Saturday, December 5, 2009

Enable Custom Sounds on the Motorola Droid

Although it is not immediately apparent, the Motorola Droid does support custom ringtones and other sounds. All you have to do is create the appropriate directory structure on the microSD card. First, connect the Droid to your computer. Then, navigate to the memory card and create a folder called "Media". Inside the "Media" folder, create a folder called "Audio". Inside the "Audio" folder, create three folders. Their names should be "Alarms", "Notifications", and "Ringtones". Now just drag-n-drop the sound files you want into their respective folders. When you disconnect the phone from your computer the new sound files will show up on the appropriate menus.

Thursday, December 3, 2009

Fix MessageBroker/AMF error with BlazeDS and Tomcat

As part of a project I am working on, my team is building a dashboard using Adobe Flex that interacts with a back end database. The complete stack we are using is Adobe Flex, BlazeDS, Spring, Hibernate, Oracle 10g. Adobe Flex provides the rich platform for developing the dashboard. BlazeDS serves as the messaging broker between the Flex front end and Spring. Spring is a framework that we are using to perform our necessary business logic. Hibernate is a persistence layer for maintaining connections with the database. Oracle 10g is the database we are using to store our data. We are using Apache Tomcat 6 as our web/application server running on Ubuntu 9.04.

To build the project my team has been using a combination of two IDEs. Adobe Flex Builder is the primary development tool for building the dashboard. That code is then added to a project created using MyEclipse. We have been using MyEclipse because it provides for a very simple way to integrate Spring and Hibernate into a Java Web project. From there we can replace the contents of the WEB-INF and META-INF directories with the BlazeDS equivalents.

Our project would build and run perfectly on a local machine. The problem we ran into was that when we moved the built .war file to the server we would see a MessageBroker/AMF error when the dashboard tried to contact the database. This was our error:
code:
Client.Error.MessageSend

Message:
Send failed

Detail:
Channel.Connect.Failed error NetConnection.Call.Failed: HTTP: Failed:
url: 'http://{server.name}:8080/{context.root}/messagebroker/amf'

After a lot of digging and frustration we found the problem to be the version of Tomcat6 that we were using. On our server we installed Tomcat from the repositories. That version does not support the necessary messaging services to use with BlazeDS. Instead, install Tomcat according to the instructions in this post.

Now, test if the messaging service is working by deploying your application, restarting Tomcat, and then navigate to: 
http://{server.name}:{server.port}/{context.root}/messagebroker/amf
You should see a blank page. If you see anything else it is not working correctly.

Verify that you have a channel setup for messaging in {context.root}/WEB-INF/flex/services-config.xml. It should look similar to this:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint"/>
<properties>
<polling-enabled&gtfalse</polling-enabled>
</properties>
</channel-definition>


If you are still having problems, here are some of the other resources we came across. They didn't fix our problems but they might help fix yours:
http://forum.springsource.org/archive/index.php/t-68405.html
http://adityac1984.wordpress.com/2009/04/23/set-up-blazeds-on-tomcat-with-eclipse-for-flex/ 

A big thanks to this post for solving our issue and to my team mate Phil for not giving up until this was working.

Monday, November 23, 2009

Install GNOME Do and Docky in Ubuntu

Docky is a dock application for Linux. Until now it has been a part of the fantastic keystroke launcher GNOME Do. Now it is its own separate program. While GNOME Do is already in the Ubuntu repositories, Docky, having just been released on its own, is not. To install the new Docky you will need to add its repositories. First, make a backup of your original repositories list, if you haven't already done so:
$ sudo cp /etc/apt/sources.list /etc/apt/sources.list.orig
Now add these two lines to /etc/apt/sources.list
deb http://ppa.launchpad.net/docky-core/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/docky-core/ppa/ubuntu karmic main

Import the key used to sign the packages:
$ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3528AE20
Update the package listings:
$ sudo aptitude update
Install GNOME Do and Docky:
$ sudo aptitude -y install gnome-do docky
Both of these new programs can be found under Applications>Accessories.

Enjoy.

Wednesday, November 18, 2009

Set path in Unix C shell

In Linux, the default shell is BASH. The C shell is one of the alternatives available and is the default shell in FreeBSD. If you need to manipulate directories in the path environment variable using the C shell, this is how you make changes:
set path = ( $path /location/to/add )
If you want to add more locations you can. If you want to completely override the default path with something completely new then leave off the $path part. Running this command on its own will set the path until you log out. To set it permanently for a given user add that line to that user's ~/.cshrc file.

Thursday, November 5, 2009

Upgrade to the next Ubuntu release

Last week Ubuntu 9.10 was released. For those users who already have Ubuntu installed there are two real options for installing the new version: upgrade or clean install. I prefer the clean install route but if you want to upgrade Ubuntu makes it very easy and gives you two way to do it.

If you want to use the graphical update manager open it by going to System > Administration > Update Manager. Make sure you have any outstanding updates installed and then click the "Upgrade" button.




If you prefer the command line approach or if you are upgrading a server it is still pretty easy. First make sure you have all your outstanding updates installed:
$ sudo aptitude update && sudo aptitude -y full upgrade
Next you have to install the updater package:
$ sudo aptitude -y install update-manager-core
Now run the command to begin the upgrade process:
$ sudo do-release-upgrade
Now just follow the instructions to upgrade your system. When you finish you will have to restart to make the changes take effect. To check which version of Ubuntu you are running you can use this command:
$ cat /etc/lsb-release

Reset sound settings in Ubuntu

Ever messed around with the settings on your computer and not been able to get them back to what they used to be? I have. Most recently I have played around with my sound settings in Ubuntu and then wanted to revert back to the original settings but I had made too many changes to be able to. In the end its sometimes just easiest to completely remove the existing configuration and install the default settings anew. Run this command:
$ sudo aptitude -y purge alsa-base && sudo aptitude -y install ubuntu-desktop
When you purge the ALSA settings it will also remove the meta-package ubuntu-desktop. That is okay. It will not remove any actual packages other than alsa-base. To reinstall the default sound settings all you have to do is reinstall the ubuntu-desktop meta-package and it will install all of its missing dependencies, one of which is alsa-base.

Terminate a a frozen SSH session

As a frequent user of SSH I will regularly forget about an open session, put my laptop to sleep and when I open it back up find myself with a frozen Terminal session. This is an annoyance that I have always just solved by closing that session. Well it turns out there is a cleaner solution to this problem. When you find yourself with a frozen SSH session, enter these keystrokes to close the frozen connection:
ENTER ~ .
Thanks to Command Line Fu user n20 for pointing this out.

Sunday, November 1, 2009

Lock down the IR receiver on your Mac for added security

All MacBooks, MacBook Pros, Mac Minis, and iMacs come with an infrared, or IR, receiver which allows them to be controlled via an Apple Remote. This makes it really easy to interact with various media applications from across the room. You an play, pause and adjust the volume. You can also start and control the Front Row application with the remote or navigate through presentations with PowerPoint or Keynote.

