Wednesday, October 31, 2007

Screen to the rescue

I couldn't find a BitTorrrent client which can be executed without a terminal (and therefore from within "at") in time for tonight so attaching "screen -d -m btdownloadcurses ..." solved the problem. This starts the command in a detached screen session so on one hand the command thinks it has a terminal while on the other hand I can still start it from inside "at", which doesn't have a terminal. It also has the added benefit of being able to attach back to that screen session later to see how it goes, which is the main advantage of "screen".

Tuesday, October 30, 2007

Encoding email addresses in HTML pages

A while ago I noticed that GROX use URL encoding to put their e-mail address
in a "mailto" link. I guess they do this in order to make it more difficult for address harvesters to pick up their e-mail.

In order to do the same for my wife's web site at I found the following couple of tricks:
  1. The "mailto" link is encoded using:
    perl -e 'use URI::Escape; print uri_escape("the@email.address", "\0-\377"), "\n";'
  2. The title of the link, which I wanted to contain the e-mail address in HTML, was created simply by using the HTML Encoder from CodeHouse

Wednesday, October 10, 2007

Installing local .deb files with dependencies

This ("how to install a local .deb file and have all its dependencies automatically pulled from repositories") seems to be an issue which many people ask but nobody gives the current "right answer" which is simply gdebi.

Thursday, May 31, 2007

Google Developer Day, Sydney 31 May 2007

Just returned from the Google Developer Day in Sydney
Learned and refreshed my memory on cool Google staff, especially their API's for integrating extarnal web applications with their.
Some random points, in no particular order:
  1. Contrary to popular perception - Google Earth for Linux does not consist on WINE. It's built on QT. Michael Ashbridge, one of the principal developers, tells me how they keep asking TrollTech to fix some of their quirks (e.g. can't copy a selected a text on Mac using the standard keyboard shortcuts). And before anyone tells me that I'm out of date about "Popular Perception" - another speaker from Google, who works with Google Earth every day, was also sure that it's based on WINE so I'm not the only out of touch.
  2. Google Web Toolkit (GWT) AJAX applications can control which stage in the application will enter the browser history and thus be bookmark-able and possible to return to using the browsers "back" button. I wonder how they do this - maybe they just "manually" add the URL to the browser's history?
    Anyway, that's one sour point that WebCollage used to go to lengths in order to achieve it. Knowing that the people at WebCollage are pretty damn bright I suspect this is a relativelly recent addition (my information on WebCollage is circa 2000 so maybe it's no longer relevant).
  3. Google Gears looks cool - maybe it'll allow me to provide a version of Soarcast (the gliding weather conditions forecasting program) which can be downloaded to a mobile device, fetch the relevant data off the web and continue presenting the data and calculation results while being offline in the glider port.
Lots of other ideas come up when hearing about these tools. Theforemost one is about new ways to implement an old idea - a web site which lists the Australian Gliding clubs on a google map and provides soarcast output for each selected club.

Tuesday, May 29, 2007

Smoother X11 fonts

Something I found a long time ago and now had to lookup again so it's time to write it down here.

In order to enable smoother (and nicer, IMO) fonts on X11 you have to have the following in your ~/.fonts.conf:

<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<match target="font">
<edit name="autohint" mode="assign">

On Debian things are easier - the global settings for the entire system can be enabled by running the following as root:
# ln -s ../conf.avail/10-autohint.conf /etc/fonts/conf.d
And re-startting the X server (not sure a logout/login is enough).

Thursday, February 22, 2007

Setting up Gallery2+PostgresQL+PHP5 on Debian Etch

The Gallery2 package for Debian Etch seems to be very well done, except one thing - it's geared towards MySQL usage (the Gallery makers recommend MySQL because they say that they use some special MySQL constructs which have to be emulated on other databases).
My view on this is:
  • I prefer PostgresQL - it's a more mature database.

  • I prefer Apache2

  • I prefer PHP5 - I hate this language and think it has tendency to push poor programmers to shoot themselves (and their users) in their feet but if I have to install it on my machine then I'd rather use the latest and greatest.

  • I prefer mod-php5 as opposed to the other ways to integrate Apache2 with PHP.

In addition, the Debian packages state their dependencies in a way that seems to encourage Aptitude to choose Apache (1), MySQL and PHP4.

So first thing first: After picking gallery2 for installation in Aptitude, go through all the packages it depends on and remove the ones you don't want and which have other alternatives. Get rid of the PHP4 and MySQL dependencies - Aptitude makes it pretty easy by simply making sure that you choose other packages to satisfy the dependencies and remove the rest. Just follow the suggestions made by Aptitude when you ask to remove a package with dependencies on it, and make sure that Aptitude doesn't signal "Broken Packages" before going ahead to execute the changes.

Setup a separate user for gallery:
$ sudo adduser --system --group gallery

Does the trick - add a system user (with a shell of /bin/false), create a home directory for it and a group especially for it.

The following should be pretty self-explanatory but the summary is: Create a new role ("user"), create a database, set a password, allow role to be logged in:
$ sudo -u postgres psql
postgres=# create role gallery;
postgres=# create database gallery owner gallery;
postgres=# alter role gallery encrypted password 'password';
postgres=# alter role gallery login;
postgres=# \q

Allow logging in to role "gallery" from another user without having to run psql as the UNIX user "gallery" by adding the following lines to the end of /etc/postgresql/8.1/main/pg_hba.conf:

local gallery gallery md5

And I also had to enable access to Gallery2's index.php by adding "Indexes" to the Options line in /etc/apache2/conf.d/gallery2 (link to /etc/gallery2/apache.conf

After that I could access my web server's "/photos/" and start the automatic configuration.

Thursday, February 15, 2007

How to block Skype traffic with one iptables rule

There is an interesting lecture (PDF) by Philippe Biondi and Fabrice Desclaux about how and what they learned about the Skype client code and protocol. On page 75 they give the following secret incantation for blocking Skype traffic:
iptables -I FORWARD −p udp −m length −−length 39 −m u32 −−u32 ’27&0x8f=7’ −−u32 ’31=0x527c4833’ −j DROP

Friday, February 09, 2007

xdns - archeological diggings

Finally I re-found my own DNS Library source still almost at the same place where I left it almost 15 years ago.

Granted - the "xdns" program around it is pretty useless today, and the dns packet creation and parsing library is a classic candidate for C++ -style Object-based interface, but the basics are still there and might be useful for others who still have to deal with raw DNS packets...

Thursday, February 01, 2007

SSH breaks when the loopback device isn't configured

Helping others troubleshooting is great fun and very rewarding - you get to learn some new things yourself.

In this case, this chap had a trouble getting X11 forwarded over an SSH tunnel. Everything looked fine, the same setup on another machine worked just as it should, all the flags (X11Forwarding) were set correctly but still the $DISPLAY envariable wasn't set on the remote side.

The bottom line - the loopback device ("lo") wasn't configured. This can be checked with a simple "ifconfig".

The break-through in the investigation came when he executed sshd in debug mode and received the following errors:
debug2: bind port 6999: Cannot assign requested address
Failed to allocate internet-domain X11 display socket.
Some googling revealed the following post, which actually gave the answer (so at least some of the credit should go to Jim Prewett, who bothered to document his findings four years ago):

WARNING: You have to run sshd in debug mode on an alternate port because sshd debug mode will only serve one connection then exit, so you have to keep your existing non-debug sshd running or else you'll lock yourself out.