ERROR: Blank blocksize >&2
exit 1
fi

blockcount=`isoinfo -d -i $device | grep "^Volume size is:" | cut -d " " -f 4`
if test "$blockcount" = ""; then
echo catdevice FATAL ERROR: Blank blockcount >&2
exit 1
fi

command="dd if=$device bs=$blocksize count=$blockcount conv=notrunc,noerror status=noxfer"

# execute the command to read the disk and pipe through md5sum or sha1sum
result=`$command | $checksumtype`

#get the checksum
checksumresult=`echo $result | cut -d " " -f1`

echo $checksumresult


Verify.py

#!/usr/bin/env python

#===============================================================================
# Version information
# Version 0.1 Use Volume ID from isoinfo to identify current dvd/cd
# Version 0.2 Use an MD5SUM of the whole header found by isoinfo to
# identify the cd/dvd - This is called the signature in further
# comments
#===============================================================================

import MySQLdb
import popen2
import string

class Verify:

volumeid=''
checksumtype='md5sum'
goodchecksum=''

#===============================================================================
# Use volumeid.sh to find the signature of the disk
# and checks it against the database.
# If no match is found then report and exit. Otherwise
# checksum details are stored in class variables.
#===============================================================================

def __init__(self):

#===============================================================================
# get the signature from the inserted disk.
# Check for errors
# Store the signature in self.volumeid
#===============================================================================

(fout, fin, ferr) = popen2.popen3('./volumeid.sh')

errLineCount = 0
while True:
if ferr.readline():
errLineCount += 1
else:
break

if errLineCount > 0:
print "Errors were found."
exit()

id = ''
while True:
c = fout.read(1)
if c != "\n":
id += c
else:
break
self.volumeid = id

fout.close()
fin.close()

#===============================================================================
# Connect to database
# Find the distro with a distro_label matching the signature
#===============================================================================

conn = MySQLdb.connect(host = 'localhost',
user = 'root',
passwd = 'greycat',
db = 'cdburner' )
cursor = conn.cursor(MySQLdb.cursors.DictCursor)
sql = "SELECT * FROM distro WHERE distro_label = '%s'" % self.volumeid
cursor.execute(sql)

rows = cursor.fetchall()

#===============================================================================
# We still want to make sure there are no duplicates in the database.
# I would expect this to not ever happen as the block count is stored
# in the header and it would be quite unusual for two different CD or DVDs
# to have the same header details and block counts.
#===============================================================================

if( len(rows) > 1 ):
row = self.confirm(rows)
elif ( len(rows) < 1 ):
print "Could not find a matching record in the database."
print rows
print "SQL: %s" % sql
print "Quitting..."
exit()
else:
row = rows[0]

#===============================================================================
# Retrieve details of full checksum and checksum type
# from the database.
# Report findings and inform what's happening next.
#===============================================================================

if row["hash_type"] == 1:
self.checksumtype = 'md5sum'
else:
self.checksumtype = 'sha1sum'
self.goodchecksum = row['hash_detail']

print "Found [ %s ] in drive" % row['distro_name']
print "..."
print "performing %s check on disk now..." % self.checksumtype

cursor.close()
conn.close()

#===============================================================================
# Find the checksum of the inserted disk.
# using the external command verify.sh
#===============================================================================

cmd = "./verify.sh %s" % self.checksumtype
print "Executing ... %s " % cmd

(fout, fin) = popen2.popen2(cmd)
checksum = ''
while True:
c = fout.read(1)
if c != "\n":
checksum += c
else:
break
fout.close()
fin.close()

if checksum == self.goodchecksum:
print "Good Checksum : %s" % self.goodchecksum
print "Checksum found: %s" % checksum
print "DISK SUCCESSFULLY VERIFIED"
else:
print "Good Checksum : %s" % self.goodchecksum
print "Checksum found: %s" % checksum
print "*** ERROR *** DISK COULD NOT BE SUCCESSFULLY VERIFIED *** ERROR ***"

#===============================================================================
# We have more than one option. Ask for clarification
# Example. openSUSE 11 has the same volume id for both
# i386 and x86_64
# Keep asking until y or q entered.
#===============================================================================
def confirm(self,rows):
if len(rows) > 1:
while True:
print "Please select the ID that matches the media you wish to verify"
print "ID - Name"
count = 1
for row in rows:
print "%2d - %s" % (count, row["distro_name"])
count += 1
selected = raw_input(">")
print "You selected %s" % rows[int(selected)-1]["distro_name"]
confirmed = raw_input( "Is this ok? (y=yes, n=no, q=quit)" )
if ( string.lower(confirmed) == 'y'):
break
elif ( string.lower(confirmed) == 'q'):
print "QUIT APP"
exit()
return rows[int(selected)-1]


if __name__ == "__main__":

print "DISK Verifier -- Console Application."
print "by David Latham ( The Linux CD Store ) 2008"
print " "
v = Verify()
exit()

Tuesday, June 24, 2008

Python + Bash + isoinfo + mysql = Python CD Integrity Verifier

I have a requirement to verify by md5sum or sha1sum, CDs or DVDs that I burn - so I wrote a bunch of scripts. I am not saying that this is the best way to skin this particular cat, but it is working.

