random thoughts
inside Alan's cluttered head
The Quick Lounge
0
15 years
In my line of work, I occasionally have the luxury of working from home. When that happens, I prefer to run all of my applications on my desktop PC at the office, and I use “NX” to connect remotely. Specifically, I use the NoMachine NX server on my Ubuntu PC at work (although I am considering trying the open source “freenx” server), and at home I use the “qtnx” client on my laptop, which also runs Ubuntu.
This works pretty well, except my desktop environment does not like the stress of changing resolutions back and forth. It seems that the “panels” in Gnome get confused about where to place the different applets and widgets, since at one time it may have a lot of room, and at another time it may be more cramped.
I got tired of scooting my quick-launch icons around one-by-one, and so I was looking for a container where I could keep them together and move them around as a group. I tried the “drawer” applet, which is available in Ubuntu by default, but that was not quite right. I don’t want to open and close the drawer every time I launch something… I just want the icons to always be there in a group.
I found an applet called “quick-lounge-applet” which really fits the bill. One wonders whether the author meant to say “quick launch”, but perhaps had a poor grasp of English. Either way, this little applet does a great job of keeping my quick-launch icons together in a group, and it can be moved around easily.
After installing the applet (using the normal apt-get install quick-lounge-applet, I found that it was not listed in the “+ Add to panel…” menu. Apparently, Gnome needs to be prodded before it recognises newly-installed applets. There is a simple work-around. Simply re-start the service that keeps track of that stuff: killall bonobo-activation-server. The service will re-start, and there will be a new entry in the “+ Add to panel…” menu called “Launchers List”.
Now, if you’ll excuse me, I am in a hurry. I have some quick lounging to do.
Internet lie: “in stock”
0Apparently, on the Internet, the term “in stock” means something completely different than it does in the real world.
What was I saying?
2Now that I am married and have two kids, I find that I have to edit my stories down to under a minute and a half. Otherwise, the end of the story just never makes it out.
“Hi Honey, how was your day at work?”
“I have to tell you about this new tool we discovered today. We were installing our network software on a cluster of machines, which is usually pretty tedious and time consuming. And then one of the guys pulls out this live CD, and …”
“Daddy, is rice a vegetable or a fruit?”
“Hey kids, put that stuff down and wash your hands and face… now!”
“My friend Drew says that Megan won’t talk to Carter because his sister is mean!”
“I think the dog just threw up.”
What was I saying again? Oh yeah, 90 seconds. Sigh.
Firefox plug-in: SyncPlaces
0
15 years
Early last year, I decided that my tired old HP laptop wanted to retire, and I started shopping for a new one. However, before I could find a suitable replacement, I discovered the Asus Eee PC, and I knew that I had to have one.
It did not make a lot of sense to buy a new laptop and a new Eee PC as well, so I held off buying a laptop. Over time, the Eee PC became my primary machine. Sometimes, I would plug in an external monitor and mouse and keyboard. And other times, I would just use it by itself. After a while, I migrated all of my old stuff off of the laptop and onto a mini- file server, and I eventually left the tired old laptop powered off.
I started using the HP laptop again when I started working from home, but I never really installed anything other than NX. On a whim, I installed the latest Ubuntu, Jaunty Jackalope (9.04), and that really breathed new life into the tired old laptop.
So now I find myself strattling the fence, sometimes using the tired old (but rejuvinated) HP laptop, and sometimes using the Eee PC. Since I keep most of my important stuff on an encrypted thumb drive, it was pretty easy to switch back and forth.
But there was one thing missing… my Firefox bookmarks.
I don’t like the idea of storing my stuff (tax records, email, bookmarks, or anything else) on a site like Google or xmarks (formerly foxmarks). So I went looking for a plug-in that would allow me to synchronize my bookmarks among multiple machines, but use my own server for storage.
SyncPlaces does a pretty good job of that.
It can sync using FTP (yuck) or https (yay) to a WebDAV-enabled server. It only took a few minutes to figure out WebDAV, and pretty soon I had the same bookmarks on the HP laptop and on the Eee PC.
Pidgin and Yahoo
2
15 years
by alan
in free software on 2009-06-22
I ran into a strange bug with pidgin where I could not log into Yahoo. Strace did not shed any light on the problem:
gettimeofday({1245688276, 23774}, NULL) = 0
open("/home/alan/.gnome2/nautilus-sendto/spool", O_RDONLY...
fstat64(7, {st_mode=S_IFDIR|0755, st_size=4096, ...
getdents(7, /* 3 entries */, 4096) = 48
getdents(7, /* 0 entries */, 4096) = 0
close(7) = 0
read(3, 0x93c4508, 4096) = -1 EAGAIN ...
gettimeofday({1245688276, 24697}, NULL) = 0
poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN},...
