free software

Linux, open source software, tips and tricks.

When ‘sudo’ pauses…

1

On my Ubuntu 9.10 server at home, I had been having a hard-to-diagnose problem where the “sudo” command will pause for 20 seconds before getting on with its business.

What made this problem so hard to track down is that it would happen once, and then the log jam would be cleared for a while. I would usually see it the first time I issued a sudo command, but never again in that session. The next day, it would do it again.

Last night, I finally tracked the problem down.

What helped the most was the discovery that I could do “sudo -K” to make sudo “forget” my earlier authentication. When I re-tried to run a sudo command, it would prompt for a password and then delay 20 seconds… every time.

So now I had a way to test out theories. I just needed some theories to test.

I saw many reports on the internet about Fedora users seeing a similar issue. Their problem turned out to be in the /etc/hosts file — there were problems if “localhost” and “localhost.localdomain” and even the machine’s given hostname were not listed there. But this was not the case for me. My hosts file was fine.

Instead, I started tracing what happens when sudo is called (unfortunately, you can’t just “strace sudo somecommand“, because strace does not like to trace a setuid program).

I looked at PAM, the pluggable authentication modules. In the /etc/pam.d directory, there was a file called “sudo”. This did not have anything interesting in it. But it did include a couple of other files: “common-auth” and “common-account”. It turns out that the last line in the common-auth file was the culprit:

auth  optional  pam_ecryptfs.so  unwrap

This line is supposed to decrypt the user’s home directory if is encrypted, so it can read the files as part of sudo’s startup. But I don’t have any encrypted home directories. So for me, this is unnecessary.

Commenting out this line made the 20-second delay go away.

Plugging external commands into ‘gqview’

0

I have been taking digital photographs since 1998, and so one piece of software which I use quite a bit is my photo organizer. I use a tool called “gqview”. It’s a very nice browser that shows folders and thumbnails and a large image on the screen at the same time. And it does a good job showing slide shows.

One nice feature of gqview is that you can plug external programs into the ‘edit’ menu. When you install it (at least on Ubuntu systems), a few of the plug-in’s are populated already:

  • edit in GIMP (external package: gimp)
  • edit in xpaint (external package: xpaint)
  • rotate clockwise (external package: libjpeg-progs)
  • rotate counter-clockwise (external package: libjpeg-progs)

I wanted to add a plug-in to shrink images a certain percentage. I often find that I want to send a bunch of pictures to friends via email, and I really don’t want to send a 50 MB email, and I don’t want the pictures to be so big that the reader had to scroll to see it.

It’s pretty easy to add the plug-in. The actual shrinking can be handled easily with the ‘convert’ command, which is part of the excellent ‘imagemagick’ set of graphics tools. Plugging convert into gqview is as easy as this:

%vif convert %p -scale 25% %p_tmp ; then
    mv %p_tmp %p ; else rm %p_tmp ; fi

I didn’t make this up myself — I simply copied the “rotate” plug-in’s and changed what I needed to. I am not sure what the %v is for, but it’s pretty clear that %p is the full path of the image file.

Now I can highlight a whole bunch of photos and shrink them all with a single command.

Surgical web page editing with “stylish”

3

Have you noticed that some web sites have ads that are somewhat… unpredictable? Facebook is a good example of this. The ads that appear on the right can sometimes contain trashy-looking content. I’d like to hide them, if I could.

I found a Firefox plugin that does a good job of slicing out selected bits of content. It’s called “stylish“.

Just install the plugin, and then set up a script that intercepts the stylesheet for a particular site and does a little on-the-fly modification. The script I use for Facebook looks like this:

@namespace url(http://www.w3.org/1999/xhtml);
@-moz-document domain("facebook.com") {
   .emu_ad, .UIStandardFrame_SidebarAds, #home_sponsor {
      display: none !important;
   }
}

I don’t claim to fully understand the script, but I do know that it looks for a specific block in the Facebook HTML and style sheet, and it sets the style for the sidebar ad box to “display: none”. That makes it disappear.