First of all a bit of background info.

This stuff only works on Linux because the commands make use of Linux tools such as isoinfo and dd. I am sure Windows command line equivalents exist...

I have a mysql database with one table in it that has the following fields:
distro_label --- Volume ID of CD or DVD
distro_name ---- Name of the CD or DVD
hash_type ------ 1 = md5sum, 2 = sha1sum
hash_detail ---- Known good md5sum or sha1sum of the particular CD or DVD

Here is an example record:
distro_label --- Slack11d1
distro_name ---- Slackware 11 Disk 1
hash_type ------ 1
hash_detail ---- a7cfcb4be158beca63af21b3b4dbc69c

In case you are wondering how I know the volume id - try this while you have a CD or DVD in your cd / dvd drive:
[~]$  isoinfo -d -i /dev/cdrom

Requirements
This python script has one dependency. Basically I need my python script to be able to query the database.

  • MySQL-python - Download and install from here or if you are in Fedora try: yum install MySQL-python

Retrieving the volume id from the disk.
I have a small utility bash script that does this.
#!/bin/sh
#
# small utility to find the volume id of a cd / dvd
#

isoinfo -d -i /dev/cdrom \
| grep "Volume id:" \
| cut -d ":" -f 2 \
| sed "s/ //g" 

It does the following:

  1. read the iso info from the disk

  2. Find the line with the Volume id

  3. Cut out the second field delimited by ":"

  4. remove all spaces

Reading the disk
In order to accurately read the CD we need to know some details about the cd first. There is a very useful script ( from which I borrowed all the technical stuff about finding the blocksizes and blockcounts required by dd ) I found the rawread.sh script here.
Here it is for your convenience:
#!/bin/sh
device=$1

blocksize=`isoinfo -d -i $device | grep "^Logical block size is:" | cut -d " " -f 5`
if test "$blocksize" = ""; then
  echo catdevice FATAL ERROR: Blank blocksize >&2
  exit
fi

blockcount=`isoinfo -d -i $device | grep "^Volume size is:" | cut -d " " -f 4`
if test "$blockcount" = ""; then
  echo catdevice FATAL ERROR: Blank blockcount >&2
  exit
fi

command="dd if=$device bs=$blocksize count=$blockcount conv=notrunc,noerror"
echo "$command" >&2

$command


Here is my modified version to suit a call from my python script.
#!/bin/sh
#

device="/dev/cdrom"
checksumtype=$1

#Find details of the device
blocksize=`isoinfo -d -i $device | grep "^Logical block size is:" | cut -d " " -f 5`
if test "$blocksize" = ""; then
 echo catdevice FATAL ERROR: Blank blocksize >&2
 exit 1
fi

blockcount=`isoinfo -d -i $device | grep "^Volume size is:" | cut -d " " -f 4`
if test "$blockcount" = ""; then
 echo catdevice FATAL ERROR: Blank blockcount >&2
 exit 1
fi

command="dd if=$device bs=$blocksize count=$blockcount conv=notrunc,noerror"

# execute the command to read the disk and pipe through md5sum or sha1sum
result=`$command | $checksumtype`

#get the checksum
checksumresult=`echo $result | cut -d " " -f1`

echo $checksumresult

This script does the same things as rawread.sh but lets the user specify a checksum type as a command line argument. When called from within our python script this bash script will simply return the real checksum of the disk in the cd / dvd device.

  1. Store the checksum type in a variable.

  2. Find the block size and block count values for the disk.

  3. Format the dd command

  4. Execute the dd command and pipe into checksum type. eg: dd .... | md5sum

  5. cut the resulting checksum from the output of the above.

  6. echo just the checksum


The python script.
I have tried to comment it so it all makes sense. I look forward to a lively discussion in the comments. I will soon know how many of my readers actaually care about python or, more to the point, how many readers I have...
#!/usr/bin/env python

#================================================================================
# MySQLdb is the only dependency required for this script.
# popen2 comes with standards python 2.5
#================================================================================

import MySQLdb
import popen2

class Verify:
    
    volumeid=''
    checksumtype='md5sum'
    goodchecksum=''
    
    #================================================================================
    # Constructor uses volumeid.sh to find the volumeid if the cdrom
    # and checks it against the database.
    # If no match is found then an error is generated otherwise
    # checksum details are stored in class variables.
    #================================================================================
    def __init__(self):
        
        ## Get the volumeid
 # fout = stdout
 # fin = stdin
 # ferr = stderr
        (fout, fin, ferr) = popen2.popen3('./volumeid.sh')
        id = ''
        
 ## Check for errors
        errLineCount = 0
        while True:
            if ferr.readline():
                errLineCount += 1
            else:
                break
        
        if errLineCount > 0:
            print "Errors were found."
            exit()
        
 ## We are reading each character of the standard out because
 ## we do not wish to capture the newline at the end.
        while True:
            c = fout.read(1)
            if c != "\n":
                id += c
            else:
                break
 ## Store the volumeid in the class variable.
        self.volumeid = id
 