These are all good things from a usability standpoint. However, from a security standpoint they present something of a concern. First of all, Apple Remotes are an accessory that users have to pay for. This has been the situation for some time now. When users choose not to buy a remote they likely forget all about the fact that there is an IR receiver on their computer. The other issue is that all Apple Remotes will work with all Apple hardware products, not just the product it was sold with.

In the real world what does this mean? It means that I can sit in a lecture hall during a class and, using my Apple Remote, play around with the media applications on the Macs belonging to the people sitting in front of me. As a sort of social and security experiment I have started doing this in my classes. So far, no one has taken the effort to lock down their Mac's IR receiver to prevent this sort of activity.

There are two ways to lock it down. The first way is to completely disable the IR receiver. The other way is to "pair" your Mac to a specific remote. By pairing, you can still use your remote to control your presentations or media applications and you can rest assured that no one else will be able to do the same thing with their remote.

Open up System Preferences and click on the Security button:


If the lock at the bottom left of the window is locked (which it should be!) click it and enter your password to unlock it. You can click the "Pair..." button to setup pairing with your Apple Remote.


You have to point the remote at the IR receiver on your Mac and hold down the "next" and "menu" buttons simultaneously on the remote. After a few seconds an indicator will flash on the screen telling you that you have successfully paired your remote with your Mac. If you have a remote I would highly recommend pairing it. If you either don't have a remote or if you never use it, then I would highly recommend disabling the IR receiver. You can do that by checking the box next to the "Pair..." button. I have my Mac paired with my remote and unless I am going to be using my remote for something I like to keep the IR receiver disabled.

Wednesday, October 28, 2009

Sync Firefox profiles across computers with Dropbox

Dropbox is a fantastic service that will sync data between multiple computers and keep it backed up on their server. Since I use multiple computers on an almost daily basis I love Dropbox because I can work on the same files on either computer and they remain synced. I recently started working on a a project involving Mozilla Firefox. I wanted to created a second Firefox profile to keep my project preferences, add-ons, and history separate from my regular profile while at the same time being synced between my laptop and desktop.

I started on my desktop, which runs Ubuntu Linux. In order to create a new Firefox profile without damaging the current one you have to start the Firefox Profile Manager:
$ /usr/bin/firefox --profilemanager
If you are working on a Mac you can start it like this:
$ open -a firefox --args --profilemanager
If you are working in Windows you can start it like this:
c:\>"Program Files"\"Mozilla Firefox"\firefox.exe --profilemanager
The Profile Manager is a GUI tool so once you create a new profile, I called mine "dev", just click the exit button. Firefox will still start with the default profile. In order to use the new profile you need to throw an argument to the Firefox binary to tell it which profile you want to use. In Linux, to load up a new instance of Firefox using your new profile called "dev", even if one is already running, run this command:
$ /usr/bin/firefox -no-remote -P dev
Doing this, however, will keep that instance of Firefox tied to your terminal. To get around this I created a new launcher that sits on my panel at the top of my screen. To do that, right-click the panel, choose "Add to Panel...", then "Custom Application Launcher". Fill out the box that comes up so it looks like this:

On a Mac, to open Firefox with a new profile its easiest to run this command from the Terminal:
$ open -a firefox --args -no-remote -P dev
On Windows it would look like this:
c:\>"Program Files"\"Mozilla Firefox"\firefox.exe -no-remote -P dev
In Windows you can also create a shortcut to firefox and add the arguments at the end of the path in the properties window so it looks like this:


The way I got syncing to work uses symbolic links. I've written about Unix symbolic links before and they rock. After I made sure the new Firefox profile worked on my Linux desktop shutdown all instances of Firefox. In Linux, your Firefox profiles reside in this folder:
~/.mozilla/firefox/
Each profile has a unique name which follows a pattern of 8 seemingly random alphanumeric characters, followed by a period (.), followed by the name of the profile. If you have two Firefox profiles whose names are "default" and "dev" their names might look like this, respectively: "5e97feg7.default" and "ou4e9v2y.dev". To continue with those examples, I moved the "dev" profile to my Dropbox folder, located at ~/Dropbox/:
$ mv ~/.mozilla/firefox/ou4e9v2y.dev ~/Dropbox/
Then I created a symbolic link from the new location going back to the old one:
$ ln -s ~/Dropbox/ou4e9v2y.dev ~/.mozilla/firefox/
Now, if you did everything correctly, you should be able to open Firefox using your new profile, the one you just moved, and it should work like before. Next I moved to my Mac to get everything setup there. I created a symbolic link from the profile in my Dropbox directory into the directory where Firefox profiles live, located here:
~/Library/Application Support/Firefox/Profiles/
To create the new symbolic link:
$ ln -s ~/Dropbox/ou4e9v2y.dev ~/Library/Application Support/Firefox/Profiles/
Now you need to edit the config file that tells Firefox about the new profile, located here:
~/Library/Application Support/Firefox/Profiles/profiles.ini
Start by closing all instances of Firefox. Then, make a backup copy of the original:
$ cp ~/Library/Application\ Support/Firefox/Profiles/profiles.ini ~/Library/Application\ Support/Firefox/Profiles/profiles.ini.orig
You need to modify that profiles.ini file so it looks like this:
[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/5e97feg7.default
Default=1

[Profile1]
Name=dev
IsRelative=1
Path=Profiles/ou4e9v2y.dev

Now you should have a working Firefox profile that syncs between two different computers. I wouldn't recommend trying to run both at the same time though, as you are likely to fun into locked file issues and develop conflicting versions of files.

There was one other issue I had to deal with; one of the Firefox add-ons I am working with is Greasemonkey. When you edit your Greasemonkey scripts, the first time you are asked to pick out the text editor you want to use. Well on my Mac I use Smultron and in Linux I use gedit. Each time I would switch operating systems I would again be asked which text editor I wanted to use. In OS X, the path to Smultron is /Applications/Smultron.app. So on my Linux machine I created a directory called /Applications and put inside it a hard link to gedit that I renamed. I did it like this:
$ sudo mkdir /Applications
$ sudo ln /usr/bin/gedit /Applications/Smultron.app
Now no matter which operating system I use, Greasemonkey looks for /Applications/Smultron.app when I want to edit scripts.

Set system-wide environment variables in Linux

You can set environment variables at any time or from any location in Linux. If you want to set a variable that will be persistent, that is to say will be effective for all users and remain even if the system is rebooted, you have to put them in /etc/environment. For example, if you want to set a variable called JAVA_HOME, you would do it like this:
$ sudo echo -e "JAVA_HOME=\"/usr/lib/jvm/java-6-sun\"" >> /etc/environment
This assumes that you want to be using the "java-6-sun" Java package and not one of the others. Also, make sure you create a backup of the original /etc/environment file if this is your first time editing it:
$ sudo cp /etc/environment /etc/environment.orig
And also make sure you use two angle brakets (>>) and not just one. Using only one (>) will overwrite the file instead of concatenating to the end of it.