Back to the Future

2

A few days ago, I learned a very important lesson about filesystems and snapshots. I learned that a complete copy is not always a Good Thing™.

I help manage a server for our local Linux Users Group. We have about 250 users on the system, and all of our system administration is done by volunteers.

A few months ago, I made a complete backup of our /home partition using the guidelines that have been told to me by Smart People™:

  • make a snapshot volume of /home (called home-snap)
  • make a new empty volume (called home-backup)
  • use ‘dd‘ to copy from home-snap to home-backup
  • remove the home-snap snapshot volume

All was fine, until a few months later, when we decided to reboot.

When the machine rebooted, it mounted the WRONG copy of /home. It looked in /etc/fstab to see what to mount, read the UUID, and started looking for that filesystem among the logical volumes.

Here’s a list of the available filesystems and their UUID’s.

root@pilot:~# blkid
/dev/mapper/vg01-home: UUID="1a578e6f-772b-4892-86e3-1181aadda119" TYPE="ext3" SEC_TYPE="ext2"
/dev/mapper/vg01-home-backup: UUID="1a578e6f-772b-4892-86e3-1181aadda119" TYPE="ext3" SEC_TYPE="ext2"
/dev/mapper/vg01-swap: TYPE="swap" UUID="303f2743-da69-466b-a200-40a1a369fa1c"
/dev/mapper/vg01-u804: UUID="b5689a93-b7ad-4011-a0f9-ffaf2d68bf6f" TYPE="ext3"
/dev/sdb: UUID="Uh0TI1-pxD4-M1Pm-5kP3-zU1a-IRgm-bD0JAq" TYPE="lvm2pv"
/dev/sda: UUID="9oZhBo-3DPP-1eay-kgGM-fd06-yuJB-c2eCo7" TYPE="lvm2pv"
/dev/sdc1: UUID="5c15308e-a81b-4fd9-b2c2-7ef3fe39ce0b" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdc2: TYPE="swap" UUID="08c55fa5-3379-4f6a-b798-4b8f3ead6790"
/dev/sdc3: UUID="5a544a7f-90ed-474c-b096-1b5929c83109" SEC_TYPE="ext2" TYPE="ext3"
root@pilot:~#

Notice anything goofy? Yes, the UUID for the home volume is the same as the UUID for the home-backup volume! Of course it is… I used ‘dd‘ to copy the entire volume!

So our machine booted up, looked for a filesystem whose UUID was ‘1a578e6f-772b-4892-86e3-1181aadda119’ and it mounted it on /home. Unfortunately, it found the home-backup volume before it found the real home volume, and so our 250 users took a step back in time for the evening.

All of the files in our home directories looked like they did back in May.

On the surface, this does not seem like such a Bad Thing™. But over the course of the next few hours, users started receiving email, and logging IRC chats, and doing all of the other things that users do. These new emails and log files were written to home-backup instead of home, and so now we were starting to mix old and new files.

This is a lot like the movie “Back to the Future”, when Marty’s mom tries to kiss him. Except the characters involved here are not as good-looking.

The fix was quick and painless. I simply generated a new UUID for the home-backup volume, and then rebooted. The magic command is simply:

 tune2fs -U random /dev/mapper/vg01-home-backup

But the cleanup would come later. If someone were interested in the emails or log files that were mistakenly written to the wrong volume (their “past life”), then they would need to look on that volume for “new” files. Pretty easy work.

find /mnt/home-backup/porter -mtime -7

This will show all files in my “backup” home directory that are less than a week old. Since the backup was made four months ago, I would expect all files in that directory to either be more than four months old, or just one day old. This command will show you the new files.