 ## Clean up.
        fout.close()
        fin.close()
        
 ## Establish mysql connection and query database.
        conn = MySQLdb.connect(host = 'localhost',
                               user = 'resu',
                               passwd = 'drowsapp',
                               db = 'cdburner' )
        cursor = conn.cursor(MySQLdb.cursors.DictCursor)
        sql = "SELECT * FROM distro WHERE distro_label = '%s'" % self.volumeid
        cursor.execute(sql)

        row = cursor.fetchone()

        ## TO DO: Check for non existent entry in database and throw error.

 ## Find the required checksum type from the database.
        if row["hash_type"] == 1:
            self.checksumtype = 'md5sum'
        else:
            self.checksumtype = 'sha1sum'
 
 ## Find the known checksum from the database
        self.goodchecksum = row['hash_detail']
        
 ## Print some information to the user.
        print "Found [ %s ] in cd drive" % row['distro_name']
        print "Good Checksum = %s" % self.goodchecksum
        print "..."
        print "performing %s check on disk now..." % self.checksumtype
        
 ## Clean up.
        cursor.close()
        conn.close()
        
        ##  Read checksum from disk
 
 ## TO DO: change this to check for errors like the popen3 command above.
 
        cmd = "./verify.sh %s" % self.checksumtype
        (fout, fin) = popen2.popen2(cmd)
        checksum = ''
 ## Same as above in terms of not wanting the newline at the end of stdout.
        while True:
            c = fout.read(1)
            if c != "\n":
                checksum += c
            else:
                break
        
 ## Clean up
 fout.close()
        fin.close()

        ## Compare the checksums and report!
 if checksum == self.goodchecksum:
            print "Checksum found: %s" % checksum
            print "DISK SUCCESSFULLY VERIFIED"
        else:
            print "*** ERROR *** DISK COULD NOT BE SUCCESSFULLY VERIFIED *** ERROR ***"

## If this script is being executed then do this stuff.
## This block allows us to use the above as a class or library or as a simple script.
if __name__ == "__main__":
    
    print "DISK Verifier -- Console Application."
    print "by David Latham ( The Linux CD Store ) 2008"
    
    v = Verify()
    exit()


All in all these scripts join together to provide a non technical user ( ie: My lovely wife ) the ability to verify Linux distros before she ships them out. Want to know more? Check out: http://www.thelinuxcdstore.com.

Saturday, June 21, 2008

Python + inotify = Pyinotify [ how to watch folders for file activity ]

Sometimes it just might be handy to be able to watch a folder on a hard disk for changes. For example: A client app might drop small files on a shared folder. A server app might be watching the folder for just such an event. Once the file is created, the server will kick into action and perform whatever tasks are required.

This all comes from my CD burning application. I am currently thinking that the client apps will drop small xml files containing information about what to burn onto a folder the webserver has access to and the cdburner service will be watching...

The linux kernel provides inotify. This from wikipedia:
notify is a Linux kernel subsystem that provides file system event notification. It was written by John McCutchan with help from Robert Love and later Amy Griffis to replace dnotify. It was included in the mainline kernel from release 2.6.13 (2005-06-18), and could be compiled into 2.6.12 and possibly earlier releases by use of a patch. Its function is essentially an extension to filesystems to notice changes to the filesystem, and report those changes to applications.
Pyinotify is a python module that exposes the inotify api in python. This from http://pyinotify.sourceforge.net/:
pyinotify is a Python module for watching filesystems changes. pyinotify can be used for various kind of fs monitoring. pyinotify relies on a recent Linux Kernel feature (merged in kernel 2.6.13) called inotify. inotify is an event-driven notifier, its notifications are exported from kernel space to user space through three system calls. pyinotify binds these system calls and provides an implementation on top of them offering a generic and abstract way to use inotify from Python. Pyinotify doesn't requires much detailed knowledge of inotify. Moreover, it only needs few statements for initializing, watching, handling (optionnaly trough a new separate thread), and processing events notifications through subclassing. The only things to know is the path of items to watch, the kind of events to monitor and the actions to execute on these notifications. Note: pyinotify requires Python 2.3 and above, and Linux 2.6.13 at least.
I went ahead and gave it a go. I did find though, that on my fedora system ( fedora 9 x86_64 ) that the tutorial on the above wiki didn't quite work. Here is the tutorial code for the non threaded example that does work on my system.


#!/usr/bin/python
import os
import pyinotify

wm = pyinotify.WatchManager()
mask = pyinotify.IN_DELETE | pyinotify.IN_CREATE

class PTmp(pyinotify.ProcessEvent):
def process_IN_CREATE(self, event):
print "Create: %s " % os.path.join(event.path, event.name)
def process_IN_DELETE(self, event):
print "Delete: %s " % os.path.join(event.path, event.name)


notifier = pyinotify.Notifier(wm, PTmp())

wdd = wm.add_watch('/home/dave/projects', mask, rec=True)

while True:
try:
notifier.process_events()
if notifier.check_events():
notifier.read_events()
except KeyboardInterrupt:
notifier.stop()
break

Unfortunately inotify is a Linux Kernel technology that is not currently available on windows. I guess Windows has some other kind of API for filesystem event monitoring but if you are like me and want to keep things simple with python then I am afraid inotify on windows is not possible. If you feel that you would like to give this stuff a go then I suggest getting yourself a LiveCD of one of the Linux Distros. They can be bought here.