Saturday, October 24, 2009

Set java version in Linux

Java is a great cross-platform programming language that produces code that will work across operating systems and hardware architectures, provided the other computer also has Java installed. There are, however, some different versions of Java out there and not all software always plays nicely with each different version. Right now the main releases of Java that are in use are Java 5 (aka 1.5) and Java 6 (aka 1.6). To see which version of Java you are running, use this command:
$ java -version
To see all of the version of Java you have installed that you could be using, use this command:
$ update-java-alternatives -l
This will list each version of Java you can use. On one of my systems, for example, when I run that command I get this output:
java-1.5.0-sun 53 /usr/lib/jvm/java-1.5.0-sun
java-6-openjdk 1061 /usr/lib/jvm/java-6-openjdk
java-6-sun 63 /usr/lib/jvm/java-6-sun
Here I have three version of Java installed: Sun's version of Java 5 (aka 1.5), version 6 of the OpenJDK, and Sun's version of Java 6. If I wanted to switch to using Sun's version Java 6, I would enter this command:
$ sudo update-java-alternatives -s java-6-sun
To switch version, you enter the name of the Java version you want to use after the -s flag. For more information check out the man page with this command:
$ man update-java-alternatives

Saturday, October 10, 2009

Install subversion in Ubuntu

Subversion is a software solution for group collaboration on writing code. The idea is that an individual will "check out" a chunk of code to work on. This way other users won't also work on the same bit of code and the project will run into version problems. To get this configured in Ubuntu is an easy process.

First, install subversion:
$ sudo aptitude update && sudo aptitude -y install subversion
Create a group to use with your project:
$ sudo groupadd [groupname]
Now you'll have to add each user to that group you just created:
$ sudo usermod -aG [groupname] [username]
Create a directory to house the code:
$ sudo mkdir /home/svn/[project]
Set ownership of the code directory:
$ sudo chgrp -R [groupname] /home/svn/[project]
Set permission for the code directory:
$ sudo chmod -R g+rws home/svn/[project]
Tell the subversion controller about the project directory:
$ sudo svnadmin create /home/svn/[project]
For more information of subversion, check out this page from the Ubuntu documentation.

Build Linux installer packages with checkinstall

Compiling from source code is not my preferred way of installing software. One of the wonderful things about Linux is the ability to use prebuilt packages available through the software repositories. However, in the event that a particular software package in not available in a repository or you want a custom build of one, compiling from source may be the only way to go. Compiling from source carries with it the inherent problem that the package manager won't know the software package in question is installed. This can result in an update that breaks the program you installed from source. The way to alleviate this concern is with checkinstall, a convenient tool used to build installer packages for your distribution.

First, make sure you have checkinstall and your development tools installed. Use this command to install them in Ubuntu:
$ sudo aptitude update && sudo aptitude -y install build-essential checkinstall
Now there is where it gets a bit tricky. You will have to follow the build instructions that accompany the code you want to compile. Some times this is easy and sometimes it is difficult. Sometimes the process is very straightforward, like this:
$ ./configure
$ make
Usually the next step here would be to use make install to install the newly compiled code. Instead, run this command:
$ sudo checkinstall
If you want you can work through the options to document the installer package. Now you can install the new installer package using the package manager:
$ sudo dpkg -i [filename].deb
Now the package manager will be aware of the code you just installed.

Friday, October 2, 2009

Install Tomcat in Ubuntu

Tomcat is a java application server. The latest version is version 6, but version 5.5 is still in wide use also. I found some information suggesting that the version in the Ubuntu repositories is broken so here is how to install it manually, no compiling required.

First you need to make sure you have Java installed. I recommend going with the development version:
$ sudo aptitude update && sudo aptitude install sun-java6-jdk
The latest version of Tomcat as of this writing is version 6.0.20. You can head over to the downloads page to get a copy of it or download using wget:
$ wget http://www.gtlib.gatech.edu/pub/apache/tomcat/tomcat-6/v6.0.20/bin/apache-tomcat-6.0.20.tar.gz
Extract the files from the tarball:
$ tar xvzf apache-tomcat-6.0.20.tar.gz
Now you can run Tomcat from anywhere, but you probably will want to put it somewhere other than where you downloaded it to. Here is an example of somewhere to put it:
$ sudo cp -r apache-tomcat-6.0.20 /usr/local/tomcat
This command will also rename the folder from "apache-tomcat-6.0.20" to "tomcat". Next you'll need to make sure all of the binary files are executable:
$ sudo chmod +x /usr/local/tomcat/bin/*
Before you can run Tomcat, you have to specify a variable to tell it where Java is installed. If you are going to start it up manually you can put the variable in the Tomcat startup script located at "tomcat/bin/startup.sh". If you are going to make a startup script in /etc/init.d/ you can put the variable in there. The variable declaration will look something like this:
export JAVA_HOME=/usr/lib/jvm/java-6-sun
Make sure this is correct on your system before you use it. I recommend creating a startup script in /etc/init.d/ for Tomcat because even if you only want to start it manually its easier to remember /etc/init.d/ because thats where most startup scripts are located. Use a text editor to save the following to "/etc/init.d/tomcat":
# /bin/sh

# Tomcat auto-start
#
# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/tomcat.pid

export JAVA_HOME=/usr/lib/jvm/java-6-sun

case $1 in
start)
sh /usr/local/tomcat/bin/startup.sh
;;
stop)
sh /usr/local/tomcat/bin/shutdown.sh
;;
restart)
sh /usr/local/tomcat/bin/shutdown.sh
sh /usr/local/tomcat/bin/startup.sh
;;
esac
exit 0
Make the script executable:
$ sudo chmod 755 /etc/init.d/tomcat
Set the script to run automatically:
$ sudo update-rc.d -f tomcat defaults
Now you can start Tomcat by running:
$ sudo /etc/init.d/tomcat start
Or stop it by typing:
$ sudo /etc/init.d/tomcat stop
Tomcat by default listens on port 8080. You will need to make a rule in your firewall to allow this. If you are using Ubuntu's ufw, enter this command to allow connections to Tomcat:
$ sudo ufw allow 8080
You should see a Tomcat test page by navigating to:
http://192.168.1.xxx:8080
Just replace 192.168.1.xxx with the IP address of the computer you just installed Tomcat onto.

Wednesday, September 16, 2009

Handle broken dependecies with yum

Yum is the updater for rpm based Linux systems, including Fedora, Red Hat Enterprise Linux, and CentOS. Yum does a pretty good job of handling dependencies but its not perfect. If you have a bunch of updates to install but one of them has a broken dependency, the usual update command will fail. A basic update command looks like this:
# yum update
Alternatively, you could specify which packages to update and just list every package except the broken one, like this:
# yum update [package1] [package2] [...]
There is a convenient option added in though which will update all packages except those with broken dependencies. It looks like this:
# yum update --skip-broken

Tuesday, September 15, 2009

Customize your /etc/sudoers file

The sudo command allows non root users to issue administrative commands. Configuration details, including who is allowed to use sudo and for which commands, is stored in a file located at /etc/sudoers. You can also set some other behavioral details in this file. For example, a neat setting is to receive an email or text message each time a user who is not permitted to use sudo tries to use it. To set that up, first configure sSMTP like I detailed in this post for Debian/Ubuntu systems or in this post for RHEL/CentOS systems.