So I am revising the backup procedure as follows:

  • make a snapshot volume of /home (called home-snap)
  • make a new empty volume (called home-backup)
  • use ‘dd‘ to copy from home-snap to home-backup
  • remove the home-snap snapshot volume
  • change the UUID on home-backup ◄— new

In fact, now that we already have a base to work with, I might just use rsync to copy files instead of dd to copy the entire volume. This will leave the backup with its own UUID, and will avoid collisions like the one we saw.

iPhone VPN

2

One of the coolest features of the iPhone is the way it uses the best data network that it can find. If you’re at home or at work, or even at a coffee shop, it will use the local wifi network. But if you’re out of range of any suitable wifi networks, it will use AT&T’s “3G” (UMTS) network. And if it can’t find a UMTS network, it’ll fall back to EDGE. Phone companies call this hybrid approach “ABC”, or “always best connection”.

Now that I have an internet device in my pocket, I find myself using public (or otherwise open) wifi connections quite a bit. And this carries with it some unintended consequences. That is… everything I type and everything I read is transmitted in the clear, unencrypted.

I try to make a habit of encrypting my data traffic whenever possible. My mail server is set up to only allow SSL connections. So no matter where I check my mail from, I am forced to use an encrypted connection. Similarly, banks and commerce web sites usually force you to switch to HTTPS before you start entering information. But there are a lot of applications on the iPhone that do not use encryption at all.

You might ask yourself why bother to encrypt your Twitter connection, since what you type is going to be blasted out to the world anyway. But the point is…

If you encrypt everything, then nothing is left to chance.

So I decided to explore a VPN option on the iPhone. It supports three flavors of VPN: L2TP, PPTP and IPSec. I was disappointed (but not surprised) that “openvpn” was not an option, since I already use this excellent open source SSL-based VPN package.

So I decided to give PPTP a try.

Setting up the PPTP server

On my Ubuntu 8.04 LTS server, I installed a PPTP server called, appropriately enough, “pptpd“. Configuration was very easy. Most of the setup was done for me after I did the standard apt-get install pptpd. I simply needed to pick a private subnet that would be used for my VPN clients, and an IP address in that subnet to use for the server. I chose the 172.16.4.0/16 subnet and 172.16.4.1 for the server (these addresses are part of a private network address space, defined by RFC 1918, just like 192.168.x.x and 10.x.x.x addresses).

My /etc/pptp.conf configuration file for the pptp daemon looks like this:

option /etc/ppp/pptpd-options
logwtmp
localip 172.16.4.1
remoteip 172.16.4.2-250

I also needed to tell the daemon to give out some DNS addresses when a client connects, so in the /etc/ppp/pptpd-options file, I added the two “ms-dns” lines below:

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 208.67.222.222  # resolver1.opendns.com
ms-dns 208.67.220.220  # resolver2.opendns.com
proxyarp
nodefaultroute
lock
nobsdcomp

Finally, I needed to add an entry into the /etc/ppp/chap-secrets file that would contain my password. Mine looks like this:

alan pptpd MyHardToGuessPassword *

At this point, the PPTP server was completely configured, so I restarted it with service pptpd restart.

Setting up the iPhone

On the iPhone, I needed to set up a VPN client. This is very easy. On the settings screen, go to general / network / VPN and “Add VPN Configuration…”. Then just fill in the blanks.

  • choose “PPTP”
  • enter a description
  • your server’s IP address
  • the username (from above)
  • RSA SecurID=OFF
  • the password (from above)
  • encryption level = Auto
  • “Send All Traffic” = ON
  • Proxy = OFF

Click on “Save” and you will see a switch in the network tab and also in the main settings tab to turn the VPN on and off.

For now, I am leaving it off unless I am on a public network. I am not sure, but I think that keeping the VPN alive might use a lot of battery. So I do not use it unless I need it.

Networking

For me to get this VPN on the internet, I had to do two more things: punch a hole in my firewall for the PPTP traffic, and forward traffic from my VPN out to the rest of the world.

For my server, both of these tasks were handed by the same tool: shorewall.

