Category: Geek (page 11 of 36)

November 2, 2011

Tabs and spaces

Self? Remember this:

tr 't' ' ' | sed -e 's/  */ /gp'

You’ll need it later.

At work I use bash, sed, [e]grep, cut, tr, and occasionally awk if I can’t get out what I need from the others. These aren’t used as scripts per se, just some tools I use to massage data.

Need that formatted, irregular, multi-line text file broken up and ripped into another format for processing? Sure, not a problem. Most people would (correctly) use PERL but I never got into it that much. I hardly ever get the same situation twice and deal with new data all the time.

But I do need to remove tabs and multiple spaces almost every time. While I always remember the tr part, I always need to rethink the sed regular expression. So here I am, writing a post to myself to keep it in my mind.

October 30, 2011

OK then, I can use Google+ now

That was quick. I’m now able to turn on Google+ on my Google App domain. If your Google Apps then try logging into your “Manage this domain” link, select “Organization & Users”, then Services. If the option is available you will be able to scroll down, find it, and turn it on. It’s that simple.

There caveats is that this looks like a work in progress. I’m not able to get Google+ working via my Android phone or either my wife’s iPhone or iPad. But the web page works fine and I’m able to login using my Google Apps account.

Now does anyone know how to get all their FaceBook friends to migrate to Google Plus? That’ll be a fun social engieering effort.

October 28, 2011

SNI on CentOS 5.6[7] with mod_gnutls

Edit: Geez. Since I set up this post, I noticed that the compaq8000.conf example was missing small bits like oh, the mod_gnutls parts. This update now contains the missing portion.

I’d read Ipstenu’s blog post “Request: Multiple Domains, One IP SSL Certificates” and thought that that shouldn’t be too hard. Simply put, this is a request for the configuration of an Apache web server to be able to distinguish between requested SSL sites but with only one IP address being used.

Virtual hosts on Apache is a real resource saver. With just one server you can have as many different websites and on this server I have at least 4 running. But in order to get it working Apache must support Server Name Indication. You can read up on SNI at Wikipedia for more details.

I use Ubuntu LTS because it’s got long term support and has features that I like. But I had previously been a RedHat user from RedHat 4.0 and on. Using RPM I would roll my own packages for work and hobby. How hard can it be to setup CentOS 5.6 on one of my spare PCs?

It turned out that that was sort of true for me and after some trial and error I got it working with gnutls. I’ve been using Ubuntu LTS for so long that my RHEL (CentOS) experience is dated. I was able to get multiple SSL based virtual hosts working on a CentOS 5.6 but that involved unwittingly updating to CentOS 5.7 without realizing it, and I also had to enable the CentOS testing repo.

Installing CentOS and add the testing repo

First get CentOS 5.6 installed. I have an old Compaq Presario 8000 in the basement for playing around so I torrented the CentOS 5.6 DVD and did a plain server install.

Once installed, I ran the following commands to bring the fresh installation up to speed.

yum update
chkconfig --add httpd
chkconfig --del iptables
reboot

That upgraded about 120 RPMs and took longer than the initial install but I was updated unknowingly to CentOS 5.7! The next 2 commands added Apache2 to be started up automatically and shut off iptables. I didn’t want to play with firewall rules and I set SELINUX=disabled in /etc/sysconfig/selinux.

My basement server is 192.168.1.9 and I put in 2 names into my internal DNS server jan-basement and compaq8000. I created two new self-signed certificates for those two names and put the new files into the /etc/pki/tls/certs and /etc/pki/tls/private directories.

I could have rolled my own mod_gnutls RPM but I prefer to use packages created by CentOS. To do that I had to edit the /etc/yum.repos.d/CentOS-Testing.repo file and change enable=0 to enable=1.

[ c5-testing]
name=CentOS-5 Testing
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
# CentOS-Testing:
# !!!! CAUTION !!!!
# This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
# They may or may not replace core CentOS packages, and are not guaranteed to function properly.
# These packages build and install, but are waiting for feedback from testers as to
# functionality and stability. Packages in this repository will come and go during the
# development period, so it should not be left enabled or used on production systems without due
# consideration.

See that caution? That’s the part that worries me because the c5-testing repo is where I found the mod_gnutls RPM. I believe using that RPM should be fine but check with CentOS support forums.