Before making any changes to the /etc/sudoers file, definitely make sure you back it up:
$ sudo cp /etc/sudoers /etc/sudoers.orig
The default behavior for sudo is to report attempted unauthorized uses. Just to make sure, you can add the parameter by adding this line to /etc/sudoers:
Defaults mail_no_user
And to receive emails add this line:
Defaults mailto += "user@domain.com"
The mailto variable is a list so for each "+=" you will be adding another element to that list.

Another fun variable to set is insults. This will make fun of the user if they enter the wrong password when using sudo. To enable this option, add the line:
Defaults insults
For more options, see the sudoers man page with:
man sudoers

Tuesday, September 8, 2009

Disable GUI in Ubuntu/Debian

Ever had a Linux machine with a GUI installed and later decided that you don't always (or ever) need the GUI to be running? A GUI will consume system resources that may be put to better use somewhere else. If you happen to be running Ubuntu or another Debian based machine, you can do it like this:
# update-rc.d -f gdm remove
This command does require root privileges. Also, this command assumes you are running GNOME. If you are running KDE it would look like this:
# update-rc.d -f kdm remove
If you are running XFCE, it will look like this:
# update-rc.d -f xdm remove
To load the GUI for the duration of a logged in session, use this command:
startx
If you later decide that you do want the GUI to be running all the time, use this command to do so:
# update-rc.d -f gdm defaults
Switch gdm for kdm or xdm as appropriate.

Disable root login in Linux

Disabling root logins in Linux is an easy and simple process. Enter this command at the console:
$ sudo passwd -l root
To reenable root login, use this command:
$ sudo passwd -u root
Alternatively, to unlock the root account you could reset the password like I detailed in this post. These commands will work with any username, not just root. For example, if you wanted to disable logins from a user named "phil", the syntax would look like this:
$ sudo passwd -l phil
There are two things to keep in mind when doing this. First is that this only disables logins that use passwords. If you have enabled login over SSH via public keys then that will continue to work. The second thing is that you want to make sure if you disable the root account that you have at least one user who has sudo power. Otherwise you will effectively have a machine without any users able to perform administrative functions because root is disabled and none of the other users can use the sudo command.

Enable root login in Ubuntu

Logging in as root on Linux machines can be a touchy subject. Conventional wisdom says to never log in as root. However, there are functions that only the root user is able to do which requires the use of the sudo and su commands. In keeping with this idea of never logging in as root, Ubuntu ships with root logins disabled. Instead, the first user created is given the power to use the sudo command and assume root privileges. If you have an Ubuntu but want to enable the more conventional root login, here is how you do it:
$ sudo passwd root
You will immediately be prompted to enter, then confirm a new UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Now you can login as root like you would any other user.

Saturday, September 5, 2009

Change GPG passphrase

When you create a new public/private key pair you are prompted to enter a passphrase. This passphrase is then used to unlock the private key. Now suppose that you chose a secure passphrase but maybe after a few years with the same key something happens and someone learns your passphrase. Instead of having to create a whole new key pair, you can change the passphrase relatively easily. Here is how you do it:
$ gpg --edit-key [keyID]
Command> passwd
Enter passphrase:
Enter the new passphrase for this secret key.
Enter passphrase:
Repeat passphrase:
Command> save
And thats it. Your secret key now uses the new passphrase.

Creating GPG keys from the CLI

I've written about GnuPG before; it is an open source implementation of the PGP encryption standard. Most Linux distributions include a version of it and there are binary packages available for Windows and OS X. On a Unix-like system, if you want to create a new public/private key pair, there is a convenient interactive tool to do this. Start by typing this:
$ gpg --gen-key
Next you will be prompted to answer a series of questions:
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection?
Choose the option for "DSA and Elgamal" by typing a number one:
1
Next you are asked about key size:
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
IMHO a 2048 bit key is fine. If you want to go bigger you can but you shouldn't go any smaller. Enter the size you want, for 2048 enter:
2048
The next question is to specify an expiration date for your key:
Please specify how long the key should be valid.
0 = key does not expire
[n]= key expires in n days
[n]w = key expires in n weeks
[n]m = key expires in n months
[n]y = key expires in n years
Key is valid for? (0)
Whether you want your key to expire is a personal choice. If you choose to make your key expire you probably will want to make it last at least a few years, but it is up to you. To make the key valid for 3 years, type this:
3y
You will now be asked to verify the expiration date for your key:
Key expires at Tue 04 Sep 2012 11:59:31 AM EDT
Is this correct? (y/N)
If that is correct, type:
y
Now you get to enter you identifying information, name, email, and comments. After that, you will be prompted to enter a passphrase to use with your private key. Make sure it is something secure! The next thing the system will do is try to generate the keys. If there is not enough activity on the system from which to gather random data, you will be asked to complete other tasks on the system until enough random bytes have been collected to continue. Once this occurs, the key creation will continue on its own.

When that completes you will have a new public/private key pair stored in your keychain, which is located inside "~/.gnupg/".

Friday, August 28, 2009

Set the system time in Linux

It is always a good idea to verify that the date and time are set correct on a computer system. Otherwise all of your logs will have the wrong time on them, for example. You can check the current system time by running the date command without any arguments, like so:
$ date
This will give you an output that looks something like this:
Fri Aug 28 10:53:48 EDT 2009
If the date is set incorrect, you can change it by running the date command as root with the new date and time as in argument. It will follow this format:
# date mmddhhmmyyyy.ss
For example, to set the date and time as August 28, 2009 at 10:53:48, you would type this:
# date 082810532009.48
If the year or seconds are correct you can leave off either or both of them. Also, keep in mind that this uses a 24 hour clock. So, if you wanted to set the date to August 28 at 1:00pm but didn't care about setting the seconds and the year was correct, you would type this:
# date 08281300

Thursday, August 27, 2009

Configure iptables in Debian and Ubuntu

Iptables is the classic firewall for Linux systems. Iptables is very flexible and very powerful, but it not known for being terribly user friendly. This is partly the reason that Ubuntu ships with ufw, a simplified and much easer to use interface for iptables. Ufw, however, is not as powerful as iptables and the number of rules it can handle is limited.

I have updated the iptables setup script on my website to reflect the necessary configuration steps for use with Debian and Ubuntu. Additionally, this updated script contains some new features compliments of my friend Phil including optional integration with a perl script that blocks connections from a known blacklist and rules to help defend against DoS attacks, block ping requests, and prevent brute force attacks over SSH.

Here is a link to my downloads page where you can find the new script: http://www.zloether.com/downloads

Tuesday, August 11, 2009

Install Firefox 3.5 in Ubuntu with Ubuntuzilla

Mozilla released Firefox 3.5 a few weeks back and unfortunately, the latest version is still not in the Ubuntu repositories. There is a prerelease beta available while the latest version as of this writing is 3.5.2. Luckily, however, there exists Ubuntuzilla, a program written in Python that will download, install, and update three of Mozilla's most popular programs: Firefox, Thunderbird, and SeaMonkey.

