Tuesday, December 23, 2008

Sandisk MP3 player problems on hardy

My Sandisk mp3 player isn't mounting properly under hardy:

[ 3063.523223] usb 5-5: new high speed USB device using ehci_hcd and address 3
[ 3065.287712] ehci_hcd 0000:00:1d.7: port 5 reset error -110
[ 3065.287781] hub 5-0:1.0: hub_port_status failed (err = -32)

Removing the module with 'sudo modprobe -r ehci_hcd' let it mount properly as suggested in the bug report.

Thursday, December 18, 2008

GDB tips

  • gdb --args ./binary arg1 arg2
  • You can do make and make install from inside gdb!
  • list - see where you are in the code
  • set follow-fork-mode child - as it suggests, follow the child at forks, default is parent.
  • Get core by setting 'ulimit -c unlimited' and debug with gdb ./binary pid.core Print variables and use up/down to traverse the call stack.
  • info break for a list of breakpoints.
  • finish - execute till return.
  • To print 100 bytes of memory pointed to by a pointer ppoint:
    x/100ub ppoint

Wednesday, December 17, 2008

Why darcs is better than bzr

I am all in favour of distributed revision control. Recently I tried bazaar (bzr) because it has superior windows support compared to any of the other candidates (git, darcs, mercurial etc.), and unfortunately I have to occasionally develop on windows. I was very disappointed by its 'send' functionality however. Here is my workflow that is broken:

How I want it to work:

  1. bzr init myrepo
  2. email repo to another disconnected network (email is the only comms available), where someone else works on the code as well
  3. bzr commit change1 change2 change3
  4. bzr send change1 change2 change3 -o bundle
  5. email bundle

Instead, I have to keep another copy of every repository that is the 'synced' version. I have about 20 repos which means I now need 40 directories, what a PITA. Remind me how this is better than subversion again? I'm starting to forget. So this is what I have to do:

  1. bzr init myrepo
  2. email repo to another disconnected network (email is the only comms available), where someone else works on the code as well
  3. cp myrepo myrepo_synced
  4. cd myrepo; bzr commit change1 change2 change3
  5. bzr send change1 change2 change3 -o bundle myrepo_synced
  6. email bundle

Keeping another repo just to keep track of synced state is exactly the sort of annoyance that distributed revision control is supposed to fix. Darcs solves this problem in a sensible manner, each bundle contains metadata for patch dependencies (revisions) that must be present for the patch to be applied successfully. Having to re-send the entire repository (as suggested in a mailing list thread - 'send' against null repo) for small changes is ridiculous.

Saturday, December 13, 2008

Google SPF checking FAIL

Google inbound SPF checking is shit. Even for hardfail specifications, it delivers the email to the user's inbox with no visual indication it has failed SPF. See below for an email that was delivered normally to my inbox when it should have been dropped, or at the very least marked as evil.

Delivered-To: xxxxxx@gmail.com
Received: by with SMTP id z11cs98143eba;
Sat, 13 Dec 2008 21:10:18 -0800 (PST)
Received: by with SMTP id b2mr9887397yba.167.1229231416967;
Sat, 13 Dec 2008 21:10:16 -0800 (PST)
Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [])
by mx.google.com with ESMTP id 5si9650165ywd.41.2008.;
Sat, 13 Dec 2008 21:10:16 -0800 (PST)
Received-SPF: fail (google.com: domain of evil@xxxxx.com does not designate as permitted sender) client-ip=;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of evil@xxxxxxx.com does not designate as permitted sender) smtp.mail=evil@xxxxxxxx.com
Received: from compute1.internal (compute1.internal [])
by out1.messagingengine.com (Postfix) with ESMTP id 34BA11E6BF8
for ; Sun, 14 Dec 2008 00:10:16 -0500 (EST)
Received: from web7.messagingengine.com ([])
by compute1.internal (MEProxy); Sun, 14 Dec 2008 00:10:16 -0500
Received: by web7.messagingengine.com (Postfix, from userid 99)
id 0E9F4545AD; Sun, 14 Dec 2008 00:10:16 -0500 (EST)
From: "xxxxxxxx"
To: xxxxxxxxxx@gmail.com
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="ISO-8859-1"
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface
Subject: testing spf
Date: Sun, 14 Dec 2008 00:10:16 -0500