Install the mod_gnutls RPM and create configs

Once you enable that repo, perform the following commands as root:

# Install the mod_gnutls RPM via yum
yum install mod_gnutls
# Create the sym-link for the module
ln -s /usr/lib/httpd/modules/libmod_gnutls.so /etc/httpd/modules/mod_gnutls.so
# Rename the ssl.conf to ssl.conf-old. This will disable mod_ssl from loading.
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf-old

Next up, create the configuration files and directories for your vhosts. I like to place my vhosts into /var/www/vhosts.

mkdir -p /var/www/vhosts/jan-basement
mkdir /var/www/vhosts/compaq8000

Create a conf file for each vhost and put these lines into them:

<VirtualHost 192.168.1.9:80>

        ServerName compaq8000
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/vhosts/compaq8000/
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride All
        </Directory>

        ErrorLog /var/log/httpd/compaq8000-error.log

        LogLevel warn

        CustomLog /var/log/httpd/compaq8000-access.log combined
        ServerSignature On

</VirtualHost>

<VirtualHost 192.168.1.9:443>
	GnuTLSEnable on
	GnuTLSCertificateFile /etc/pki/tls/certs/compaq8000.crt
	GnuTLSKeyFile /etc/pki/tls/private/compaq8000.key

        ServerName compaq8000:443
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/vhosts/compaq8000/
        <Directory />
                Options FollowSymLinks -Indexes
                AllowOverride All
        </Directory>

        ErrorLog /var/log/httpd/compaq8000-ssl_error.log

        LogLevel warn

        CustomLog /var/log/httpd/compaq8000-ssl_access.log combined
        ServerSignature On

</VirtualHost>

I repeated the same with the other vhost but replaced the compaq8000 with jan-basement.

The RPM puts /etc/httpd/conf.d/mod_gnutls.conf with all the lines commented out. Rather than play with that file, I just created a small new file /etc/httpd/conf.d/fix-up.conf with these lines in it.

ServerName jan-basement
NameVirtualHost 192.168.1.9:80
NameVirtualHost 192.168.1.9:443
LoadModule gnutls_module modules/mod_gnutls.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
Listen 443

You can probably leave out the ServerName and the NameVirtualHost on port 80. My home DNS is not a robust as it could be…

Now re-start httpd with a simple “service httpd restart”. If all goes well, and your DNS is setup correctly, then you should now have two virtual hosts that serve out the correct different SSL certs for each one,

You couldn’t get it working with mod_ssl?

I couldn’t get it working reliably. With initial installation of CentOS I was able to get Apache2 to reply back with the correct SSL certs. But after I tore it all down and re-did it again, I got inconsistent results. On my Ubuntu LTS servers (which this blog runs on) I had a similar issue and I think that’s why I use mod_gnutls today. It works reliably and I’ve had no issues with multiple SSL certificates on one IP address.

Caveats

This worked out on my unused basement server but there are several concerns I have.

1. CentOS 5.6 updates to 5.7 (final) when I did yum update

That was a shock to me. I get that CentOS wants to keep things current but I had thought that I would be updating within the 5.6 branch. On my PC going to 5.6 may not be a big deal but if you run a VPS make sure you can restore you backup and check with your host provider. It should be fine but gotchas on production servers is a huge no-no.

2. Adding the CentOS Testing repository

The nice thing about using pre-made packages is that you don’t personally have to maintain them. If Apache2 gets an update will this RPM work continue to work? It depends on how the module is compiled. It might be safer to find a good mod_gnutls SRPM and keep that ready to be built a a just in case.

3. Backups are your friend

CentOS stores it’s Apache2 configs in /etc/httpd and before anyone tries this at a minimum they should keep fresh copies of that directory somewhere safe.

That seemed like a lot of work for your curiosity

Nah! While solving problems like this is part of my day to day work routine, this has always been my hobby. Some people work in their wood shop, I work on my software configs and these sorts of problems are fun. And now I’m more up to date with CentOS as a result.

Doing this with Ubuntu LTS is much easier because the software is supported right out of the box. SNI on Ubuntu is just a matter of configuration and all the necessary software is part of the distribution. But if you are going to use CentOS and want SNI to work, then this could work out for you.

October 15, 2011

I want to use Google+ but can’t justify doing so

Like many people in my age group *cough* 40+ *COUGH!!* I rely on social websites such as Facebook and Twitter. Facebook lets me maintain a way to keep in touch with friends that I’ve not seen in years and Twitter permits me to follow the daily minutia of some really interesting people.

For me it’s a social phenomenon and totally kills the art of writing letters to friends. We’re all addicted to it on one form of another and technology has improved where our smart phones provides us easy two way access to this data.

I am a confirmed fan of Google. I want them to be successful and like that they try to compete in so many technological arenas. I migrated my email system to Google Apps because it provides such an easy way to manage my users. And I don’t have to stay up nights adapting strategies for combating SPAM.

All that said, I have no use for Google+. I’m a Google Apps user and have successfully migrated my Google access to the apps platform using my domain name. Google+ doesn’t permit that yet so I can either use a different account or pass on Google+.