To install Ubuntuzilla, run this command:
$ wget http://sourceforge.net/projects/ubuntuzilla/files/latest
This will download a .deb installer package. Now to install it:
$ sudo dpkg -i ubuntuzilla-*.deb
To install Firefox 3.5, just run Ubuntuzilla by itself and without any options:
$ ubuntuzilla.py
Now just follow the instructions on the screen (they're really straightforward) and when you finish you will have the latest stable version of Firefox installed.

Tuesday, August 4, 2009

Enable SSH in Untangle

The default installation of Untangle includes an SSH server but it is not turned on by default. Enabling it is easy enough, though. First you will need have physical access to the Untangle machine. Launch the Terminal. If this is the first time you have launched the Terminal, you will be prompted to enter a new password. This is the password for the root user. Once you are looking at a prompt, enter these two commands:
# mv /etc/ssh/sshd_not_to_be_run /etc/ssh/sshd_not_to_be_run.orig
# /etc/init.d/ssh start
The first command renames an empty file that will prevent the SSH server from running if it is present. The second command starts the SSH server. You can test that whether it is working correctly by running this command:
# ssh localhost
If you see a prompt asking for a password then it worked.

Sunday, August 2, 2009

Updated .bashrc

I have updated my bashrc file yet again. This update was mostly bug fixes and minor improvements from the last version that I posted. Check my website's downloads page for the latest version.

Friday, July 31, 2009

Fix QoS in Untangle 6.2

The latest version of Untangle, version 6.2, has a bug in QoS that prevents it from retaining changes made to the upload and download speeds of the external network connection. This is a debilitating bug because it will limit your connection to 1.5Mb/s in each direction if you use QoS. Luckily, there is a fix for the bug that has worked great for me so far. Run this command:
# curl http://www.untangle.com/download/patches/6.2/qos_patch | dash
This will download and run a script, which will in turn download an archive, extract it, install its contents to their correct locations, and finally restart the necessary daemon. Its quick, easy, official, and it works.

Send mail from the terminal in Untangle

Untangle routers are already configured to send out emails for use with the Reports module. However, Untangle is still a Linux machine. It happens to be based on Debian. If you want to send out email messages for you own purposes, you can do so from the command line. The syntax looks like this:
$ echo "This is my message" | mail -s "Subject" phil@mydomain.com
This would send an email to phil@mydomain.com that has a subject of "Subject" and a body of "This is my message". Specifying a subject is optional.

Convert .cdr to .iso in OS X

Macs have a lot of build in features, including images of disks with the bundled Disk Utility application. Unfortunately, the format that Macs create disk images in for CDs and DVDs has a .cdr file extension. The most common file formats for CDs and DVDs is .iso and sometimes .img is used. The .cdr images that Macs create are burnable images, but if you want to create an image to a more common format, here is how you do it:
$ hdiutil makehybrid -iso -joliet -o [filename].iso [filename].cdr
This method does require that you first create the .cdr image.

Untangle for a Linux router

Looking for an awesome solution for a home or small business router that packs lots of features? Check out Untangle. I have been using it at work and its great. The install process is super easy and all of the configuration is done through a wonderful web interface. There are also a bunch of modules you can download from the web interface that do things like block spam, viruses, questionable web content, or do things like generate daily reports of bandwidth usage. There are some for pay modules too that do more things.

For the record, no one is paying me in anyway to spout praises for Untangle.

Wednesday, July 29, 2009

Install sSMTP in CentOS

In my last post I wrote about how to send email from the Linux command line using sSMTP and how to install it in Ubuntu. sSMTP is included in the repositories for a lot of distributions, but not for CentOS. Luckily, its easy to grab and install it from a Fedora repository. First, become root, then run these commands:
# rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
# yum -y install ssmtp
That's it, now sSMTP is installed and ready to configure just like I detailed in this post.

Wednesday, July 22, 2009

Send email from a Linux shell

Most of us only send email to other people and use either a desktop client or some form of webmail. For those who are so inclined, sending an email from the command line in Linux is also relatively easy. First, you will need to install ssmtp. In Ubuntu, run this command:
sudo aptitude install ssmtp
If you are using a different distribution it may exist in your repositories already or you may have to add a new one. You will need to make some changes to the default config file. Make a backup of the original file in case you want to revert back to it:
sudo cp /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp.conf.orig
When I set this up, I created a Gmail account so that I could keep track of the emails sent conveniently if I want. To set it up to use a Gmail account, edit the config file so that these lines are present:
root=[your address]@gmail.com
mailhub=smtp.gmail.com:587
AuthUser=[your address]
AuthPass=[password]
UseSTARTTLS=YES
Now any message you send will come from [your address]@gmail.com and you can see what messages have been sent by logging into that Gmail account. This is the easiest way I have found to send a message:
echo -e "Subject: [some subject]\n\n[the body goes here]\n[second line of body]\n" | ssmtp [address to send to]
So, for example, to send a message with a subject of "This weekend" and a body of "Want to get dinner friday? Call me." to philb@mydomain.com, you would type this:
echo -e "Subject: This weekend\n\nWant to get dinner friday? Call me.\n" | ssmtp philb@mydomain.com
The -e flag on echo tells it to look for backslash escape characters. This means that everywhere there is a "\n" it will become a new line. Also, notice that there is an extra line between the subject and the body.

So why is this useful? This is useful to send yourself notifications from the system. For example, you might have a cron script that runs every so often and you want a notification whenever it finishes successfully. Another example I saw during my research was to add a line to "/root/.bashrc". That will send out a message whenever someone logs in as root to the system.

You can also have it send text messages to your phone. To do so, just send an email to the corresponding address for the service provider:
Verizon: 10digits@vtext.com
AT&T: 10digits@mobile.att.net
Sprint: 10digits@messaging.sprintpcs.com
T-Mobile: 10digits@tmomail.net
Cricket: 10digits@sms.mycricket.com

Tuesday, July 14, 2009

Manually set screen resolution in Linux

With most modern Linux distributions, graphics support is pretty good. That being said, I recently configured a Linux workstation running Ubuntu 9.04 that has an old graphics card and a crappy graphics driver. I was unable to get desktop effects to work and had to set my desired screen resolution manually. This is not as difficult as it may sound. First, make a backup of the X.org configuration file:
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.orig
Now, open the file. Find the section called "Screen". It should look something like this:
Section "Screen"
Identifier "Default Screen"
Monitor "Standard skjerm"
Device "Configured Video Device"
DefaultDepth 24
EndSection
You need to add a subsection which contains the desired screen resolution. It should look something like this when you're done:
Section "Screen"
Identifier "Default Screen"
Monitor "Standard skjerm"
Device "Configured Video Device"
DefaultDepth 24
SubSection "Display"
Modes "1280x1024"
EndSubSection
EndSection
Make sure you specify the resolution you actually want where is says "1280x1024". You will need to restart X in order for the changes to take effect. You can restart it by logging out and back in.