Sunday, November 23, 2008

Friday, November 7, 2008

Adding a second luks passphrase to a luks encrypted root on hardy

Add the new passphrase for the key slot to the physical device, which if you built the crypt root using the ubuntu alternate CD is /dev/sda5:

sudo cryptsetup luksAddKey /dev/sda5

Thursday, October 23, 2008

Adding packages into a yum server and self-signing them

  • Dump the rpms into a subdirectory
  • gpg --gen-key

  • Edit ~/.rpmmacros:

    %_signature gpg
    %_gpg_name Peter Parente

  • In the RPMS directory:
    rpm --resign *

  • gpg --export --armor key name > RPM-GPG-KEY-mine

  • On both clients and server:
    cp RPM-GPG-KEY-mine /etc/pki/rpm-gpg

  • On server:
    createrepo /my/repo/where/rpms/are

  • Add a+r on files and a+x on directories for serving.
  • On the client:
    rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mine

Sunday, October 19, 2008

VMWare Server Console broken on Hardy - gcc version conflict

VMWare-server-console ships with a bad library that reports errors about version GCC_3.4 not found. Easily fixed: delete the bad library from /usr/lib/vmware....

Thursday, October 16, 2008

Cisco pix firewall configuration notes

To start logging for debug:
logging buffered debugging

To view logs:
show logging

Log to remote syslog:
logging trap errors
logging host inside ip

Need a default route as a catchall on the outside interface:
route outside ip 1

ntp server source inside prefer

Disable nat in both directions:
nat (inside) 0
static (inside,outside) internalip internalip netmask

If you are dicking around with nat rules make sure you:
clear xlate
clear arp
show xlate

Use nat to do inside --> outside nat. Use static for outside --> inside. To use port address translation (PAT) for inside --> outside with the outside external ip:
nat (inside) 1 ip netmask
global (outside) 1 interface

Enable SSH login from a IP range on the internal side:
ssh ip netmask inside
ca generate rsa key 2048

To save config:
wr mem
ca save all

Thursday, October 2, 2008

Vim neutered on hardy

So on ubuntu hardy the default vim install is vim-tiny, which is rubbish. Can't even do syntax highlighting. To get usable vim, install vim-runtime, or for the real deal vim-full.

Saturday, August 23, 2008

Customising the eeepc

Here's what I did

  • Disabled samba and portmapper by commenting them out of /usr/sbin/services.sh. Tried just commenting out their start methods in init.d, but services calls start-stop daemon directly for portmapper. Didn't want to actually uninstall in case I want them later where there is no inet access.
  • Disabled cups auto-discovery off (Browing Off in /etc/cups/cupsd.conf) because it requires a process listening on the network.
  • Changed computer hostname using kcontrol
  • Connect to my home wireless automatically on boot.
  • Changed screensaver to lock after a few seconds.
  • Added in extra apt package sources and installed openarena - awesome.

Tuesday, July 22, 2008

Doing incremental reveal in Open Office Impress

I like doing presentations with incremental reveal on my points, where one point comes up on the screen for each mouse click. Powerpoint calls this something like 'animate by 1st level paragraph'. To get this to work in open office impress:

  • Click on your text box, then custom animation in the task pane on the right hand side
  • Click Add...
  • Select Appear
  • Right click the animation that appears in the box and select Effect Options...
  • On the Text Animation tab, choose 'Group Text: By 1st level paragraphs'

So intuitive! I couldn't get it to apply to all slides by doing this to the master so I just did it to one slide then used 'Duplicate Slide'.

Well done to both Powerpoint and OO for making it easy to do all sorts of distracting and stupid flying animations but hiding useful features under a maze of configuration.

HOWTO Install OpenOffice Dictionaries

If you don't have dictionaries installed OpenOffice will do a spellcheck and tell you there were no errors. Not exactly the best result - it should say it doesn't have any dictionaries installed. To install openoffice dictionaries go to:

File|Wizards|Install new dictionaries...

Tuesday, June 17, 2008

RPM Links and HOWTO

If you have a change to the original source you need to make:

cp -r package-1.3.2 package-1.3.2p
make change in package-1.3.2p
diff -uNr package-1.3.2/ package-1.3.2p/ > ../SOURCES/package-1.3.2-my.patch

and add a Patch line to the spec file.

