linux

LRL2007 Roundup

Lugradio live is now finished and done. It was well worth attending - I really enjoyed it. Wolverhampton is a shit hole of note, but the conference itself was good.

Notable talks I saw were:

  • Malcolm Yates from Canonical: numerous talk on anything that he considered relevant :-)
  • Alan Cox on how to help in Open Source, and persuading hardware vendors to part with their documentation.
  • Matthew Garrett on Power Management
  • Scott James Remnant on 10 really cool things (quite a few of which didn’t work) :-)
  • Michael Sparks from the BBC on Kamelia - a concurrent programming framework
  • Becky Hogge from the Open Rights Group
  • Gervase Markhams brilliant talk - How to Win every argument. He went through various fallacies, and how to use them to your advantage.
  • Joe Born from Neuros

Talks that I missed, but want to catch up when they post the videos (any guesses why I’m blogging this :-)

  • Flumotion
  • IAAL (I am a lawyer)
  • Telepathy
  • Gong a Thong
  • Chris diBona
  • ELER

I walked off with a free Nokia N800, as I’d come from so far away. A man who flew in from Singapore also won one. I have a suspicion that the Californians should have got it instead of me, but the WiFi was down so nobody could google distances :-)

On that topic, I really think that all geeky events like this should have pervasive WiFi coverage. Some of us are a long way away from home, and would like to be able to read our mail in-between talks. Also, it makes the GPG key signing party easier. I didn’t pre-register for the signing, so only a couple of people signed my key, but I did get 2 CAcert assurances. I’ll try and get some more points while I’m in a part of the world, where you can actually find assurers.

The N800 is very cool. It’s ARM based, runs Linux (Maemo), and has decent WiFi / bluetooth abilities. If you want to quickly check your mail, watch youtube (yes it has flash) or do some basic IRC chatting in free wifi zone (i.e. a hotel reception area), then it rocks. The handwriting recognition isn’t great, and it’s quite different to what I’m used to on my P910. So I mostly use the on-screen keyboards (there is quite a good thumb-sized-keyboard option).

It uses Telepathy for Jabber IM, and has a few VoIP options: Gizmo, Skype, Google Talk. But the best part is that because it’s an open platform, you can run most Linux software on it. I’ve installed Xchat, Mplayer, and an Xterm, so far… Because my amd64 laptop can’t run Skype / flash, this is a really handy device to have around.

My train back was re-routed, and in total, it took 5hrs to get home :-( (fortunately I had a movie to watch on the n800)

New GUI for 3G Datacards under Linux

Tectonic has spotted a new GUI for 3G Datacards.

You can see it in action.

Vodafone Spain sponsored it’s writing, and they made the right choices: it’s GPL, Python-GTK, and pretty well written. It looks like a clone of the Windows Vodafone client, but using libnotify, and other cool GTKisms. I highly approve.

Installing it was as simple as downloading the deb, and installing it with gdebi.

The first thing I did was add the support for my Option 3G GT Quad Fusion Datacard, which was as simple as finding out the USB IDs, and modifying another card’s driver:

class OptionGTFusionQuadLite(Device):
        __properties__ = {
                ‘usb_device.vendor_id’ : 0x0af0,
                ‘usb_device.product_id’: 0x6300,
        }
        __name__ = "Option GT Fusion Quad Lite"
        conn_dict = OPTION_DICT

simple eh?

This should be incorporated in default Ubuntu installs. It should also be extended to support talking to phones over bluetooth / IRDA. (At the moment, it seems to only like talking to things that HAL knows about)

PHP4 for feisty - pbuilder for beginners

I helped Robbster out on #clug today, building php4 for feisty (it’s been dropped after edgy, in favour of php5). If you want to install it, don’t care about security holes, and want to use the debs I created, add this line to your apt sources list, and go wild:

deb http://ftp.leg.uct.ac.za/pub/stuff/tmp/php4-feisty ./

If on the other hand you want to know how to do it (so when the next PHP security hole appears tomorrow, you can build the latest version yourself), read on:

I’ve never used pbuilder before, so it was fun:

# aptitude install pbuilder

Edit /etc/pbuilderrc to point to your closest mirror, and uncomment the COMPONENTSline (so that you get universe included)

# pbuilder create

Now pbuilder is ready for work. Get the latest sources from debian (Download those 3 files at the end, dsc, orig.tar.gz and diff)

# pbuilder build *.dsc

Sit back and watch…

When it’s done, you probably want to create a trivial repository of your debs:

# cd /var/cache/pbuilder/result/; dpkg-scanpackages . /dev/null | gzip -c -9 > Packages.gz

Then add this to your sources.list

deb file:///var/cache/pbuilder/result/ ./

Wohoo. Remember to watch out for those security holes…

OpenVPN / WPAD Mania

I’ve just spent an afternoon tweaking an OpenVPN install, and I thought it would be a good idea to document it here. Not the world’s most interesting post, but it’s my method, and I want to document it.

OpenVPN:

The best solution I found was to have the server on it’s own subnet:

dev tun0
comp-lzo
keepalive 10 120
server 10.20.2.0 255.255.255.0
push "dhcp-option DNS 10.20.1.1"
push "dhcp-option DOMAIN rivera.co.za"
push "route 10.20.1.0 255.255.255.0"
ca /etc/ssl/vpn-cacert.pem
dh /etc/ssl/dh1024.pem
cert /etc/ssl/certs/vpn.rivera.co.za.pem
key /etc/ssl/certs/vpn.rivera.co.za.key.pem

This sets up a Windows-friendly, routed OpenVPN. (TAP32, the windows tap driver, can’t handle arbitrary IP routed VPNs, each link has to have a private /30 network)

Then, the Windows client side:

client
dev tun
dev-node VPN-Connection
proto udp
remote vpn.rivera.co.za 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca cacert.pem
cert winlaptop.pem
key winlaptop.key.pem
ns-cert-type server
comp-lzo
verb 3
pull
keepalive 10 60
explicit-exit-notify 2

This is nice and simple, and has the advantage of pulling a lot of configuration from the server rather than statically storing it on the client.

WPAD:

My network has Proxy Autodetection. While I wanted DNS queries to go through the VPN, I didn’t want web traffic to. (DNS through vpn, is ugly, but necessary for finding private servers).

My solution was: dnsmasq.conf:

dhcp-option=252,"http://ixia.rivera.co.za/wpad.dat"

Apache, default site config snippet:

<Location /wpad.dat>
        ForceType "application/x-ns-proxy-autoconfig"
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/8
        Allow from 10.20.1.0/24
</Location>

And a fallback, in-case the wpad is already cached, this at the top of the wpad:

// VPN:
if (isInNet(myIpAddress(), "10.20.2.0", "255.255.255.0")) return "DIRECT";

Sarge -> Etch Upgrade and apache2

Thanks to Debian bug 407171, if you had mod_proxy installed in apache2, and upgrade to etch, it’ll also install mod_disk_cache, which means your /var partition is going to fill up quite quickly.

This happened to 2 CLUG servers.

I don’t think this is the correct behaviour, and I’m even more suprised to see that it the appearance of the bug is documented in a bug-report.

Syndicate content