Friday, July 3, 2009

Set a static IP in CentOS/RHEL

A few weeks ago I wrote about how to set a static IP address in Ubuntu and now I am posting about how to do it in CentOS/RHEL. Unlike in Ubuntu, in CentOS, there is a separate config file for each network adapter. These files are located in "/etc/sysconfig/network-scripts/". So, for example, the config file for interface "eth0" is located at "/etc/sysconfig/network-scripts/ifcfg-eth0". If the adapter is configured to use DHCP, the contents of the file should look something like this:
# [Name of manufacturer and model of network adapter]
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:xx:xx:xx:xx:xx
ONBOOT=yes
DHCP_HOSTNAME=[hostname]
To convert this over to using a static IP address instead, you will need to make some changes and add a bunch of information so that it looks more like this:
# [Name of manufacturer and model of network adapter]
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.255
HWADDR=00:xx:xx:xx:xx:xx
IPADDR=192.168.1.24
IPV6INIT=no
IPV6_AUTOCONF=yes
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
GATEWAY=192.168.1.1
TYPE=Ethernet
PEERDNS=yes
USERCTL=no
This assumes you are setting the interface to use an IP address of 192.168.1.24 and a default gateway of 192.168.1.1. In order for the changes to take effect you will need to restart the networking daemon. This is accomplished by running either of the following commands as root:
/etc/init.d/network restart
-or-
service network restart
When the interface comes back online it will use the newly configured settings.

Customize the Dock location in OS X

In Mac OS X, the Dock is by default located at the bottom of the screen. It is anchored to the center and will expand evenly to the left and right as applications are opened and will shrink back toward the center as they are closed. Under the Dock preference pane is System Preferences the Dock's location can be changed so that it is attached to either the left or right side of the screen. The Dock's location can, however, be customized even further by pinning it to one of the corners of the screen.

Run this command at the Terminal to see the current pinning location:
defaults read com.apple.Dock pinning
The default value for this is "middle". The other options are "start" and "end". "Start" will pin the Dock to the left corner of the screen if it is located at the bottom or to the top corner if the Dock is located on either side. "End" will pin the Dock to the right corner of the screen if it is located at the bottom or to the bottom corner if the Dock is located on either side. To change the pinning location, run this command:
defaults write com.apple.Dock pinning [value]
For the changes to take effect you will need to restart the Dock:
killall Dock
The Dock will restart on its own and when it does it will have moved according to your newly specified location.

Wednesday, July 1, 2009

Script SSH commands

Anyone who has ever done Linux or Unix scripting has probably run across the problem of sending commands to a remote host inside a script. Well it turns out the trick to accomplishing this is to append the commands as a string at the end of the SSH connection command, like this:
ssh [user]@[server] "[command]"
For example, if you wanted to connect to a server at 192.168.1.100 with the username "james" and list the contents of that user's home directory, you would use this syntax:
ssh james@192.168.1.100 "ls ~/"
You can also chain multiple commands together. For example, if you wanted to list the contents of the home directory and print the contents all all files with the ".txt" extension, it would look like this:
ssh james@192.168.1.100 "ls ~/ ; cat *.txt"
This can also be used to execute scripts on the server. For example, if you wanted to send a script to the server and then run it, you would enter these commands:
scp my-script.sh james@192.168.1.100:~/my-script.sh
ssh james@192.168.1.100 "chmod +x ~/my-script.sh ; ~/my-script.sh"

Disable GUI in CentOS/RHEL

The default installation of CentOS includes the GNOME GUI desktop environment. During installation you can choose to not install this, but lets just say that you wanted to install the GUI along with the rest of the system. Now you have a CentOS server configured the way you want it and the GUI really doesn't need to be running most of the time. A GUI uses system resources that could be going somewhere else and also makes the system more vulnerable to attack since there are more processes running.

If you want to prevent the GUI from loading but want the rest of the system to load as usual, you need to make a change to "/etc/inittab". Make a backup copy of the file first:
su
cp /etc/inittab /etc/inittab.orig
Now assume superuser priviledges and open "/etc/inittab". Locate the line that looks like this:
id:5:initdefault:
This is the line that defines the default runlevel. Runlevel 5 is multiuser mode with the GUI. Change this to read:
id:3:initdefault:
The only change is the the 5 is now a 3. This corresponds to multiuser mode without the GUI. Now just restart and the system will boot to runlevel 3 instead of 5. To check the current runlevel, run this command:
runlevel
Once you have done this and you decide you want to use the GUI, log in and run this command to start it:
startx
This, however, will only last until you reboot next. After that the GUI will not load. To set the machine so that the GUI does load automatically, just restore your backup or "/etc/inittab" or edit the line you changed earlier and change the number back to a 5.

Thursday, June 25, 2009

Enable remote desktop in Server Core

Remote Desktop Protocol is a fantastic way to manage Windows based machines. Even though Windows Server Core 2008 runs with a reduced GUI, there is still a GUI present so RDP is still the solution to use for remote management of your Server Core machine. To enable RDP access to the server, you will need to run these commands:
cscript C:\Windows\System32\Scregedit.wsf /ar 0
This will enable access for machines running an RDP client that supports the enhanced security mode that Microsoft debuted with Windows Vista. If you need to support older clients, use this command instead:
cscript C:\Windows\System32\Scregedit.wsf /cs 0
Now you need to open a port in the firewall to enable connections to get through. This is done by entering this command:
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
If you want to check the existing RDP settings, use this command:
cscript C:\Windows\System32\Scregedit.wsf /ar /v
If the output of that command is a one (1), RDP is not enabled. If the output is a zero (0), then it is enabled.

Determine your version number in CentOS

Whenever CentOS has minor version updates (5.2 => 5.3), they get pushed out to your system with the rest of the system updates. You can go from one minor version to the next without realizing it just by performing regular updates. There is nothing wrong about this. Minor version upgrades are relatively infrequent and are important for system stability. To see which version you are running, use this command:
cat /etc/redhat-release
This will print out your release version in a nice and very human readable fashion. If you are looking for a more technical version number, use this command:
rpm -q centos-release

Check your memory usage in Linux

I have always loved keeping an eye on how much RAM my system is using. On Linux systems, there is a great tool for doing this. While it doesn't by itself provide real time usage, it does give you a snapshot of your current usage. Run this command:
free -m
The -m option formats all the numbers to megabytes so they are more human readable. This will give you a printout of your total, used and available system memory and swap memory.

Both my Ubuntu and CentOS servers are running on old systems that have only 512MB of RAM. When I ran this command on each of them, neither system was using any of its available swap space; they were both able to run without using all of their system memory.

Wednesday, June 24, 2009

Join a domain in Server Core

If you are running a system with Windows Server Core, then you probably, but maybe not, have a domain that you will want to join your server to. To join a domain, run this command:
netdom join [hostname] /domain:[domain name] /userd:[user name] /passwordd:*
The username you enter should be that of a user who has administrator privileges on the domain in question; normal users do not have the power to add computers to the domain, administrators do. If you want you can enter in your password, but if you use the asterisk (*) instead then you will be prompted to enter a password and so will not have to make your password visible.

Change hostname in Server Core

The installation process of Windows Server Core 2008 does not prompt you for a hostname of the computer. Instead, you end up with a hostname that looks something like this: "Win-39408347". Not exactly practical for use on the network. To check the current hostname, use this command:
hostname
To change your the hostname, use this command:
netdom renamecomputer [hostname] /newname [new name]
You will need to reboot for this to take effect.

