Tuesday, June 30, 2009

Passive-Aggressive SSIDs

IllBroadcastOnMyAPWhatImScaredToTellYouInPerson



IAMLAME
I’ve seen a number of these on time waster blogs like Digg and reddit. Unfortunately this is the only one I had the presence of mind to save a link for.



How lame is that? Your neighbors are loud on their balcony. Your neighbors are loud having sex. You know what they’ll do if they see this? They will be louder because all you’ll do is change your WiFi SSID to something even more lame.



You want to have a sense of smug satisfaction and have the problem stop? Walk up to their door and knock on it. Politely ask them to be more quiet. You don’t even have to threaten to call the cops. If they’re having a party they might even invite you in, especially if you bring good beer like New Castle or Fat Tire.



But all stuff like this does is show how you’re not actually going to do anything about the problem.

Saturday, June 27, 2009

Garmin nuvi 265WT

I bought an automotive GPS unit a couple days ago <masculine>so my girlfriend won’t get lost</masculine>. Specifically I got a Garmin nuvi 265WT. This thing is very nice.



The mounting is a mechanical suction cup with a arm featuring a ball on the end. The ball goes into a socket on the device holding clip. The suction cup has a great grip on my windshield (and kitchen counter) and the ball and socket is easy enough to move without being loose. Once I figured out that you put the GPS into the clip bottom-first I found that it’s easy to pop in and out.



It took about five minutes for it to initially get its bearings (nyuck, nyuck) sitting on an outside table on a cloudless day. Once it figured out where it was it’s been solid for location.



The navigation is easy to use and with the preloaded maps it only makes you type until there are only a few possible cities, streets, etc for you to choose from. It allows you to save locations and one location can be saved as “home”. When you go to select a destination there’s a great big “Go Home” button that makes it easy to get to your most common destination.



I found the turn by turn with street names to be excellent. After you make a turn it tells you how far a head you need to do something and what you need to do. When you’re almost there it lets you know and again when you’re there. The former seems to give you enough time to get into the proper lane. When I was on the freeway approaching my exit it spoke more frequently but not often enough to become annoying. It did pronounce La Jolla (Lah Hoya) as Lay Jollah but since it was the American English voice and not Spanish it’s understandable.



Wonder of wonders it came with a USB cable. I plugged it in and went to the website to see what was available. They had a simple to use tool to get system updates and a tool to download additional vehicle models and voices. The vehicle model is the image of your vehicle drawn on the street. According to our GPS we are actually driving a tank and not a Matrix. This is useless, but fun. I was surprised to find that in addition to the SD card reader the thing has 2GB of built-in flash. Most of this is taken up with software and maps but there was like 600MB free. That’s a lot of room for saved routes and waypoints.



Another feature of this is built-in bluetooth speakerphone-ness. After a little fiddling I had it paired with my girlfriends nV2. I could use the speakerphone to access the nV2’s built in voice dialing. Very nice. The speaker quality wasn’t outstanding but it was easy to understand the other person and when I was outside the car on my iPhone handset I though the nuvi’s microphone pickup was very good.



I haven’t used it a ton yet but so far I feel like I definitely go my money’s worth. I would recommend this to anyone interested in an in-car GPS, especially if they have a bluetooth enabled phone.

Garmin nuvi 265WT

I bought an automotive GPS unit a couple days ago <masculine>so my girlfriend won’t get lost</masculine>. Specifically I got a Garmin nuvi 265WT. This thing is very nice.



The mounting is a mechanical suction cup with a arm featuring a ball on the end. The ball goes into a socket on the device holding clip. The suction cup has a great grip on my windshield (and kitchen counter) and the ball and socket is easy enough to move without being loose. Once I figured out that you put the GPS into the clip bottom-first I found that it’s easy to pop in and out.



It took about five minutes for it to initially get its bearings (nyuck, nyuck) sitting on an outside table on a cloudless day. Once it figured out where it was it’s been solid for location.



The navigation is easy to use and with the preloaded maps it only makes you type until there are only a few possible cities, streets, etc for you to choose from. It allows you to save locations and one location can be saved as “home”. When you go to select a destination there’s a great big “Go Home” button that makes it easy to get to your most common destination.



I found the turn by turn with street names to be excellent. After you make a turn it tells you how far a head you need to do something and what you need to do. When you’re almost there it lets you know and again when you’re there. The former seems to give you enough time to get into the proper lane. When I was on the freeway approaching my exit it spoke more frequently but not often enough to become annoying. It did pronounce La Jolla (Lah Hoya) as Lay Jollah but since it was the American English voice and not Spanish it’s understandable.