Sunday, May 25, 2008

Vmware won't compile on Hardy

Vmware server and workstation are both currently broken on the kernel version in Hardy. You need to install a patch to get them to compile. Vmware server also requires xinetd. I changed
to force all services to only listen on localhost with
 bind            =

Not only that, but vmware-server-console is busted too!

/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib/libcairo.so.2)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libpng12.so.0/libpng12.so.0: no version information available (required by /usr/lib/libcairo.so.2)
/usr/lib/vmware-server-console/bin/vmware-server-console: /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib/libstdc++.so.6)

Fix it with

sudo ln -sf /usr/lib/libpng12.so.0 /usr/lib/vmware-server-console/lib/libpng12.so.0/libpng12.so.0
sudo ln -sf /lib/libgcc_s.so.1 /usr/lib/vmware-server-console/lib/libgcc_s.so.1/libgcc_s.so.1

Tuesday, May 20, 2008

Awesome article on VMWare detection and mitigation

Great article on how to detect VMWare, and how to prevent detection using undocumented VMX settings. Written by Ed Skoudis and Tom Liston from SANS.

Monday, May 19, 2008

Hardy usability downgrade: CD media removed from "Removable Drives and Media"

Argh! The option to prevent Audio CDs from being played automatically has been removed from System | Preferences | Removable Drives and Media. Why? It is so annoying to have Rhythmbox fire up when I just want to copy a CD. The preference is now hidden in the super intuitive place of Edit | Preferences | Media Tab in the Nautilus file manager.

Sunday, May 11, 2008

Intel soundcard on Hardy heron

My intel sound card didn't work out of the box with Hardy. I followed these instructions to compile and install the driver, and all was good.

Hardy initrd breaks luks with "/sbin/udevsettle" not found

The initrd in hardy broke luks cryptoroot, because the cryptroot script refers to udevsettle, which has been replaced with udevadm. It dies with "/sbin/udevsettle" not found. Here's how you fix it.

Unzip, and unpack the initrd:

gunzip -S "" initrd.img-2.6.24-16-generic
cpio -id < initrd.img-2.6.24-16-generic
vi scripts/local-top/cryptroot

Replace "/sbin/udevsettle --timeout=30" with "/sbin/udevadm settle --timeout=30". Repack the initrd:

find ./ | cpio -H newc -o > initrd.cpio
gzip initrd.cpio

NTP pool setup

I use the free ntp pool for access to accurate timing. Edit /etc/ntp.conf and add these lines:

server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
server 3.us.pool.ntp.org

Restart ntp and then check you have accurate time sync:

ntpq> lpeers
remote refid st t when poll reach delay offset jitter
+ip-72-167-54-20 2 u 844 1024 377 88.972 12.657 140.873
*nist.netservice .ACTS. 1 u 263 1024 377 47.284 0.231 164.968
-lashiir.sapros. 3 u 833 1024 377 64.212 34.142 111.228
+ntp.LogicX.net 2 u 904 1024 377 24.615 -1.935 49.235

Friday, May 9, 2008

Debmirror of ubuntu archive, with valid gpg keys

Getting debmirror to use the Ubuntu gpg signatures was harder than I expected. First I tried:
gpg --import /usr/share/keyrings/ubuntu-master-keyring.gpg

Which worked fine, but put the keys in ~/.gnupg/pubring.gpg and debmirror wants them in ~/.gnupg/trustedkeys.gpg, so I got this error:

Mirroring to /repo/ from http://us.archive.ubuntu.com/ubuntu/
Arches: i386
Dists: hardy
Sections: main,restricted,universe,multiverse
Will NOT clean up.
Pdiff mode: use.
Attempting to get lock, this might take 2 minutes before it fails.
Get Release files.
[0%] Getting: dists/hardy/Release... ok
[0%] Getting: dists/hardy/Release.gpg... ok
gpgv: keyblock resource `/home/name/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Thu 24 Apr 2008 02:19:52 EDT using DSA key ID 437D05B5
[GNUPG:] ERRSIG 40976EAF437D05B5 17 2 00 1209017992 9
gpgv: Can't check signature: public key not found
gpgv: keyblock resource `/home/name/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Thu 24 Apr 2008 02:19:52 EDT using DSA key ID 437D05B5
gpgv: Can't check signature: public key not found
Release signature does not verify.
Release signature does not verify.
Failed to download some Release or Release.gpg files!
WARNING: releasing 1 pending lock...