Sunday, June 15, 2008

Python + YAMI = 3 Tier

Background

I have spent most of last night and this afternoon working out how to implement a website for my local LAN that would enable use of my DVD writer from a remote host over a web interface. I need to provide a small web application that can be used to burn ISO images onto CDs or DVDs. The application should also verify the CD or DVD once it has been burnt.

Security

To start with I needed to find out how to control the CD or DVD burner from the website. There is the small problem of security here. I could not simply add the Apache user access to /dev/sr0 ( the cd device ) because then it is conceivable that anyone or any rouge application might be able to use the Apache service to monkey with my device. I had to provide some kind of abstraction which could authenticate / authorise the request prior to performing it.

Python

Python is fast becoming my favourite scripting language for working in Linux. It has some very nice libraries that makes things like network programming very easy. It also has great SYS and OS libraries that are useful for working with the native operating system and environments.

YAMI ( Yet Another Messaging Infrastructure )

YAMI makes the nuts and bolts of client server communication very easy. Read up on it here. It can be compiled with support for c/c++, java, tcl and python. I only bothered with support for python. I had to ensure that the yamipyc.so module was located in the default python search path for my machine so mod_python could find it.


Apache

It is a reactively simple procedure to add a python handler to a website. Lookup mod_python. I will just say that you can configure mod_python in the Apache config to use a specific python file to handle all python requests. In my case I used the mod_python.publisher handler which is a built-in handler that is geared for reading post and get vars as well as publishing responses. I could have done all this in PHP, but seeing as though my plan was to use python for the application layer, I thought a connector to python was the easiest.

In the background the plan is to have a python server listening for connections on a specific port. The client will send it commands and it will respond appropriately. AS the service is executed under a user with permissions to the CD device and there is authentication and sanitisation going on in front of the device, we have extra security. I also plan to implement controls on the firewall to allow only one specific machine on my LAN to connect to it.

Flow

SO here is how it should all work:

  1. Website posts form to python handler ( handler.py )
  2. Apache mod_python knows how to manage this.
  3. handler.py Authenticates the request
  4. handler.py establishes a client connection to server.py
  5. handler.py sends commands based on the post it has received to server.py
  6. server.py sanitises the commands and executes an os.system call to the device. OR it rejects the commands.
  7. server.py responds with status messages and results.
  8. handler.py receives the results or status messages and reports back to the website.
To do: Think about asynchronous calls from the website so that the status of a burn can be presented incrementally.

Here are the scripts: ( source code highlighting found here.)

handler.py

#!/usr/bin/env python
from mod_python import apache
from YAMI import *
import os

def eject(req):
agent = Agent()
agent.domainRegister('cdburner', '127.0.0.1', 12340, 2)
agent.sendOneWay('cdburner', 'cd', 'eject', [''])
del agent

def shutdown(req):
agent = Agent()
agent.domainRegister('cdburner', '127.0.0.1', 12340, 2)
agent.sendOneWay('cdburner', 'cd', 'shutdown', [''])
del agent


Server.py

#!/usr/bin/env python
from YAMI import *
import os

agent = Agent(12340)
agent.objectRegister('cd')

print 'server started'

while 1:
im = agent.getIncoming('cd', 1)
src = im.getSourceAddr()
msgname = im.getMsgName()
if msgname == 'eject':
print 'Ejecting'
os.system("eject")
elif msgname == 'shutdown':
print 'Shutting down'
del im
break

del im

del agent


So, a request to http://localhost/cdburner/cdburner.py/eject will call the eject function ( this functionality is provided by mod_python.publisher ) and the cd tray is ejected. ( so long as the server.py script is running. )
A request to http://localhost/cdburner/cdburner.py/shutdown will stop the server.py service altogether.

I will also be looking at logging and all sorts of other things.

Conclusion

I have looked at a very simple web layer to application layer messaging system provided by mod_python and the mod_python.publisher handler, and YAMI compiled with support for python. The thing to note here is that the web server can make calls to the application server ( which, incidentally can be on a different physical server ) and the application server responds to the client which then reports back to the website. All this without changing any security permissions of the underlying operating system.

Where's the third tier?

Well that's the database. Python has excellent support for databases. This application will be no different. I intend to use the python connector so that access to the database is managed by the application and not the web server. Unfortunately I only have one machine so all three tiers will be on the same physical hardware. I accept this blatant security risk because a) I am cheap and b) this is a LAN application only. It will have no access from the world wide web. I control that little nugget with a real firewall in front of my LAN.

Wednesday, June 4, 2008

So Whatddya Know?

Social networking sites seem to tap in to the idea that we should all be connected together and on-line. We should be able to do something, upload a photo, write a comment, update a status or simply forward something along to all of our friends for them to see.

Don't you mean, "So what do your mates know?"

It's not what we know that is important any more. What is important is what we share. The information we give out to people about our feelings and experiences has suddenly - through the exponential growth [ reference ] of social networking sites - become valuable. Valuable to our friends who are now taking notice of us... and valuable to big business who piggy-back their relevant and targeted marketing. Every post you write will be read by at least half a dozen of your friends. If you have a popular profile / blog it will be read by half a dozen thousand people. That's a lot of people that know stuff about you.