I added a “masquerade” rule to /etc/shorewall/masq to NAT all of the traffic from 172.16.4.x out through my main network interface.

eth0         172.16.4.0/24    # OpenVPN and PPTP

And then I added two rules to /etc/shorewall/rules to allow the PPTP traffic in.

ACCEPT  net  fw   tcp  1723  # PPTP
ACCEPT  net  fw   gre        # PPTP

When shorewall starts, it will generate the iptables rules that are used by the kernel to filter packets. If you’re using hand-written iptables rules, then you will need some rules that look something like this:

# accept "gre" protocol traffic (PPTP tunnel traffic)
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
# accept PPTP control traffic to TCP port 1723
# (my server IP is 11.22.33.44)
iptables -A INPUT -p tcp --sport 1723 -s 11.22.33.44 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1723 -d 11.22.33.44 -j ACCEPT
# masquerade/NAT internet traffic out of interface eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# turn on packet forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

Conclusion

Now, when I am in a coffee shop, I can turn on the VPN easily by flipping the switch in the iPhone’s main settings screen. It will make a TCP connection to my server, negotiate a few things, and then send all further network traffic through an encrypted tunnel directly to my server, which relays it out to the internet.

You can test this by going to a web site like http://www.whatismyip.com/. If the VPN is working, it will show your server’s IP address. If not, it’ll show the coffee shop’s IP address.

Once I am using the VPN, anyone in the coffee shop who happens to be sniffing traffic on the wireless network will only see a single connection from my iPhone to my server, but the contents of this connection will be scrambled.

Custom ring tones for the iPhone

1

I spent five years working for Ericsson, devoting all of my professional energy towards making cellular phones better. I developed device drivers, application software, “middleware”, protocol stacks, and device prototypes. Not a day went by where I did not think about cellular phones in some way. It was not just a job, but a total gadget lifestyle.

Even in areas where I was not actively assigned to work, I still found ways to influence our products. Two particular examples come to mind.

In mid-2000, I was invited by our vice president (one of the two top managers in our NC office) to attend an all-day brainstorming session to discuss phones for kids and pre-teens: what it would mean for the kids, for the phone companies, for the parents, and for the content providers. I was a bit shocked when I entered the room — the attendee list was much smaller than I had expected, and I turned out to be the only software developer there. But the session went well, and I shared my (year 2000-era) thoughts on how Ericsson could never write even a small fraction of the applications that our customers would want, and so we would need to include some sort of API or virtual machine. At the time, Java looked promising. Fast forward to today, and see the success of Apple’s app store.

The second story, if you’ll indulge me (it is my blog, after all), is when I made friends with the King of Rings in Sweden. He was responsible for all ring tones that we delivered world-wide. I knew that he was also a Palm PDA user, so I showed him a Palm app that contained some really cool alert tones, and we discussed what made them really good alarm sounds: they did not blend in as background noise, they did not sound like voices or singing, they contained some pure tones of different pitches which would cut through the noise of everyday life. In short, they were alerts, not just sounds. That guy was very cool, and he had a very fun job.

It should be no surprise after hearing my Palm stories, that today I carry an iPhone. It’s everything the Palm aspired to be ten years ago, and a lot more than the Palm never imagined. It should also not be a surprise that I would find it important to install some good non-music ring tones for my iPhone. I was pleased to find that it is pretty easy to put custom ring tones on this device without writing a check to Apple or to AT&T. I dig free, and I really dig open.

On iTunes (we’ll forget about open for a second), I subscribed to a podcast that publishes ring tones. The one that I picked was the MacMost iPhone Ring Tones podcast. Every so often, it dumps a pile of ring tones (m4r files) onto your iPhone.

Some of them were cool, some were trash, and others needed a little bit of work. For example, one of them was a woman’s voice that said “ring ring, ring ring, your iPhone is ringing”. I liked the first half, but I thought the last part was tacky. So I decided to edit that one.