Wonder of wonders it came with a USB cable. I plugged it in and went to the website to see what was available. They had a simple to use tool to get system updates and a tool to download additional vehicle models and voices. The vehicle model is the image of your vehicle drawn on the street. According to our GPS we are actually driving a tank and not a Matrix. This is useless, but fun. I was surprised to find that in addition to the SD card reader the thing has 2GB of built-in flash. Most of this is taken up with software and maps but there was like 600MB free. That’s a lot of room for saved routes and waypoints.



Another feature of this is built-in bluetooth speakerphone-ness. After a little fiddling I had it paired with my girlfriends nV2. I could use the speakerphone to access the nV2’s built in voice dialing. Very nice. The speaker quality wasn’t outstanding but it was easy to understand the other person and when I was outside the car on my iPhone handset I though the nuvi’s microphone pickup was very good.



I haven’t used it a ton yet but so far I feel like I definitely go my money’s worth. I would recommend this to anyone interested in an in-car GPS, especially if they have a bluetooth enabled phone.

Thursday, June 25, 2009

Half-game Downloads

It’s valuable to give you only half of what you paid for.



http://hellforge.gameriot.com/blogs/Hellforge/EA-Games-Everything-On-The-Disc-Is-A-Demo



So to foil pirates they’re only giving you half the game on the disk. The rest you have to download… having already paid for the game. This isn’t a patch or content update, this is content they just didn’t put on the disk.



Mr. Riccitello says:




So the point I’m making is, yes I think that’s the answer [to piracy]. And here’s the trick: it’s not the answer because this foils a pirate, but it’s the answer because it makes the service so valuable that in comparison the packaged good is not.




My thoughts:




The great thing about a game on a disk is that I can go to the store, buy it now, and play it now. The great thing about a downloadable game is that I don’t have to leave the house provided I’m willing to wait a bit.



This synergistically combines the worst aspects of both technologies.




So here’s an idea. To stop criminals we’ll sell handguns without firing pins. Then we’ll let you order the firing pin from our website at no charge. We have thus revolutionized the way people think about buying handguns and have added value to our website. Oh, and stopped criminals from getting firing pins somehow.

Wednesday, June 24, 2009

Web Log Retention

I hang out in some IRC channels to share questions and generally admire how smart I am. Sometimes parts of the discussion are worth sharing.

mnex: do access_log should be considered as confidential information ?
crunge: mnex: confidential, yes
crunge: mnex: at the very least it’s proprietary business information that helps in the analysis of the effectiveness of one’s website and marketing
crunge: mnex: business aside, your visitors probably don’t want everyone to know what they’ve been looking at.
crunge: mnex: also, sometimes URLs contain sensitive information like search terms, user names, addresses, phone numbers, etc

Sunday, June 21, 2009

Chicken Parmesan a la Kludge

Wikipedia describes a Kludge as:




A kludge (or kluge) is a workaround, an ad hoc engineering solution, a clumsy or inelegant solution to a problem, typically using parts that are cobbled together.




How could one cobble together a fancy Italian dish with random stuff?



  1. Lower your standards for Italian food, dramatically.

  2. Bake frozen chicken fingers according to their instructions.

    • I like white meat chicken fingers and since there’s no such thing as ritzy chicken fingers the ceiling is pretty low in “springing for the good stuff”.


  3. While the chicken fingers are baking microwave 1-2 cups of spaghetti sauce in a microwave safe container. I use a pyrex measuring cup. Know that hot tomato sauce will corrode tupperware.

    • Be sure to cover (not seal!) your container with something like a paper towel so it doesn’t splatter.

    • Nuke for a minute or so, stir, check the sauce temperature, not the container temperature.

    • Repeat until hot.

    • Make sure it’s good spaghetti sauce like Prego. If it’s not you can try adding powered garlic, powdered onion, allspice, pepper, etc. But you’re not going to make it awesome. Just buy the good stuff up front.


  4. Once the chicken fingers are done baking, divide evenly on your finest plastic kitchenware.

  5. Cover them uniformly with shredded mozzarella or provolone.

  6. Cover that with piping hot pasta sauce to melt the cheese.

  7. Optionally, cover with grated parmesan. Given the name “chicken paremsan” I have know idea why this is an optional step.

Serves an arbitrary number of people, depending on how much stuff you buy and how much your people eat.