So what - I am more popular now than ever before!

Now that you are writing and sharing and people are reading your words and watching your forwarded funwall posts you are feeling like you are connected to people. I wonder though, just how connected one really is in a virtual, on-line environment. Where is the balance with real life. If you are not doing so well socially in real life but are managing "just fine, thank you!" on your social network then I suggest that real life holds the potential for much greater reward and should be pursued with even more zeal than the virtual world. If we would spend the same energy with actual people - you know - face to face: then we might find our lives even further enriched than is possible on a virtual social network.

An experiment

Here is the point - sort of. I am new to blog writing so making my point is a little difficult. I have to practice.

Consider what you could do with your time if you DIDN'T have a virtual social network and instead worked on the real social network.

In the following - half aside half to the point snippet I use Facebook as an example to describe my own experience with social networking.

I have not picked Facebook over another virtual social network for any reason other than that it was the one I belonged to before I decided to give it up.

Remember - Blogs are a way for us to hold public opinion without fear of recourse or legal action... I hope.

After about a year of holding an FB ( Face Book ) profile and managing - sort of - to keep it up to date, I decided to erase my profile. The reasons are:

  1. I was becoming increasingly dissalusioned with the product itself. The site seems to be slow at times, and lacks anything other than the fun wall to interact with. Vampire bites and the Booze Wall are a little too juvinile for my tastes.
  2. I was being spammed by facebook. It was a requirement for me to actively turn off email notifications. I prefer it when I am made to activly turn them on when I need something.
  3. I was becomming increasingly concerned about the notion that my profile might be linked to another ( through an intemediary or through some third party application like Fun Wall ) dodgey profile. My good name and reputation might be jeapordised in a way that I would have no real control over.
  4. Facebook own all my data on my profile in perputuity to the extent that they can sell it to another organization without my consent.
  5. PARANOID REASON - I am certain that governement organisations can easily obtain warrants to access the data.
Removing the profile was not a simple matter.

I had to first de-activate it. While it was de-activated I continued to receive emails about a class reunion I had no intention of attending.

Next I had to send an email to privacy@facebook.com requesting that my profile be permanently erased from the servers. The reply I received pointed out to me that I could adjust my privacy settings and ensure that my data and reputation remain safe. It just didnt ring true to me. Here is the email:

Date: Sat, 24 May 2008 19:37:07 -0700
To: david@XXXXXXX
From: Facebook Support
Content-Transfer-Encoding: 8bit

Hi David,

We appreciate your concern. We use user content in connection with various features and services on the site (for example, displaying it in profile pages, photo pages, news feeds and other messages to users' friends, etc.). Additionally, though it may not happen often, there are cases when law officers and judges issue subpoenas or other legal orders requiring us to provide certain information about specific users for use in court. Aside from such scenarios, however, we do not currently share any information with third parties except with the user's consent (for example, if a user elects to add a third party application), and we never sell your information to anyone. In addition, we may use aggregate data from the user base, but this data is disassociated from specific user information.

Except as described above, it is highly unlikely that Facebook will ever use any material that you have uploaded to the site. However, for legal reasons, we must keep the following clause in our Terms of Use to protect ourselves from possible litigation:

"By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content. Facebook does not assert any ownership over your User Content; rather, as between!
us and
you, subject to the rights granted to us in these Terms, you retain full ownership of all of your User Content and any intellectual property rights or other proprietary rights associated with your User Content."

Additionally, this license or sublicense does not affect ownership or copyright privileges for material on the site.

Also, although Facebook was never intended as a tool to monitor people's actions, we cannot always prevent the site from being used in this way. By default, only your confirmed friends and people on your networks can view your profile. That said, we cannot prevent people with valid network affiliated email addresses from joining one of your networks. For instance, if a campus police department gives its employees a college email address, these people will be able to affiliate with that network on Facebook.

Aside from such situations, however, we do not grant anyone, including employers, law officers, school administrators, and even parents, any kind of special access to information on Facebook that they would not normally be able to view.

In order to avoid any issues involving your Facebook information, we encourage you to make use of your options on the Privacy page. These options allow you to restrict certain people from viewing your profile or finding you in searches.

I hope this helps. Let me know if you have any further questions or if you still would like to permanently delete your account.

Thanks for contacting Facebook,

Theodore
User Operations
Facebook
Well thanks Theo, but it's not really good enough. I wrote back and once again asked them to remove my profile from the servers. They accommodated my request the second time round. Doesn't the above scare you? I guess I am still not all that comfortable having my personal details and expression open for public sale in this way.

I do understand that the Facebook team are a business and that they need to make money too. I just don't wich to contribute to an organisation who make so much money anyway and without regard for the rights of the indivuduals who make it so successful.

I was a photographer, I would not attempt to showcase my stuff on facebook. If I did I would watermark it really well.

Anyway - I know its a long post and I appreciate that you read through it all. You will find me expressing myself here and not on social networking sites anymore.

I understand that sigining up with Blogger has it's own risks but I accept those risks and state categorically that all data on this blog is open to the public domain for whatever they wish to do with it. Friends or no friends.

IN the mean time I have to go and work on building real relationships with real people.