Tuesday, June 23, 2009

Set a static IP in Windows Server Core

For Windows Server 2008, Microsoft finally decided to produce a server product that did not require a full GUI, called Server Core. The upside to this is that Server Core machines will run on less beefy hardware and will consume fewer system resources. The downside to this is that a almost all of the configuration will occur over the command line. On Linux GUI-less systems, this is fine because you are treated to using a rich and powerful command line interface. The Windows command line interface is, to put it nicely, less robust.

One of the first things you may want to do on a new Server Core installation is to set a static IP address. First you'll need to make sure your networking is working properly. Run this command to check your current networking configuration:
ipconfig
Once you have verified that all of your networking is, indeed, working correctly with the default DHCP settings, run this command to switch to a static IP:
netsh interface ip set address "Local Area Connection" static 192.168.1.125 255.255.255.0 192.168.1.1
This assumes you want to assign the static IP address of 192.168.1.125 to the Server Core machine and that 192.168.1.1 is the address of the gateway. It also assumes that you want to reconfigure the network adapter named "Local Area Connection". Next you need to specify a DNS server:
netsh interface ip set dns "Local Area Connection" static 192.168.1.1 primary
This assumes that 192.168.1.1 is the address of the DNS server you want to use. To verify your new settings, run ipconfig again.

Now if you want to switch the system back to using DHCP instead of a static IP address, run these commands:
netsh interface ip set address "Local Area Connection" source=dhcp
netsh interface ip set dns "Local Area Connection" source=dhcp
The first command will tell the network adapter to request an IP address from the DHCP server. The second command will tell the network adapter to request DNS information from the DHCP server as well.

If you want to change the name of one of your network adapters, use this command:
netsh interface set interface name="Local Area Connection" newname="Ethernet1"
This assumes that you want to rename your network adapter to "Ethernet1". Since many servers have multiple network adapters and the fact that names without spaces do not require quotes around them, it is probably a good idea to rename them to something obvious and without spaces.

Monday, June 22, 2009

Change the SSH welcome info in Ubuntu

The How-To-Geek tells how to alter the chunk of information that gets printed to the console when connecting to an Ubuntu system via SSH. The applicable portion you will likely want to change lives at "/etc/motd", which is actually a link to "/var/run/motd".

The first line of this file, and therefore the first line printed when connecting to an Ubuntu machine using SSH, is some system information. This is the same information printed when you run this command:
uname -snvrm
What follows is some boring warranty information. Go nuts and customize this to however your heart desires. I recommend making a back up first:
cp /etc/motd /etc/motd.orig

Disable Ubuntu's Update Manager auto-launch

A big thank you to Lifehacker for pointing out how to disable Ubuntu's update manager from auto-launching. In previous versions of Ubuntu, when there were updates available an icon would appear in the notification area, which is by default on the right side of the panel at the top of the screen. The folks at Canonical thought that too many users were ignoring or not noticing this and thereby leaving this systems vulnerable. For the 9.04 Jaunty Jackalope release, they took a new approach. Now, when updates are available, the update manager will pop-up automatically. I think something went wrong in their implementation, however, because it always seems to appear minimized. Its annoying.

To disable this behavior, run this command at the Terminal:
gconf-editor
This will open up a happy configuration tool. On the left side of the window, click the triangle next to "apps". Then scroll down and click on the entry that says "update-notifier". On the right, the first entry says "auto-launch". Uncheck the checkbox next to it.

That's it, now just be sure to manually check for updates on a regular basis.

Sunday, June 21, 2009

Turn your Mac into a wireless access point

I spent the weekend out of town and the hotel where I stayed included high speed Internet in each of the rooms via a supplied Ethernet cable. I had my MacBook Pro and iPod Touch with me. Using some of the features included out-of-the-box on my laptop I was able to turn it into a wireless access point, allowing my to get online with my iPod as well as my laptop. These directions should work for any computer running OS X 10.5 Leopard. If you are still running OS X 10.4 Tiger this functionality is still there but some of the menus have different names. My MacBook Pro is running OS X 10.5.7.

First, make sure the wired network connection is working properly on your Mac. Once you have verified that, open up System Preferences. Click on the Sharing button. This will open the Sharing preference pane. If the lock icon at the bottom left of the window is locked, click on it and enter an administrative password to unlock it.

On the left side of the windows is a list of available services to configure. Some of them may have check marks next to them, indicating that they are turned on, but for you none of them may be on. Click on "Internet Sharing" but don't click the checkbox yet.

Now on the right there is an option that says "Share your connection from:" with a drop down menu to choose the available network interfaces. Since you are most likely sharing from your wired Ethernet connection, like I did, choose "Ethernet". Below that is an option that says "To computers using:" followed by a list of interfaces to share your connection with. Click the checkbox next to AirPort to allow other devices to connect to a wireless network that will be broadcasted from your Mac.

Next click the button at the bottom right that says "AirPort Options...". In the top box you can specify the name of the wireless network you will be broadcasting. Leaving the Channel set to "Automatic" should be fine. Next you will probably want to enable some security. Unfortunately, OS X 10.5 Leopard only supports broadcasting with WEP encryption. WEP was one of the early attempts at wireless security and it is easily broken using tools like Aircrack-ng. Hopefully OS X 10.6 Snow Leopard will support WPA2 which uses AES and has yet to be broken.

Never-the-less, I still would recommend using the WEP encryption because it is better than nothing and will stop most users. Just be aware that someone who knows what he is doing will still be able to get access to your network. Click the checkbox that says "Enable encryption (using WEP)". At the bottom next to "WEP Key Length:", choose "128-bit". New enter a 13 character password. I recommend using upper and lower case letters in addition to numbers and avoid using dictionary words. Click OK to close the options box.

Now you are back at the Sharing preference pane. Since all of your options have been set the way you want, click the checkbox next to "Internet Sharing" on the left. If your AirPort is turned off you will get a pop-up asking if you want to turn on your AirPort card. Click "Turn AirPort On". Next you will get a pop-up asking if you are sure you want to turn on Internet sharing. Click "Start".

Now your laptop is all set for wireless devices to connect to it and share your network connection. When you are finished sharing your network connection you should be sure to turn "Internet Sharing" back off by unchecking the checkbox next to it in the Sharing preference pane.

Saturday, June 13, 2009

More .bashrc customization

I spent a good deal of time today working on my Bash configuration file ~/.bashrc. I first started doing bashrc customization a few months ago on my Mac laptop and I have been doing little tweaks here and there. Today was the first time in a while, though, that I really worked on a lot of the contents of it. I made a lot of the functions more robust and powerful by adding some complexity into them. Functions that before would only work with a single file will now work with multiple files. I also added some whole new functions and aliases.

I updated the bashrc file available on my website with the latest copy from my Ubuntu machine.
.bashrc

Scripted Ubuntu configuration

After only a few days with Fedora 11, I wiped my hard drive and installed Ubuntu 9.04. Using Fedora felt like work. Computing should be fun. Ubuntu is fun. Fedora was not.

Between virtual machines and full installations I have probably installed Linux more than 20 times in past few months. Getting a new system configured can be tedious and time consuming. This time around, I wrote a handy script to automate the installation process for Ubuntu. The real trick to it was setting it up so that the script would switch back and forth between my normal user and root.