The debmirror man page recommends this command to get them into trustedkeys.gpg, which works fine:

gpg --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --export \
| gpg --no-default-keyring --keyring trustedkeys.gpg --import

Then the debmirror command:

sudo debmirror --nosource --host=archive.ubuntu.com --method=http --root=ubuntu \
--dist=hardy --section=main,restricted,universe,multiverse --arch=i386 \
--progress --nocleanup --ignore-small-errors -v /repo/

Thursday, May 1, 2008

Boot a dd disk image in VMWare

LiveView is a cool bit of open-source software that allows you to boot a disk image acquired using dd in a VMWare virtual machine. It handles the hardware conflicts that arise from booting the OS on different hardware, without modifying the original disk. Great idea. It is pretty much aimed at windows images, with some limited linux support. Be prepared to deal with the pain of windows activation!

The MUICache registry key mystery de-mystified

Recently I was seeing entries being created under


when running programs, and got to wondering what they were. Is it a way for malware to ensure it can persist and get started on reboot? Apparently not. The windows IR blog has a good discussion on the topic, but I found the best answer on Scot's Newsletter. I have copied the content below in case the website disappears:

I'm not sure what MUICache stands for but I know for sure that Windows uses HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache to cache location of icons and their string descriptions for various internal windows uses.

For example, if you change the value of @C:\WINDOWS\system32\SHELL32.dll,-8964 from Recycle Bin to Trash and Hit F5 on the destkop, the description of your Recycle Bin will be Trash.

Basiclly, the string Trash is now associated with Recycle Bin icon stored in SHELL32.dll. If you right click on any shortcut and select properties and then select Change Icon on Shortcut tab, you will see all the icons stored in SHELL32.dll.

Another example is, when you try to run a file with an unregistered/ unregconized extension in windows, you will get a dialog box asking you to select the program from the list.

In Programs listbox displays icons and their string names which represents programs that have "open" command in the registry.

Adobe Acrobat 7.0 corresponds to the key-value pair of
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe - Adobe Acrobat 7.0 in MUICache.

The key represents the location of the exe where icon is stored and value represent the description string of exe. You can get the description string by right click on the exe and select properties. In the version tab, you will see the description string that is used.

A C++ developer will put this information in the resource (.rc file) under VS_VERSION_INFO entry.

A developer may choose to create the key in MUICache during the installation or programatically when a program starts.

This entry is usually automatically generated by windows when a user double clicks on a registered/regconized extension.

For example, there is a key called .doc in HKEY_CLASSES_ROOT. The default value of this key is Word.Document.8. When a word document file is double clicked, Windows looks for .doc key in HKEY_CLASSES_ROOT and knows what type of document .doc is and in this case Word.Document.8. Then Windows searches for Word.Document.8 in HKEY_CLASSES_ROOT. Under Word.Document.8, there is a key that tells windows what program and what arguments to pass to open such document. In my computer the key is HKEY_CLASSES_ROOT\Word.Document.8\shell\Open\Command and its value is "C:\Program Files\Microsoft Office\OFFICE11\WINWORD" /n /dde

This entry also gets called when you select Tools > folder options from the folder menu and select File Types tab. You will see doc entry in there. Highlight it and select Advance and double click on open entry. You will see the exact same string in HKEY_CLASSES\Word.Document.8\shell\Open\Command.

After a known extension is double clicked and the program opens the document, Windows Automatically generates 2 entrys: one is HKEY_CLASSES_ROOT\Applications\Winword.exe\shell to indicate what to show up in the application list and how to open a document (picture below) and the other is in MUICache for corresponding icon and description string.

A developer can programtically create key in MUICache and HKEY_CLASSES_ROOT\Applications\filename.exe or use scripting during installation process. If not, when the registered/recognized extension is activated, these two entries are automatically generated.

When you deleted these two entries (but please don't), it'll pop up again the next time you double click on a known extension file (as long as, exenstion registry is still in tact).

That's why sometines we see these two keys related to viruses because as long as the virus exe is still on the machine, you can't seem to get rid of these keys. If you look on a symantic website, they documented a virus called dialer.exe (which dials high-cost telephone calls from your computer) associated with MUICache.