Wednesday, May 21, 2008

Command line to watch TV in Fedora


mplayer \
-framedrop \
-ao alsa:device=hw=1 \
-autosync 1 \
tv://7 \
-tv driver=v4l2:device=/dev/video0:chanlist=newzealand
:norm=1:alsa:adevice=hw.2:audiorate=32000:amode=1:\
forceaudio:immediatemode=0:tdevice=/dev/vbi0:\outfmt=yuy2:\
channels=2-TV1,4-TV2,7-TV3,9-C4,41-Maori,57-Juice,59-Prime,62-Chinese \
-nolirc \
-aspect 1440:900

Mplayer with the following command options set:


  • -framedrop => hard framedropping
  • -ao:alsa:device=hw.1 => Sound output ( what you hear ) alsa card number 1. To be clear: THIS IS THE SOUND OUTPUT - not the INPUT from the TV card. That comes later.
  • -autosync 1 => Something to do with trying to get sound and video in sync. Works in small increments... ?
  • tv://7 => Play channel 7
  • tv: => Followed by all the sub options for tv
  • :driver=v4l2 => the Video 4 Linux driver v2
  • :device=/dev/video => the video device as enumerated by the kernel
  • :chanlist=newzealand => specify New Zealand channels. This is how the tuner gets tuned.
  • :norm=1 => PAL
  • :alsa => Use an alsa soundcard for input. This is where we specify the onboard sound card for the TV AUDIO INPUT... You could use a loopback cable from the audio out on your card to the aux in on your main sound card... In my experience this adds about a 1 second delay. Mplayer does allow for that delay to be fixed while watching TV using keystrokes. See man mplayer for mor.
  • :adevice=hw2 => on my computer when I type "cat /proc/asound/cards" the second card is listed is the sound device on the tv tuner. My TV tuner is supported in ALSA so this makes it easy. Try looking up your card on the V4l website for help. It might help to know the kind of chip that is on your card when you look this up.
  • :audiorate=32000kbits => this seems to be required by my card...
  • :amode=1 => again another requirement. Play with these settings on your card.
  • :forceaudio => f o r c e a u d i o
  • :immediatemode => Again - this is just something that worked while not having it there made for strange speeded up sound and glitchy tv.
  • :tdevice=/dev/vbi0 => Teletext device as enumerated by my kernel.
  • :outfmt=yuy2 => I read that this is a default for New Zealand analogue tv.
  • :channels #-name,#-name where # is the channel number and name is the channel name. The name appears on the OSD ( ON SCREEN DISPLAY ) when switching channels. You dont have to append this but its nice and I have all the auckland channels I get with my bunny ears and bits of coathanger and the wifes underwire... ( only joking - she took the underwires away when we had some guests arrive one time. Something about dignity and ... I don't really remember because I was thinking at the time that dignity comes second to qualtiy tv on the desktop... :) ) - Thats the end of the TV sub options by the way.
  • -nolirc => I cant find my remote control so I didnt bother with it. This just tells mplayer to not bother too. If you leave it out there is a warning in the bash prompt about it.
  • -aspect=1440:900 => when viewing in full screen I like it to be full screen.

Key strokes: ( not all of them but the useful ones anyway. )

  • h = Channel UP ( from 1 to 2 2 to 3 etc. )
  • k = Channel DOWN ( from 3 to 2 2 to 1 etc )
  • f = full screen toggle ( f to turn it on and f to turn it off or F-ON F-OFF... :)
  • NUMPAD + and NUMPAD - = increase or decreas the AV-DELAY in 100 millisecond intervals. This is handy when your audio is out of sync with your tv.
  • q = quit
  • ( ) = VOLUME DOWN AND UP
  • m = MUTE
  • o = OSD toggle. Keep pressing it until you are happy.
VIOLA!

Friday, May 16, 2008

Fedora 9 x86_64 Install Notes

I have now installed Fedora 9 x86_64 on my home pc. The RAM issue has been largely solved. I am still missing 64Mb of RAM due to some kind of setting that my motherboard does not support.



So I did a pretty big install. Well at first it was a small one, but then in the end, I went for a more full install from the DVD. The new package manager is not all that great so I thought it would be better to have a fuller install from the DVD.



Everything seems to work just fine except for NVIDIA graphics driver and FLASH in firefox 3. The first issue will just have to wait till it gets fixed. Its related to the NVIDIA drivers that are available not being properly supported by XOrg 7. The flash-in-firefox-3 issue can be easily fixed by installing the i386 version of firefox instead.

I also had some trouble getting my head around the NetworkManager. Once I had it going it was ok.

I turned off SELINUX. Too hard to have a home system and worry about such fine grained security.

I have decided to us the freshrpms source for extras because their repo just seems cleaner.


If installing gnash does not do the trick then the below will do it. Get the adobe plugin from the adobe website. Use the YUM version of the download to make sure that updates are automatically handled by the updater software in Fedora.