Instead, the answer came from a blog post here.
Yahoo changed their login protocol. Pidgin released an update. Ubuntu did not propagate the fix, apparently because it was not a security bug, but new functionality.
The pidgin developers have released an Ubuntu package in their PPA (Personal Package Archive). See the details at the pidgin web site here.
South East Linux Fest (SELF)
0
15 years
by alan
in free software on 2009-06-13
I spent the weekend in Clemson SC at the first South East Linux Fest.
It was a great chance to geek out with a bunch of Linux enthusiasts, as well as some of the movers and shakers in the industry.
We enjoyed presentations on topics that ranged from SQLite and the fsync() bug to Asterisk, Open Street Map and the Ubuntu kernel. These guys provided a clear perspective of how the open source world organizes and operates on a daily basis. And their projects just glowed with coolness, which created this viral kind of buzz around the entire event, whether you were a casual Linux user or a hardcore developer.
In the vendor area, we were wooed by several distros, a handful of businesses that sell services around open source software, and some content providers (that is, podcasters and “nerdcore” rappers). We were treated to several raffles… woot!
Mad props go out to the planners of the event, which seemed to go off without a hitch.
Dr. Dolittle
0Saturday was just packed with activities, but Sydney and I managed to sneak away for an hour to see a performance of Dr. Dolittle at Bond Park in Cary.
This is what their promotional teaser had to say.
Dr. Dolittle is being presented by Sign Stage on Tour, a specialist in Sign Language Theatre in which deaf and hearing actors perform together on stage. Whenever a character speaks, the character speaking uses Sign Language and the audience also hears the voice. The voice comes from a different actor speaking through a microphone, sometimes on-stage and sometimes off-stage. Visually, the stage is filled with the movement of hands and bodies yet every word is spoken to make sure all audience members, both deaf and hearing, don’t miss a thing. It’s a magical blend of language created when performing a play simultaneously in spoken English and in the spatial beauty of American Sign Language.
Dr. Dolittle features the good doctor who gives up treating people, after Polynesia, his parrot, teaches him animal languages. He already knew sign language. His fame in the animal kingdom quickly spreads throughout the world. Using all of his language skills, he sets off to cure a monkey epidemic in Africa, finding all sorts of adventures on the way.
The best part of the performance, by far, was the way that the lines were delivered in sign language by the actor in focus, while being spoken by another actor. It took me a while to realize that the audio was live, and not a recording. At times, you could see one actor delivering his own lines in sign language, and then his partner’s lines by voice.
All of this was accomplished by a team of four very talented individuals, who endured the 90° NC heat to entertain and educate us for an hour.
23 cubes in a bottle
1
16 years
Normally, I do not allow my children to have soft drinks. Occasionally, I will let them have a diet soft drink, just so it won’t be considered a forbidden fruit. But most of the time, they drink milk and water. Sometimes they have diluted fruit juice.
Today, they asked if they could use their own money to buy a soft drink from a vending machine. So that’s what we did. I was shocked to see how much sugar was in there.
The label says that there is 34 grams of sugar per cup of Sunkist. And then it goes on to say that there are 2.5 cups in the bottle. Apparently, you are supposed to share this drink with 1.5 friends.
So that means that one 20-ounce bottle contains 84 grams of sugar. That does not sound like much… after all, a gram is pretty small. You know, they measure stuff like medicine using grams, right?
So we got out the postage scale and started stacking up sugar cubes until we had 84 grams. How many cubes would you guess? I would not have guessed it… 23 sugar cubes!
Now imagine fixing yourself a cup of coffee and dropping 23 sugar cubes into the cup. Yuck!
TransUnion — free credit reports, or not?
0
16 years
by alan
in thumbs down on 2009-03-18
This evening, something (I don’t know what) inspired me to check my credit report. I know that you are supposed to be able to get a free credit report from each of the “big three” (Equifax, Experian, and TransUnion) every year. So I started by going to the Federal Trade Commission’s web site. I know it’s easy to be scammed, so I wanted to start with the source.
They direct you to a site that sounds like a scam (AnnualCreditReport.com), but is not. You can go through the government-designed (usability-be-damned) web interface that simply redirects you to the web sites of the big three. At some points in the process, my Firefox NoScript plug-in started complaining about potential cross-site scripting problems, and some scripts on a site called “ezapp.cc”. But a few minutes later, I got reports from Experian and Equifax.
Transunion, however, gave me this lame excuse.
Unable to Confirm Identity
As a security precaution, we cannot provide online deliveryWhat’s happening…
We apologize for the inconvenience, but based on the
information provided, we have been unable to confirm
your identity.Because the protection of your security and privacy
are of the utmost importance to us, we cannot provide
your Personal Credit Report online.What you should do…
* Please return to www.annualcreditreport.com to
order your Personal Credit Report by phone or mail.