Tuesday, April 29, 2008

Windows Portable Executable (PE) File Format

Great articles by Matt Pietrek that discuss the PE format in-depth:

Bash 'for' loop examples

I can never remember the syntax for bash for loops:

for i in $( ls ); do
echo item: $i

for i in `seq 1 10`; do
echo $i

for ((i=100;i<=115;i+=1)); do
echo $i
sleep 1
echo $i > /dev/ttyS1

PenguinTV broken on Gutsy

I have been using PenguinTV to download the radio shows I subscribe to. The interface is OK, except:

  • The multiple download feature is broken. You can't select muliple files and get it to download. Sucky!
  • It is totally broken on Ubuntu Gutsy (segfaults). The workaround is:

    export LD_LIBRARY_PATH=/usr/lib/firefox
    export MOZILLA_FIVE_HOME=/usr/lib/firefox

Monday, April 28, 2008

HOWTO write a firefox plugin

I'm in the process of writing my first firefox plugin and have recorded my experiences here. The HOWTOs and links I used were:

The most important firefox extensions are:

  • Console2
  • Extension developer's extension. The 'reload all chrome' is useful for stuff that is otherwise cached.

To create the xpi file for publishing you need to change your chrome.manifest to point to the jar file (I keep another chrome.manifest for packaging in the repository so I can just copy it over). The ordinary manifest looks like this:

content myextensionname chrome/content/
skin myextensionname classic chrome/skin/
overlay chrome://browser/content/browser.xul chrome://myextensionname/content/browser_overlay.xul
locale myextensionname en chrome/locale/en/myextensionname/
and the packaging one looks like this:

content myextensionname jar:chrome/myextensionname.jar!/content/
skin myextensionname classic jar:chrome/myextensionname.jar!/skin/
overlay chrome://browser/content/browser.xul chrome://myextensionname/content/browser_overlay.xul
locale myextensionname en jar:chrome/myextensionname.jar!/locale/en/myextensionname/

I use these commands to create the jar and xpi:

cd chrome
zip -r myext.jar * -x \*.svn\*
cd ..
zip myext.xpi install.rdf chrome.manifest chrome/myext.jar

Monday, April 7, 2008

Python memcached

Installing the python bindings for the C libmemcached:
  1. Patch libmemcache

  2. It's been a while since I used patch, so I thought I'd record the command I used. This was a multifile patch, and it applies the patches to all the right files. How cool is that! The -p1 prunes off one slash of the path since my directory was different to the guys who made the patch.

    patch -b -p1 -i libmemcache-1.4.0.rc2.patch

  3. Compile and install libmemcache

  4. sudo apt-get install python-dev

  5. sudo python setup.py install

  6. Download the actual memcached, compile and install

  7. Use it (StringClient for strings, Client uses pickle for other types):

  8. import cmemcache
    a.set('key', 'value')

Sunday, March 30, 2008

Port forwarding to a VMWare NAT-ed OS

I had the need to forward ports to a VMWare machine behind a VMWare NAT. VMware has some good instructions on how to do this. For a linux host you need to edit
which is pretty self explanatory.

Friday, March 28, 2008

Openchange: Open source exchange server

I just heard about Openchange, which is a GPL version of MS Exchange server. I think it is awesome people are working on this. Samba, openchange, soon we will be able to replace the entire windows backend with linux without impacting user desktops :)

Monday, March 24, 2008

Increasing webpage load performance/speed

There is a great powerpoint presentation from a yahoo guy about the research they have done to improve page load times for users. It builds off a series of posts on Yahoo's UI Blog. Something I had never heard of before that sounds cool: Minify for crunching down javascript and CSS. Update: There is an even better discussion on the yahoo website.

Memcached, making an app with a DB backend really fast

Reading about twitter's queueing engine got me interested in memcached, which looks awesome. It is used by some of the biggest players on the Internet: livejournal, sourceforge, slashdot, wikipedia, etc. The idea is whenever you do a select on a DB, you first look in the memcache. Similarly, when you delete/update in the DB you also remove/change the values in the cache, which means the data in the cache never actually expires.

This could provide vast speedups for pretty much any app that interacts heavily with databases. I have two projects I work on in mind....