On my Linux machine, I downloaded “X Convert File Audio” (xcfa) and “audacity“. I copied the ring tone from iTunes to my desktop. I changed the file extension from “m4r” to “m4a”, since they really are the same thing, but Apple uses the “r” to distinguish ring tones from regular music files. Then I ran xcfa to convert the file to a common “wav” format. The GUI is a little crude (and some of the text is in French), but it works well enough for a quick conversion. Audacity understands wav files, and so I was able to edit the “your iPhone is ringing” out of my sample, and I cut and pasted until I had a 30-second clip (which worked better than a shorter clip for some reason). Audacity has all of the features you’d want, so you could add echo or reverb or whatever you like. I saved my sound as a wav file, using a new name (and also filling in that new name in the “properties” dialog box that popped up). Then I ran xcfa again to convert the file back to “m4a” format, and renamed it back to “m4r”. Finally, I imported the file back into iTunes.

So that was pretty simple: (1) export from iTunes (2) m4r to m4a (3) m4a to wav (4) edit (5) wav to m4a (6) m4a to m4r (7) import into iTunes.

If you wanted to start with a sound or a song instead of an existing ring tone, you would simply convert it to “wav” format and then continue at step (4).

If you’ll excuse me, my iPhone just farted.

Compromised?

3

This morning, when I scanned my email, I ran across a report from rkhunter, a tool that runs on my web server that periodically checks to see if system files have changed, or if users have been added, what processes are listening on ports, and a litany of other tests to detect whether a system might be infected. I get these reports fairly often, usually the day after I do an upgrade, or after I add a new user.

However, today’s email was a little bit alarming. It said that several files had been changed recently. And these files all seemed to do with the same sort of things: running stuff behind the scenes, showing library dependencies, elevating privileges. Basically, these were tools that you would want to modify if you wanted to cover your own tracks.

Warning: The file properties have changed:
         File: /bin/sh
         Current hash: 23603f77da4ca37705146fd8a4ed951c8b037156
         Stored hash : 91654fd25d317bd13a65e10d777ac021f4a1a4f6
Warning: The file properties have changed:
         File: /bin/dash
         Current hash: 23603f77da4ca37705146fd8a4ed951c8b037156
         Stored hash : 91654fd25d317bd13a65e10d777ac021f4a1a4f6
         Current inode: 180336    Stored inode: 180255
         Current file modification time: 1236603791
         Stored file modification time : 1213978027
Warning: The file properties have changed:
         File: /usr/bin/dpkg
         Current hash: 4e05d20a4f828c31eb5f6dd9cc5f04d1d6202d0a
         Stored hash : 09a5bbd0398cc9f02b52440e1241cd942e784a15
         Current inode: 248598    Stored inode: 246001
         Current size: 375340    Stored size: 371244
         Current file modification time: 1236595869
         Stored file modification time : 1220443410
Warning: The file properties have changed:
         File: /usr/bin/dpkg-query
         Current hash: ff8098920430d399933ee24245748983a0661869
         Stored hash : 4a1c1226cbe9dd2ddbec7b5652f1fa8aa0b15f09
         Current inode: 248600    Stored inode: 246003
         Current file modification time: 1236595869
         Stored file modification time : 1220443410
Warning: The file properties have changed:
         File: /usr/bin/file
         Current hash: 4ab93b21aaabb405f4bd2e90f16ee5e952aa746b
         Stored hash : 80dc1735091a4309d23e49ce542c58ddd16163dc
         Current inode: 245969    Stored inode: 246049
         Current file modification time: 1244193699
         Stored file modification time : 1215771733
Warning: The file properties have changed:
         File: /usr/bin/ldd
         Current inode: 248852    Stored inode: 246132
         Current file modification time: 1233224578
         Stored file modification time : 1222684817
Warning: The file properties have changed:
         File: /usr/bin/perl
         Current hash: 00d703e925eca6de0c8fc9bd9d4505db4b81ce33
         Stored hash : efb4a1a3d02798718b7f2bbfea6787dd0de79968
         Current inode: 245962    Stored inode: 246591
         Current file modification time: 1246045733
         Stored file modification time : 1216891204
Warning: The file properties have changed:
         File: /usr/bin/sudo
         Current hash: e649919d4bbc6ac78e38497ca94dc387cc2811a7
         Stored hash : 49e97774326fc9eb5f7cb680477c1d56f4e28921
         Current inode: 246543    Stored inode: 246747
         Current file modification time: 1234840625
         Stored file modification time : 1220275024
Warning: The file properties have changed:
         File: /usr/sbin/cron
         Current hash: 5efdffc9796731168fb7acc8688c5a02e0da42dd
         Stored hash : 04924b72b749e8179bb5839bac1a296c7acf93c4
         Current inode: 245910    Stored inode: 248315
         Current file modification time: 1242164811
         Stored file modification time : 1220989568