How to fix firefox by installing the i386 version: ( http://hacktux.com/fedora/9/flash )



First, create /etc/yum.repos.d/fedora-i386.repo with the following
contents:

[fedora-i386]name=Fedora $releasever - i386failovermethod=priority#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/releases/$releasever/Everything/i386/os/mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=i386enabled=1gpgcheck=1includepkgs=firefoxgpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
[updates-i386]name=Fedora
$releasever - i386 -
Updatesfailovermethod=priority#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/updates/$releasever/i386/mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=i386enabled=1gpgcheck=1includepkgs=firefoxgpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

This will provide you with access to the Fedora 9 i386 Yum repositories for Firefox
only (note includepkgs=firefox). Now, remove your 64-bit Firefox RPM.

sudo rpm -e firefox.x86_64

Finally, install the 32-bit Firefox RPM with the new Yum repository.

sudo yum install firefox.i386

So that takes care of the firefox issue.

Linux WACOM fix:




Section "InputDevice"
Driver "wacom"
Identifier "stylus"
Option
"Device" "/dev/input/wacom" # USB ONLY
Option "Type"
"stylus"
Option "USB" "on" # USB ONLY
EndSection

Section "InputDevice"
Driver "wacom"

Identifier "cursor"
Option "Device" "/dev/input/wacom" #
USB ONLY
Option "Type" "cursor"
Option "USB"
"on" # USB ONLY
EndSection

AND IN THE SERVER
LAYOUT SECTION ADD THESE:
InputDevice "stylus" "SendCoreEvents"
InputDevice "eraser" "SendCoreEvents"



There are also some items that need to be installed to get all the audio stuff working properly.

yum install xine gstreamer-ffmpeg gstreamer-plugins-ugly vorbisgain aacgain mplayer

Sunday, May 11, 2008

4 Gigabytes of RAM

I know - its an obscene number - but there it is. I now have 4 Gb Ram installed in my computer. Its the most the motherboard can handle but seeing as though it's mother's day - I thought I would treat her... :)

Here is what happened:

  1. The bios had no problems finding and providing the ram.
  2. My Fedora kernel ( i386 => 32 bit ) could only see 3 Gb.
  3. I installed the PAE variant of the kernel and that enabled all 4 Gb in Fedora.
    1. Had to switch from Freshrpms to Livna because Livna has more support for different kernels. I use livna for the NVidia and KQemu drivers. ( KQemu is what provides hardware acceleration for my virtual machines. )
    2. NVidia module for the PAE kernel installed fine and works fine.
    3. KQemu module for the PAE kernel installed and loaded fine, but the Guest machines just crash.
So I did lots of research and found out that 32bit OS's simply don't have a lot of support for more than about 3Gb Ram. The only solution to that was to install the PAE kernel. This worked to a point - no virtualisation which is a bit of a bummer seeing as though the whole reason for the upgrade was so that I could have better performance on my virtual machines.

The next step is to upgrade to an x86_64 ( 64 bit ) OS and see if that helps. I am waiting for Fedora 9. Quite eagerly now that I need to get my virt machines working again. I intend to install the 64bit Fedora 9 and the XEN kernel. Hopefully we see some results.

I got 4 gigs of raaaa-aaam. Naaa na na naaaaaaa naaaaaaah.

Saturday, May 3, 2008

Friday, May 2, 2008

1 Million Random Digits

Can anything be truly random. Definitions vary. One I have heard states that something is random if it is impossible to understand how the number was produced / derived. This definition introduces context and level-of-understanding.

The debate continues...

Look here for another slant on this fascinating topic: http://wps.com/projects/million/

Tuesday, April 29, 2008

Linux From Scratch Results

FAIL. Its a common theme with my attempts to compile almost anything more than a basic app. I made it quite far but who knows where I went wrong. The problem really is that I have no way to know if everything compiled correctly.

This time round I feel that I have managed to do all the compilation right but failed somewhere in the configuration steps right at the end.

Oh well. The partition I used has once again cleaned out in anticipation of the next bit project.

In all it took two evenings to compile everything. Not bad compared to my last attempt on my old computer which took a whole week of evenings. Go DUAL CORE CPU and 2 Gb Ram!!!

Linux From Scratch ( LFS ) - An experience!!!

I have toyed with LFS before, but never on a system where I had any real chance of it actually working. I am now currently half way through chapter 5 of the book. This is the chapter where one compiles ( from source ) all the necessary components so that one might compile the actual components.

This process of building a toolchain on the target system is supposed to provide for a fully optimised Linux. The source code used is all released under the GNU license so it's a completely free operating system.

There is no real reason for going through this ultimately very boreing and labourious excersise other than to say, "Yes - I too have toyed with and successfully built my own Operating system from source code downloaded off the internet."

You can download the binary LFS, or by a CD with a fancy installer. LFS is a book with instructions on how to build an OS. The best way to read it is, of course, online so that the commands which are all nicely laid out in boxes with a grey background can be copy / pasted into your bash prompt. One after the other. While the compilation actually happens, its well worth reading the details found on each page. They are very useful if you want to gain a deeper understanding of the internals of a Linux OS.

Linux From Scratch can be found here.

Sunday, April 27, 2008

Website hacked

My website was hacked and made into a phishing site. Some kind of issue with cross site ajax blah blah. What is a bit unhelpful is that there was no real information regarding this kind of hack ( I mean specifically ) that would help me to fix it.