I went through the exercise of using my apps account for all Google access. My Android phone is setup for it, my email, search history, Google Chrome, etc. In order to use the new social site I use another browser such as Internet Explorer. That’s not too cumbersome but someday they’ll sort out the access for people like me. I don’t want to maintain both accounts so here I am.

When Google+ supports app users, I’ll give it a serious look. But for now I’ll stick with Facebook.

June 13, 2011

Still a sucker for WordPress beta

I took the plunge and once again used SVN to switch from running WordPress 3.1.3 to 3.2 beta. The betas are usually solid and I test my nightly backups on a different server from time to time.

Unless something really drastic happens to the WordPress repo, I’ll be fine with the beta.

The new fullscreen distraction free interface for composing posts? It’s unreal. The keyboard commands work fine, it’s just that the minimal GUI is hidden until you move the mouse. You “Just write” and that’s all there is to it. It’s just a blank page for you to type on.

The other improvements so far seem to be GUI based. I haven’t dug deeply into the documentation yet but my plugins work fine and I’m running a network of blogs from this installation. There is an oddity that when I load the post edit page, the TinyMCE does weird things during the load. Not a big deal and it sorts itself out in a second, just strange is all.

So far I like it. WordPress continues to improve and the beta keeps that record going strong.

June 11, 2011

Using IPv6

When IPv6 day came around, I installed Squid3 and a IPv6 tunnel setup on my in-house Linux server. I used the instructions from Ubuntu’s Wiki and made some minor configuration changes to Squid3 and that was it. You need to use version 3; version 2 of Squid lacks the right support.

The tunnel broker I am using is Hurricane Electric’s excellent Tunnel Broker. Just create an account, provide some information and you are good to go.

Easy! Now using Squid3 I can browse to Google and CNN’s IPv6 pages without any hiccup. I preferred to do it this way because setting up my Linux server as an IPv6 gateway would have required more (not much) work from me. This was quick to do and I had no problems.

Moving on, I created another HE tunnel on this web server. Using Apache 2 virtual hosts, I just added to the config file these lines.

<VirtualHost [2001:470:1f10:f10::2]:80>

 ServerAdmin webmaster@localhost
 ServerName blog.dembowski.net
 ServerAlias *.blog.dembowski.net
 ServerAlias photo.dembowski.net
 ServerAlias blog.epyon-1.com

 DocumentRoot /var/www/vhosts/blog.dembowski.net/
 #DocumentRoot /home/jan/public_html/

 <Directory />
 Options FollowSymLinks -Indexes
 AllowOverride All
 </Directory>

 ErrorLog /var/log/apache2/blog.dembowski.net-error.log

 # Possible values include: debug, info, notice, warn, error, crit,
 # alert, emerg.
 LogLevel warn

 CustomLog /var/log/apache2/blog.dembowski.net-access.log combined
 ServerSignature On

</VirtualHost>

The lines are duplicated from the existing vhost entry. I substituted the A record address of 209.20.89.108 with the AAAA record address of 2001:470:1f10:f10::2. This address was provided by Hurricane Electric.

Next up was to update my dembowski.net DNS zone by adding the AAAA record. This is the IPv6 address record and now my DNS name blog.dembowski.net has two entries.

blog.dembowski.net. 900 IN A 209.20.89.108
blog.dembowski.net. 900 IN AAAA 2001:470:1f10:f10::2

I restarted Apache and now when a IPv4 or v6 request comes in, it gets handled by correct IP address and all is well. My server and proxy logs show which address I am hitting, and the site validates.

So what did this get me? Nothing really, except to show how easy it is to add IPv6 to your site and web connection. A buddy of mine almost exclusively uses IPv6 only at home. The old address space is or has ran out (depending on how and who you ask). Migrating to anything new can be a challenge but really, there is no reason for ISPs or hosting providers to not support IPv6.

May 26, 2011

Middle age? It took me forever to get here

As you get older, your habits change and you do different things. In the past I have spent a great deal of time building Linux servers and running my domain’s mail and spam filters, my own web servers for family web sites, ftp server, and sometimes hosting a game server.

Linux and open source software is cool and exciting.

This past week? I’ve been working on my own time preparing the pool for Sunday. Last year we opened the pool up for the first time on Memorial day and had a great summer. Since it was the first time the pool company took care of balancing the water, adding salt, etc. This year it’s all me and Lily.

It’s not a great deal of work (vacuuming was a pain), and the pool is really low maintenance. It’s just that I used to spend my time doing geeky things.

Now my geek tasks are actually managed.

My domain’s mail is handled by Google Apps because I was spending serious time losing the spam battle.
I update my WordPress site using the automatic upgrade feature while I weep for my lost SVN commands.
I never host any game servers anymore and feel like I should yell “you kids get off the lawn!”
My Linux distro of choice for my servers is Ubuntu 10.04 LTS because I got tired of updating Linux distros every 6 months.