There is a great idea called mint cache that even handles the 'dog-pile' effect that occurs when the data in the cache is stale, and many requests are received while the new values are being generated. Cool. The memcached FAQ includes this design example and lots of other good ideas.

Twitter, time to open source

I've been learning and playing with twitter, and am blown away by the possibilities. I want to see all the twitter server code open-sourced, so companies can run their own internal twitter services. Would be great for collaboration, and minimising wheel re-invention.

Say I'm starting work on some code to parse XML from a particular app into a database, I set a twitter message "writing python code to import app XML into MySQL". All the other developers are monitoring their XML feeds, and can come tell me that someone else has already written the code. When I need to write my summary at the end of the week for management, I can look back through my twitter history to remember what I was up to. Not only that, management can watch all the feeds to get an idea of what different people are currently working on at a very fine-grained level. It is up to the manager not to micro-manage at this point :)

Twitter has open-sourced its queue server, 'Starling', which is a step in the right direction. I don't expect it will be long before someone starts implementing the full server as an open-source project.

Twittervision is one of the coolest things I have seen in a while. Watch what people all over the world are doing and thinking, right now! Watch a continent go to sleep and another one wake up...super cool.

Monday, March 3, 2008

Linux printing success: HP Deskjet F4180

I had to buy a printer in the US, so I approached the cheapest inkjets and multi-function devices with the fear known only to linux users. Would it work? At all? A little bit?

I put all my trust in openprinting.org and bought a HP F4180, which supposedly worked "perfectly". I plugged it in and am happy to report Ubuntu 7.04, with hplip pre-installed recognised it, and I was printing straight away! Haven't tried the scanner yet.

The best part is the power supply is switched so it handles 110-240V and uses an IEC C7 connector to plug into the wall. So all I need to do is replace the IEC C7 to use it in any other country.

Strangely no printers come with USB cables these days. Is this just to give Best Buy a chance to make money off selling cables? They were charging $30 for a USB A-B, which I could get on Amazon for $1.30.

Saturday, February 23, 2008

Eye-fi wireless SD card - cool, but could be so much better

Eye-fi have released a 802.11 wireless SD card, which is pretty amazing tech considering the form factor. This is a very cool idea, but there are a few things I don't like:
  • If you upload to a website like flickr, all your photos first go through eye-fi, which sucks. Why should they get copies of all my photos? They say it is so you can resize them before posting to Flickr etc. I don't think the posting process is that complicated it needs to be done by the back end.
  • You can only upload to nominated SSIDs. This isn't how I want to use this thing - if I'm at home I can just use the card reader, backing up is easy, and I don't take any photos at home! I want to use it on holiday, where I have no idea what APs are available and definitely won't know authentication keys.
  • There is no open API to extend the use of this tech. Take a leaf out of Google's book! Imagine applications in scientific data recorders sending back data, or GPS nav devices sending tracks so others could track progress of relatives driving from out-of town, friends on holiday etc. in near real-time.
  • It doesn't work on linux, but someone is working on that. If the device was more open, linux developers and users would have it written in days!

Here's how I would like it to work:

  • I specify a list of preferred APs, which it checks for reasonably frequently. I can also set a longer interval after which if it can't find my preferred networks it associates to any open AP that can get to the Internet.
  • Card makes an SSL connection to flickr/picasa and checks the certificate against the certificate fingerprint I supplied at configuration time. This means your data is encrypted and has not been a man-in-the-middle victim, circumventing the suite of nasty attacks that malicious APs can make. Photos uploaded directly to flickr/picasa, I don't waste bandwith/battery sending them to my home computer since I can download them off the card when I get home anyway.

Imagine the possibilities if one of my access points is Free the net!! Photos backed up to flickr as I wander around the city.

Friday, January 25, 2008

Linux streaming audio HOWTO: triplej over the Internet

You will pick up a link like this off the website:


Which if you download it just is a redirector to:

So, make sure your firewall is going to allow the wacky port and you are off:


Update: Saving the stream

This is how you can save the audio stream and listen at the same time! You can also get mplayer to parse the playlist file for you:

mplayer -playlist http://abc.net.au/streaming/triplej/triplej.m3u -dumpstream -dumpfile /home/greg/mp3/hottest_100.mp3
mplayer hottest_100.mp3

Mplayer, I love you.