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

I scanned /var/log/dpkg.log, to see if I had recently done an update, and I did not see anything. That little paranoid part of my brain started to wake up (those that know me might clarify that when I say “little”, I really mean “big”).

So briefly, someone had changed the following files on my server. How could I tell if they were the “real” ones or not?

  • /usr/sbin/cron
  • /usr/bin/sudo
  • /usr/bin/perl
  • /usr/bin/ldd
  • /usr/bin/file
  • /usr/bin/dpkg-query
  • /usr/bin/dpkg
  • /bin/dash
  • /bin/sh

What bothered me about this combination was that dpkg was in that list, so I could not use any of the apt/dpkg tools to verify the integrity of my packages against what is published on the Ubuntu mirrors.

So I had to take matters into my own hands. I went to the Ubuntu packages site and searched for the first package, ‘cron’. From there, I could click on the ‘i386’ link to download a local copy of the cron_3.0pl1-100ubuntu2.1_i386.deb file onto my laptop (not onto the suspect server). I extracted the contents using dpkg -x cron_3.0pl1-100ubuntu2.1_i386.deb .. From there, it was pretty easy to compare MD5 checksums of the files.

$ ls
cron_3.0pl1-100ubuntu2.1_i386.deb
$ dpkg -x cron_3.0pl1-100ubuntu2.1_i386.deb .
$ ls
cron_3.0pl1-100ubuntu2.1_i386.deb  etc  usr  var
$ md5sum usr/sbin/cron
c1d78d8a9a99b52df8ecba41517ab013  usr/sbin/cron
$

This checksum matched the one on my server. So that means my binary files were legitimate (this does not explain how they got updated without leaving a trail in the logs, but that is another issue).

Lather, rinse, and repeat for all of the suspected files.

I hope this little story helps someone else defuse that panicky feeling that sets in when your intrusion detection system sends you an unpleasant email.

Plant my key

4

Here’s a neat little script that I developed at “the oven place”. It “plants” my SSH key on a remote machine, so I can get in later without entering a password.

#!/bin/sh
user_at_machine=$1
# plant my SSH key on the target machine
cat $HOME/.ssh/id_rsa.pub | \
   ssh $user_at_machine \
      "if [ ! -d .ssh ] ; then mkdir -m 700 .ssh ; fi ; \
      cat >> .ssh/authorized_keys"

All of the action takes place in one single line (which I broke up here so it would wrap OK). It takes your public key from the machine you’re on, and it pipes it into an SSH session, which you’ll have to type your password into. On the remote machine, it creates a .ssh directory if it needs to, and then it appends your public key to an authorized_keys file.

The next time you log in to that remote machine, you will not need to enter your password.

Counting down with ‘pv’

0

Here’s a neat tool.

Ever start some long task, and wonder how much longer it has to go? There’s a small utility called pv (short for “pipe viewer”) that counts time and bytes through a pipe, and it shows a nice progress bar.

Here’s how I used it to watch a very large file being compressed (note the use of the most excellent lzma compression utility.