Saturday, June 20, 2009

The Duel

I may have dug myself into a hole but the results of the slide down should be interesting. My first “blog” was on Freenet and my most common post was to the effect of, “Sorry I haven’t updated in a while..”. I suspect that something of that nature is the most common update to blogs. Seeing a friend make such a reference I decided to open my big fat mouth and make a challenge.



I think this might be a unique challenge on the tubes. I challenged another blogger to a duel - For each full 24 hour period that one of us has a newer post of merit the other gains a point. The first to accumulate 100 points loses. If we each make posts just under every 48 hours and they’re properly interleaved we could go on indefinitely with neither of us accumulating a point. That’s a lot of pressure but I expect it will be good for both of us and our sites.



My original challenge with a spelling correction:




I challenge you to a duel, sir. We both have blogs that have grown relatively sleepy as of late. My challenge is this: For each full day that one of us has a newer blog post of merit the other accumulates one point. The first to accumulate 100 points is the loser.



Blog posts about the duel do not count, save for the first acknowledgment of the duel from each of us. Blog posts about life events, interests, hobbies, humorous anecdotes, and relevant responses to the others’ blog posts are all of merit.



Do you accept my challenge, sir?




Let’s see how this goes.

Thursday, June 18, 2009

Virtual Mail Hosting with Postfix, Cyrus and Roundcube

My sister makes delicious fudge and sells it online through her website http://sanfordfudge.com. Being the computer geek in the family I help get it set up and deal with a little of the day to day requirements of the website. One of those requirements is that order notification emails are routed properly. As a knowledgeable Linux geek I’m undaunted by the idea of running my own mail system and would rather do that than have it hosted.



My platform of choice is Debian because of its stability and ease of management for the command-line adept. I’m providing my setup notes below with some commentary so that they might help someone else get their mail system online. These instructions should hopefully translate decently well to other distributions although the package names, config file locations, and default configuration choices are likely to be different.



I chose Postfix because it’s simple and works very well. I have experience with Sendmail and would like to keep it in the past. I chose Cyrus IMAP based on recommendations from peers. It’s my understanding that if my setup were to become more complex Cyrus would make those complex scenarios easier to implement. I chose Roundcube because it’s clean, easy to use, and has given me very few problems in the years I’ve been using it for my own mail.



These instructions are not a step-by-step guide. If you’re familiar with Linux and Debian they can probably get you through it. If not you may find some difficulty on systems other than Debian Lenny.



What’s Missing



  • SSL - I don’t explain how to set up SSL for the webmail. It is essential that you do this.

  • Spam filtering/Virus protection - Not there yet

  • SPF/Domain Keys - These are good for getting your mail through other people’s spam filters

  • Directory Services - There’s no expectation that we’ll need to coordinate on a big list of contacts, but Roundcube does have LDAP address book support

  • User’s can’t change their own passwords - not something we need

  • Other features we didn’t need.

Debian Setup



I always install Debian stripped down, with no package sets selected. In this case I’m using the latest release, Lenny (5.0). I edit my sources to include non-free and contrib. I then run apt-get update. I apt-get install sudo openssh-server vim-nox and add my normal user to the sudoers with ALL=(ALL) ALL. I log out and log in as my personal user. I install the necessary packages:




sudo apt-get install postfix ca-certificates cyrus-imapd-2.2 sasl2-bin libsasl2-modules cyrus-admin-2.2 cyrus-clients-2.2 apache2-mpm-prefork libapache2-mod-php5 php5-mysql php5-mcrypt mysql-server-5.0



Be sure to choose a good password for MySQL and install postfix as Internet Site.



Because this is a very small setup I’d prefer to use SQLite over MySQL. I’m not a MySQL fan at all. Unfortunately Debian prefers SQLite3 (which I also prefer) but Roundcube seems to only support SQLite2. Rather than hack it to make it work I’ll just make a different selection.



I download the 3.0 beta Roundcube tarball from http://roundcube.net/downloads.



Postfix needs to be in the mail group to communicate with Cyrus the way we’re using it so I add the postfix user to the mail group.



Cyrus SASL



Cyrus SASL provides saslauthd which, for our purposes, abstracts away the complexities of various authentication mechanisms to a single interface. We’re going to use a simple database file but later on it could be scaled up to use SQL, LDAP, Kerberos, or something else.