Thursday, January 24, 2008

MySQL commands I always forget

I always forget these, don't know why:

show full processlist

show table status

show index from [tablename]

mysqdump --no-data [dbname]

Thursday, January 17, 2008

Things I don't like about MySQL

Generally I really like MySQL, have used it for a number of different projects, and I will continue to do so. However, recently I have started working with larger databases and using some of the more advanced features and am running into some annoying problems.

Passing a table name as a parameter

The number one gripe I have actually turned out to be just as ugly using Postgres and Oracle as well, so I can't hold this one against MySQL.

I have found myself wanting to pass table names as parameters to stored procedures, but this makes the code really nasty with string concatenations as below:

SET @sql = CONCAT('SELECT MAX(ID) FROM ', pTableName, ' INTO @max');
PREPARE stmt FROM @sql;

Now imagine a complex stored procedure that needs to reference that table name a lot. Yick. I'm going to try and avoid this situation by putting the logic in the application until MySQL brings out something like a format string :P

I can't raise an error inside a stored procedure

This sucks. I do some sanity checking inside my stored procedure but there is no way to fire an error. Well, no convenient/useful way anyway. Apparently this has been addressed in 5.2, which is not soon enough.

No foreign key enforcement in MyISAM

This is a shame, and I know I can choose InnoDB if I want FK support, but what I really want is the speed of MyISAM with the option of having my FK constraints enforced. I want to be able to turn it on, see how fast it is, and if it is too slow turn it off again.

Can't build cursors from dynamic SQL

This is annoying. The workaround is to use a temporary table, but that is messier than I would like.

No Partition Pruning on Timestamps

This is pretty sucky and MySQL doesn't seem to be in a hurry to fix it. You can't get partition pruning optimisation on timestamps - so partitioning is pretty mcuh useless. You have to workaround it by using unsigned int's and UNIX_TIMESTAMP and FROM_UNIXTIME. You can partition on Date fields but they are twice the size, which is a big disadvantage for large databases.

Wasn't a real database before 5.1

MySQL just doesn't seem to have been a real database before version 5.1. I guess everything has to start somewhere, but this is a bit too recent for my liking and I seem to be hitting plenty of 5.0 installs that just don't have the advanced features I want.

Worst for security according to David Litchfield

At AusCERT 2007 I asked David Litchfield, database security ninja, which of the popular databases had the worst security - he said MySQL :( I tried to push for some specifics but he didn't give me any solid information.

Sunday, January 13, 2008

Yubnub - quick searches and more 'quicklinks' style

Yubnub rocks. It gives you a search box in Firefox that lives to the right of the URL bar. Here is some example usage:

Google yubnub: g yubnub
Google maps search: gm bicycle stores boston
Wikipedia search: wp monkey

This is only scratching the surface, there are hundreds of different shortcuts.


I stopped using yubnub because I didn't like the idea that one guy knew my IP address and everything I ever search for. This is worse than google knowing everything I search for because by its nature it ties everything together: flickr, delicious, wikipedia, mysql.com etc.

Apt update notifier - automatic package installation

Why doesn't anyone talk about the inbuilt apt update notifier? There is no end of scripts for downloading/notifying of package updates that duplicate update-notifier functionality. On feisty to get my apt package updates downloaded and installed automatically, I edited /etc/apt/apt.conf.d/10periodic to include:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";

And then run apt-config dump to verify the results.

In Hardy, take a look at this file:
I uncommented hardy-updates to allow those to be automatically applied as well. The unattended upgrade is performed by a python script:
which logs to
You can run this script manually with -d to get it to write debug info to the log.

Ripping and converting CDs/MP3s on Linux

To go from mp3s to WAV to make an audio CD, use mplayer:
for nam in *.MP3; do nice mplayer -ao pcm "$nam" -ao pcm:file="$nam.wav"; done

To rip CDs to mp3 I use GRip with these settings (variable bit rate encoding):
/usr/bin/lame --preset standard %w %m

Encode file format:

Creating a self-signed ssl certificate for Apache2

For some reason I always forget this command. To create a self-signed ssl certificate for your Apache2 webserver use:

apache2-ssl-certificate --days 1095

This will give you a certificate in /etc/apache2/ssl/apache.pem that is valid for three years.