$ pv < winxp.vdi | lzma > winxp.vdi.lzma
1.79GB 0:21:50 [1.49MB/s] [===>          ] 10% ETA 3:11:02

Note that if I had used a different pipe notation, pv would not have been able to read the input file size, and therefore it could not make estimates of remaining time. So instead, it shows you the “Knight Rider” scanning eye for progress.

$ cat winxp.vdi | pv | lzma > winxp.vdi.lzma
5.48MB 0:00:04 [1.27MB/s] [  <=>         ]

Nice tool. Thanks, Andrew!

Save that thought…

1

At work, our build process can produce thousands of lines of code, and sometimes the important bits can slide off of the terminal’s scrollback buffer.

So I created an alias that logs all output of the shell. It’s nothing fancy… it’s just a call to script with an argument to put the time and date in the filename. But it goes a step further, actually exec-ing the script command, so you do not have to exit twice when you’re done (once to exit the script, and once to exit the original shell).

alias log='exec script "/home/alan/logs/terminal-$(date +%Y%m%d-%H%M%S)-$$.log"'

Still, this requires you to think about logging before you start your work.

Since I normally launch my shell windows from a Gnome application launcher icon, I decided to modify that launcher so that EVERYTHING is logged.

On Gnome, right-click on the panel at the top and select “+ Add to panel…”. Then select “application launcher” and pick out the gnome-terminal from the menus. You’ll have a little terminal icon on the top Gnome panel.

Right-click on that terminal icon and select “properties”. It should say “gnome-terminal”. Change it to the following:

sh -c "exec gnome-terminal -x script $HOME/logs/terminal-$(date +%%Y%%m%%d-%%H%%M%%S)-$$.log"

The double-percents are so the launcher will not interpret them.

Now, when you click on that application launcher icon, a new terminal window will open, and all output to that terminal will be logged.

Firefox: invalid or unsupported form of compression

0

Occasionally, I have been seeing the following error in Firefox (v3.0.11).

The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.

It occurs frequently when I am using a SOCKS proxy. One web site which happens to exhibit the problem more than others is Bruce Schneier’s blog.

The work-around that seems to work for me is to do a “Tools / Clear Private Data…” and select Cache, Cookies and Offline Website Data.

There’s a lively discussion on the Mozilla support forum, but no one seems to know what the source of the problem is.

Two heads are better than one

0

At work, I got a new PC with two monitors, and I have really enjoyed having the extra screen real estate.

When I worked from home this week, I decided that I needed to try hooking an external monitor to my HP laptop. I was happy that, unlike the last time I tried this a few years ago, it “Just Worked” ™ without any special calesthenics on my part.

I wondered why Gnome decided to put the panels (the bars at the top and the bottom) on the external monitor instead of on the laptop display. To me, it seemed more natural to have the “start” menu (actually, the “Applications, Places, System” tri-menu) on the external display instead of right in front of me.

It turns out that this is really easy to fix. Gnome has this configuration tool that is roughly equivalent to the Windows registry… yuck. You can access it using either gconf-editor or gconftool-2. Inside that deep mine of settings, there is one jewel that tells where the panels should go. So I wrote a quick script to move the panels from one monitor to the other and back.

#!/bin/bash

m=$1
if [[ ( ! -z "$m" ) && ( ( $m -eq 1 ) || ( $m -eq 0 ) ) ]]
then
   menu="/apps/panel/toplevels"
   panels=$(gconftool-2 --dump $menu | \
      grep '<key>.*/monitor</key>' | \
      sed -e 's/^.*<key>//g' -e 's/</key>.*$//g')
   for p in $panels
   do
      gconftool-2 --set "$menu/$p" --type integer "$m"
   done
else
   echo "usage --> $0 [ 0 | 1 ]"
   echo "moves gnome panels to monitor 0 (VGA) or 1 (LCD)"
fi
exit 0
Go to Top