This was after I entered a username and a password (generated and stored in 2007 using PasswordSafe).
In 2007, I did send a written request to TransUnion for the credit report by mail… I don’t recall ever receiving one from them.
Pwn3d
0I just spent the entire weekend re-building a server for the Triangle Linux Users Group.
We first noticed that something was wrong when the machine stopped responding over the network. A couple of our admins took a trip to the data center and noticed that we had a firehose of data on port 6667 (an IRC port), originating from a process owned by the “apache” user.
So we’d been pwned. Now what?
We figured the best way to proceed would be a complete re-install of the operating system. I happened to be free the next day, so I was volunteered to lead in the clean-up duty.
So I drove out to the data center to camp out in the cold air conditioning for a while. I saved away the old infected partitions (we use LVM) and I allocated new space for the fresh install. After I had the OS installed and responding over the network, I went home to finish. I worked frantically over the weekend to restore many of the services that we enjoyed. My priorities were clearly restoring our 250 user accounts and then getting email working (securely). In the process, I gave myself a crash course in LDAP, since that is what we use for user authentication.
Within about 48 hours, we had everything restored except our web pages. After all, we knew the break-in had allowed someone to create a rogue process owned by apache. So we must have had some problem with one of our web-based applications. We did not know whether it was our Drupal-based web page, our web mail client, our wiki, a user application, or something else.
I dug through the log files on the infected partitions, and soon it became apparent that there was a cron job set to run every minute, owned by the ‘apache’ user. The script simply looked to see if its IRC program was running, and if any part of it was damaged or deleted, it would reinstall a new copy of itself somewhere else on the disk… somewhere no one would look, like /var/tmp/.s/something.
Finally, the apache error logs showed what the problem was. It seems that we were running an unpatched version of “RoundCube“, a web-based IMAP e-mail client with a nice AJAX interface. There is a vulnerability in this package that allows a visitor to upload a package to your web server and then run their programs on your server.
Fortunately, the process runs as the “apache” user, and not as “root”. Otherwise, the rogue software would have had permission to do a lot more damage than it actually did. As it stands, the bot simply chatted with a lot of other infected machines. Thankfully, it did not seem interested in the files on our machine.
I learned a lot from this experience. As one admin said, the forced cleanup was a “much-needed enema”, something we had avoided for a long time. As a shared system, system administration was something that was handled by a loose group, and was handed off to new members every year. This break-in was enough to attract our attention, but it was not destructive. And it inspired us to simplify our existing system. And it inspired me to set up nightly backups.
ssh + netcat
1
16 years
At work, I need to access some blade servers that are on a private network. The only way to get into these machines is to shell into a lab box first, and then shell into a blade.
alan@desktop:~$ ssh root@labaccess Last login: Tue Feb 17 10:13:52 2009 from desktop [root@labaccess ~]# ssh root@blade3 root@blade3's password:-****** Last login: Tue Feb 17 10:14:03 2009 from labaccess [root@blade3 ~]#
A while back, I picked up this little nugget from the TriLUG mailing list (thanks to Magnus Hedemark). There is a way to make this intermediate hop automatically. Simply add the following to $HOME/.ssh/config:
Host blade3 blade5 blade10
ProxyCommand ssh root@labaccess "nc %h %p" 2>/dev/null
Now, when I try to ssh directly from my desktop to one of the blades, it first establishes an SSH session to the labaccess machine, and then netcat’s all of my original SSH traffic directly to the target blade.
This process will ask you for 0, 1 or 2 passwords, depending on whether your public key (from desktop) is in the $HOME/.ssh/authorized_keys files on the labaccess and bladeX machines. Since I have my public key on all of the machines, this is what I see now:
alan@desktop:~$ ssh root@blade3 Last login: Tue Feb 17 10:17:21 2009 from labaccess [root@blade3 ~]#
This also means that I can scp files directly from my desktop to the blades, without having to dump them on the labaccess machine.
By the way, this trick provides an EXCELLENT reason to consider re-flashing your home router with Tomato firmware, which has ssh and netcat built-in.
Host homepc1 homepc2
ProxyCommand ssh root@router "nc %h %p" 2>/dev/null
Thumbs Up : Red Box
0Our family does not watch a lot of TV, so when we gather around the tube for a movie, it’s a real treat.
This week, we rented two movies from the “Red Box” video rental service at our local grocery store. I am really pleased with their service.
- The price is very reasonable: $1.07 for one night.
- The selection is good.
- I can check movie availability and make reservations from the web.
- No membership necessary… just swipe a credit card when you rent.
- There are plenty of locations to choose from.
- I can return the movies as late as 9pm the next day.
- I can return the movies to any Red Box location.
- Checkout and return confirmation can be emailed to you.
These guys have really done it right. I hope they stick around.