In /etc/default/saslauthd set MECHANISMS="sasldb" and START=yes. Next we need to create users and set passwords for them. Choose good passwords, particularly for the cyrus user because that is your administrative user.




sudo saslpasswd2 -c -u hostname usera
sudo saslpasswd2 -c -u hostname userb
sudo saslpasswd2 -c -u hostname cyrus
sudo /usr/sbin/sasldblistusers2
sudo /etc/init.d/saslauthd restart
sudo testsaslauthd -u usera -r hostname -p blarg


The last command allows you to ensure authentication is working. In that example usera’s password is blarg, which is a terrible password. If a user is having trouble logging in later, ensure that this works.



Cyrus IMAP



This configuration is only allowing mail access via a web-based mail service. Therefore we don’t need IMAP remotely accessible and don’t need POP or NNTP at all.



  • In imapd.conf uncomment imap_admins: cyrus

  • In cyrus.conf, SERVICES section, set the imap line to have listen=“127.0.0.1:imap”, ensure the pop and nntp lines are commented out

  • Restart cyrus

cyradm –user cyrus localhost and user the password you created for the cyrus user.




> cm user.usera
> cm user.userb
> quit


The cm command creates a mailbox. Note that the usernames are prefixed with user. and the domain is not specified. This took me some time to figure out despite the fact that the logs were telling me exactly why my mail wasn’t reaching the mailboxes.



Postfix



I made these edits to the main.cf. In your configuration make sure that if these are duplicates of existing settings that you comment out the original settings or merge them appropriately. I’m using SSL/TLS optionally so systems that support using encryption with SMTP will do so. Those that don’t will function normally. I’m using the Debian-generated Snake Oil cert. This may be a bad choice for you. Make sure you understand where your certificate and keypair came from.




# add to main.cf
virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
virtual_mailbox_domains = sanfordfudge.com
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual



# Make sure this is in main.cf
smtpd_tls_security_level = may
smtp_tls_security_level = may
# comment out this
#smtpd_use_tls=yes


I have to create two new files in the /etc/postfix/ directory, virtual and vmailbox. Here are their contents:




# /etc/postfix/vmailbox
usera@sanfordfudge.com usera@myhostname
userb@sanfordfudge.com userb@myhostname



# /etc/postfix/virtual
inquiries@sanfordfudge.com usera@sanfordfudge.com, userb@sanfordfudge.com


I had to edit the master.cf so that postfix could properly deliver mail to Cyrus. This required telling postfix that the Unix socket being used is not inside a chroot.




# change
lmtp unix - - - - - lmtp
# to
lmtp unix - - n - - lmtp


For speed our virtual and vmailbox files are hashed databases and those databases need to be regenerated any time the source files are changed.



jason@hostname:/etc/postfix$ sudo postmap virtual vmailbox



And restart postfix.



Roundcube



This Apache configuration is actually not that great. I leave it to the reader to do something better with it. The most significant issue is that it does not include access via SSL. Since you’re sending usernames and passwords to the server you should not leave it this way. There are copious guides to getting this accomplished. Again, know what you’re doing with your certificates.



Unpack tarball into /tmp




cd /var/www
sudo mv /tmp/roundcubemail-0.3-beta/* /var/www/webmail/
cd webmail

sudo chown www-data:www-data temp logs
cd /etc/apache2/mods-enabled
sudo ln -s ../mods-available/rewrite.load .
cd ..
sudo vi sites-available/default
# Add
<Directory /var/www/webmail>
Options Indexes FollowSymLinks MultiViews
AllowOverride Indexes
Order allow,deny
allow from all
</Directory>



Remove last two lines from webmail/.htaccess
Restart apache (not reload)
mysql -u root -p

mysql> CREATE DATABASE roundcubemail /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'blarg';
Query OK, 0 rows affected (0.00 sec)


Visit http://whatever/webmail/installer/ and walk through the configuration.



Once everything is happy,



sudo rm -rf /var/www/webmail/installer/



At this point I’m able to log in as both users, send and receive mail (DNS is properly configured), manage my folders etc. Note that no folders were created automatically by Cyrus so I had to make them myself, at least the ones that Roundcube was looking for. I also had to create the Identities for each user but that was easy.



Conclusion



The end product is a mail system that’s simple to use, works well, and is easy to administer. New domains are added in Postfix in the main.cf, vmailbox, and virtual files (don’t forget postmap). Mailboxes are managed with cyradm. Passwords are managed with saslpasswd2.



Special thanks to directory-services ninja (among other things) subcon from slapd.info. In additional to having gone through this frontier before me, he also does things with LDAP that would require normal people to use Celtic runs and goat’s blood.