The end result was a script that runs some commands as a normal user, then switches to root for system updates, application installation, and some other configuration commands, and finally switches back to my normal user to finish up the configuration. All with minimal user input.

ubuntu-setup.sh

Thursday, June 11, 2009

The First Few Milliseconds of an HTTPS Connection

I saw this great article this morning over on Digg about how TLS works. It is very thorough (long) and an interesting read.

The First Few Milliseconds of an HTTPS Connection

Wednesday, June 10, 2009

My philosophy of software usage

You have to use software that you like. If that software is free and open source then all the better. In reality though, you will always be best off using software that you are happy with than software that you are told is arbitrarily "better."

Now that isn't to say that you shouldn't try new things. For all you know, some piece of software that a friend suggests may be better for you than what you are using now. At the very least you got to play around with a new program and at best you found something better to use.

Customization is a good thing. By customizing your desktop, operating system, software, etc. you are able to make it work for you. One of the keys to increasing productivity is customization. Play around with settings until you get your individual setup to behave the way that is the best for you.

Customization can go too far. Something I am always conscious of is whether or not I will be able to recreate a particular configuration. If the answer is anything other than "yes" then there is a problem. Customizing your system to the point that you are unable to recreate it is debilitating. You will become afraid to reinstall your system or make new changes.

Operating systems will, eventually, need to be reinstalled. They break, become bloated and get outdated. Accept that fact and make your customizations accordingly. If you need to, write down what you did. One of my main reasons behind starting this blog was to catalogue what I know so that I can do it again.

A lot of the configuration I have done on my Linux systems has been command line or text based. This is much more difficult to do again than a graphical configuration utility with check boxes and menus. I always worried that I would have to constantly keep researching the same topics. By cataloguing my configuration steps here, on my blog, I can go back and look them up quickly and easily. I regularly look up information from my posts as reminders.

Make your system yours. By doing so you will be happier while using it and you will become more productive. Always ensure that you are able to reproduce your configurations later on lest you fear losing your system so much that it paralyses your options.

Install audio and video codecs in Fedora

Installing the necessary codecs for audio and video playback of some common formats is a bit of a pain in Fedora. The codecs I installed were obtained from the rpmfusion repository. To enable it, first download their key from here. Download the key titled "RPM-GPG-KEY-rpmfusion-free-fedora-11". You can save it to wherever you'd like on your system.

Import the key with this command:
sudo rpm --import /path/to/key/RPM-GPG-KEY-rpmfusion-free-fedora-11
Next, go to this page and click on the link that says "RPM Fusion free for Fedora 10 and 11". Save the file called "rpmfusion-free-release-stable.noarch.rpm" to somewhere convenient. Install it by double clicking the file or by typing:
rpm -i /path/to/file/rpmfusion-free-release-stable.noarch.rpm
Now run these commands to install the codecs:
yum check-update
sudo yum -y install gstreamer-plugins-ugly totem-xine xine-lib-extras-freeworld
sudo totem-backend -b xine
These commands will update the repository information, download and install the codecs, and enable them.

Enable SSH in Fedora

Fedora 11 includes SSH with its default installation but it is not automatically enabled. Strangely enough there is already a rule in the firewall allowing incoming SSH connections, however. To start SSH run this command:
sudo /etc/init.d/sshd start
To have it start automatically in the future, run this command:
sudo chkconfig sshd on
That's all there is to it.

Fedora 11 installation

Fedora 11 "Leonidas" was released this week. I decided my wipe a 250GB hard drive in my desktop and give it a try. The default filesystem is ext4. I have been using this since Ubuntu 9.04 came out. Ubuntu, however, still used ext3 as the default filesystem. The reason for this is because ext4 is still relatively new and not quite as stable as the tried and true ext3.

Fedora will not boot to an ext4 partition. This is strange because Ubuntu will. Fedora wants to have a separate ext3 partition for /boot and an ext4 partition for the rest of the system to live on. I created an additional ext4 partition for /home to reside. Aside from that complication the rest of the installation process was very fast.

Following that, everything was much more of a pain than I am used to with Ubuntu and Linux Mint. The first thing I had to setup was my graphics driver. I have an Nvidia video card in my desktop. In Ubuntu, almost immediately upon logging into the system for the first time I was notified that a closed source driver was available. A few click later followed by a reboot and my graphics worked flawlessly.

To get my graphics card working properly in Fedora, I had to manually download an installer from Nvidia's support page. This installer will not run while the X Window System is running. It also needs to do compile some code into the kernel. To install the necessary packages for this type:
su
yum install gcc kernel-devel
This will switch you to being the root user and then will install the necessary C compiler and kernel source code. Next, I had to get X11 shut down. I used this keyboard shortcut:
ctrl+alt+F2
This will open a new virtual session without X11. The pre-existing session is still running, however. So after logging into the new session as root, I used this command:
kill -9 -1
This kills all processes that can be killed. Now I was able to run my graphics installer program:
sh NVIDIA-Linux-x86-185.18.14-pkg1.run
When that finished I rebooted the system:
shutdown -r now
When the system came back up, graphics are enabled by going to System -> Preferences -> Desktop Effects. A window appears with a button that says "Enable Desktop Effects". To install the graphical configuration utility for desktop effects run this command:
su
yum install ccsm
Next I gave myself sudo powers by following the same steps as in this post.

Also, don't forget to install updates. I found it odd that there were so many updates the day it came out. Oh well. Here's how to install them:
yum check-update
sudo yum update

Saturday, June 6, 2009

Print system information to the console in OS X

All Mac users should know about the System Profiler application in OS X. You may not know it by that name, but you have probably seen it. If you click on the apple in the top left corner of the screen and select the "About This Mac" option a window will appear in the middle of the screen with some basic information about the system. Clicking the "More Info..." button will open the System Profiler app. This handy application hold all sorts of useful information about the system. It lives at /Applications/Utilities/System Profiler.app.

There is also a command line version of this application called system_profiler. If you run this program without any arguments it will print all of the system's configuration information, separated into logical groupings. Syntax looks like this:
system_profiler
You can specify how much detail you want like this:
system_profiler -detailLevel [mini/basic/full]
Running this tool without any arguments will provide the standard level of detail for the output. Specifying the detail level will alter this. The "mini" setting will exclude personal information. The "basic" level will only print basic hardware and network information. The "full" level will print everything. This is a lot. On my MacBook Pro the output from the "full" detail level was over 24,000 lines. The standard output was only 830 lines.

You can also specify which categories to print the information about. For example, if you are only looking for information about serial ATA devices you can designate to only print the information for that category. To print a list of available categories use this syntax:
system_profiler -listDataTypes
Once you know what the relevant data types are called, you can specify that like this:
system_profiler [type1] [type2] [...]
So what use is this? The other day I wrote a script using this tool to quickly collect desired information about a group of Macs. One of the pieces of information I wanted to collect was the serial number. To do so you would use this syntax:
system_profiler | grep -m 1 "Serial Number:" | cut -d: -f2- > ~/Desktop/serialNo.txt