Anyway - The only thing I did find was that I should lock down the file permissions on the web server. I found all these renamed directories and one that didn't belong there at all. The lesson learned here is that even if you make a mistake with file permissions thus opening your web servives and sites open to attack, you should make a point of knowing all th files and folders so that you can spot an anomaly and fix it.

Of course this doesn't mean that all attacks of this nature rename your folders and files. They may simply change the content so the result is still a comprimised website.

I guess, a preemptive move ie: correcly setting up the website and server, is the best defense. After that be aware of strange things. I received a bunch of emails from odd people claiming that my site was a phishing site. My first response was to bin them thinking they were themselves dodgy. They were, but it did ring alarm bells because my site is not configured for comments. There is only one form that would send me emails and that is the contact us form.

So there you go. Anomalies and irregularities and file permissions etc, are all important.

********************* NOTE **************************
I received a phone call today from my webhost on the above issue. They suggested I reset my host account password. I asked them to do it because I could not gain access through to the site from behind my office firewall.

If ever your site is compromised an immediate reset of all your passwords is critical.

Thursday, April 24, 2008

Tiny MCE

A couple of days ago, I started preparing for the long and arduous journy where I would teach myself how to integrate a TinyMCE rich text editor on a web page.
Here is how it went:
  1. Downloaded the source - This is always my first step. Get the source. Nothing to do without the source.
  2. Read the readme page which was really just a bunch of examples with the code all nicely rendered on the pages.
  3. Tried it out. Easy peazy!!!
  4. Went to bed - feeling VERY HAPPY with myself.
Getting a TinyMCE rich text editor is so easy to setup its a wonder why we don't see it even more often on websites. I know that every wordpress site and most CMS sites have it by default but a lot dont.

So just:
  1. upload the javascript files to your webhost.
  2. Add the tags to the head section of your site that identifies the source. ( see example below )
  3. Add a small bit of JS to set up the editor.
  4. Add a <textarea> </textarea> on your form.
  5. Done.

<script type='text/javascript' src='lib/javascript/tiny_mce/tiny_mce.js'></script>
<script type='text/javascript'>
tinyMCE.init({
mode : 'textareas',
theme : 'advanced',
theme_advanced_buttons1 : 'bold,italic,underline,separator,strikethrough,justifyleft,justifycenter,justifyright, justifyfull,bullist,numlist,undo,redo',
theme_advanced_buttons2 : '',
theme_advanced_buttons3 : '',
theme_advanced_toolbar_location : 'top',
theme_advanced_toolbar_align : 'left',
theme_advanced_statusbar_location : 'bottom',
extended_valid_elements : 'a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]'
});
</script>

Saturday, April 19, 2008

Qemu networking part 3

Finally I have worked out how to network multiple guests together. Its done through a socket interface. The first guest listens and the others connect. I havn't tried with more than two guests at this stage but it did work.

Add the following net switches to the startup command.

start first guest.
-net nic,macaddr=52:54:00:12:34:56 -net tap,vlan=0 -net socket,listen=:1234

start second guest.
-net nic,macaddr=52:54:00:12:34:57 -net tap,vlan=0 -net socket,connect=localhost:1234
And thats it then. Time to start playing with domain controllers et. al.

Wednesday, April 16, 2008

Qemu networking

I have been fretting over this issue for a while now. Have finally worked out how to give qemu a network connection that joins with a bridge and thereby a connection to the host.

Qemu can create a tap interface that does all this magic networky stuff. It does work... :)

Write 2 network scripts as below: ( don't forget the chmod +x on each file. )

[root@sitedesign ~]# cat /etc/qemu-ifdown
#!/bin/sh
/sbin/ifconfig virbr0 down
/sbin/ifconfig down $1
/sbin/ifup eth0

[root@sitedesign ~]# cat /etc/qemu-ifup
#!/bin/sh
/sbin/ifconfig $1 0.0.0.0 promisc up
/usr/sbin/brctl addif virbr0 $1

Then to start the VM:

as root:
#~> qemu-kvm -net nic,vlan=0 -net,tap,vlan=0 -hda winxp.img -hdb winxp_disk2.img -usb -usbdevice tablet -localtime -daemonize


That should start you up with a connection to the default virbr that gets made by fedora at boot time.

Tuesday, April 15, 2008

Configure Apache for public_html

Apache can be configured to use a folder ( usually public_html ) in any user's home directory. This is relatively straight forward if you don't mind editing the httpd.conf file and changing a few file permissions...
A complete guide can be found here.
Step 1 - Change httpd.conf
In fedora and red-hat the correct configuration is already there. It's just commented out.
#> vim /etc/httpd/conf/httpd.conf
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#

#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disable

#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
UserDir public_html


Step 2 - Reload the httpd.conf
#>service httpd reload
Step 2 - Ensure that selinux is enabled for user_dir
#> setsebool httpd_enable_homedirs true

Step 3 - Ensure the correct access permissions are set on the home directory
As normal user in home directory
~> chmod a+x ~
Step 5 - Create the public_html directory
~> mkdir public_html
Step 6 - Set the selinux type label for public_html
~> chcon -t httpd_sys_content_t public_html
Step 7 - Create a web page or php script in your public_html folder and browse to it by:
http://localhost/~david/phpinfo.php

All Done!