My hobbies have changed too. I used to play PC games much more frequently but lately I’m more into photography. Unlike other family members, I’ve only gotten into this about 3 years ago. And my 35mm film infatuation is more recent than that, I carry an Olympus Trip 35 everywhere.

I still plan on working on my Gunpla collection, but I’m finding it funny how my spare time is being used. I’m not upset about it, but the observation makes me laugh.

May 16, 2011

Okay, this may be a setup but it’s really funny

It’s been a busy month, with no sign of it slowing down either! In the meanwhile enjoy this cute video.

Even if it’s all setup, it’s still pretty funny.

March 19, 2011

“Is that how you’re going to do it?”

How Star Wars should have been done.

Must see Paul when it’s out on DVD (seriously, it’s just easier that way with my schedule). Simon Pegg and Nick Frost were made for each other.

March 3, 2011

No Batteries Required

olympus-trip-35

This started with my looking for a good compact digital camera with a viewfinder. As a result I bought a film compact camera that was manufactured in 1972.

I prefer cameras with a viewfinder because I take better photos when I hold the camera close to my face (my arms shake). There are several good digital candidates such as the Canon G11/G12 or even the Nikon P7000. But they’re also not inexpensive and I already have a fine DSLR that I take hundreds of photos with.

Why not go back to film? I hadn’t even owned a film camera since 1997. So I started looking on eBay and Flickr and was inspired by the cult following that the Olympus Trip 35 has created.

About the Olympus Trip 35

The Olympus Trip 35 was sold between 1968 and 1984. It’s been reported that ten million units were sold, but that’s questionable since that number may have included other Trip models. Serial numbers shared online never seem to reach 6 million.

Less than 6 million is a respectable number. But what I find amazing is that virtually the same model was sold for 16 years. Today that’s unheard of for a consumer product to be left alone with just minor internal production changes.

The Trip 35 has 4 zone focusing at 1 meter, 1.5 meters, 3 meters, and infinity and takes a 43.5mm filter size. You guess the approximate range and set the focus accordingly.

This camera does not use batteries. The light meter is a selenium cell that moves a needle. That movement determines the aperture size and shutter speed. You can read up on this at the top of this web page and see the light meter in action at this YouTube video.

It’s a solid camera made out of metal and has some weight. It’s not bulky and it feels comfortable to use.

So you bought one?

I ordered 3 and there is a method to my madness.

The first one I ordered was from Paul Lamb’s Trip Man website in the UK. This company obtains these cameras, refurbishes them, and puts on a replacement for the original leatherette. They have a selection of colors, textures, and accessories.

This is a good buy because the camera comes with a 6 month warranty. This is not a modern SLR that you can get serviced anywhere. While I am not mechanically clueless, I want to be able to enjoy the camera without replacing the light seals or un-sticking the aperture blades. Trip Man has earned a good reputation and many people recommend him. I had made a small mistake with my order and this was responded to very quickly and satisfactorily.

If you want to buy a Olympus Trip 35 that just works, then get one from Trip Man.

The second Trip 35 was from eBay and sold as-is. That one arrived first (pictured above) and I bought it with the intention making repairs, replacing the light seals and leatherette.

The purchase was inexpensive and came with a strap, original leather bag, and original lens cap. This camera was going to be my experiment in stripping the old leatherette and possibly take apart and clean the aperture blades. See this link for a great step-by-step with photos for taking apart one of these cameras.

A great plan except this second camera is apparently perfect! The camera is in wonderful condition and only needs replacement light seals for the film chamber and possibly a little cleaning of the view finder.

I shot a roll of Kodak ISO 400 and will get it developed tomorrow. If the exposures are mostly good then I’ll leave this one alone and just replace those seals. Stripping the leatherette would feel like tossing a rock though a window. I may do it sometime, but not this month.

And my third camera from eBay? I want one that works but has not been refurbished. Call this one my reference model, it’s a late version with a black button. A quick bid and I have another one on the way.

So, what next?

Now I take pictures. Lily and I use Costco which not only develops 35mm film but for about $3 more you can get a DVD with scans of your film. Near where I work are a couple of labs that a friend recommends. Film is not dead yet, it’s just hibernating.

At this time I’m not interested in developing my own film. That may change but I’m more interested in improving my photography.

This is a 1970’s era viewfinder camera. While the exposure and aperture are automatic, you have to think before take the photo. When I use the DSLR I intentionally shoot hundreds of photos and cherry pick the best ones. Those end up on Flickr.

I am hoping that by using this film camera that I’ll learn for compose my shots better. Not just point and click but plan my shots. I’ll still waste film, but the ones that I like will be posted online.