July 25th, 2010
5:15 pm
Geek
As if not updating my blog for months at time wasn’t enough, I also maintain a wiki that gets even less attention 
The software powering the wiki is Dokuwiki – a fantastic wiki software that’s very feature-rich (thanks to a plugin architecture) but very lightweight (everything is maintained in text files!)
There is however one mild annoyance – Dokuwiki insists on adding a Meta-header advertising the version number and there’s no direct way of turning this off:
Luckily there’s a plugin that can help – the metaheaders plugin. Unfortunately, the plugin does not ship with a configuration UI and the documentation on the plugin page is sparse. In order to disable the “generator” meta that Dokuwiki adds, here’s what you need to do:
1. Create a file called metaheaders.conf.php in the Dokuwiki conf directory. If you are using the dokuwiki package in Debian, the metaheaders.conf.php needs to go into the /etc/dokuwiki directory.
2. Add the following lines to the metaheaders.conf.php file:
<?php
$clear[] = array ( 'name' => 'generator' );
3. Clear the dokuwiki cache – you can do this by issuing a touch command on each txt file in the pages directory under /path/to/dokuwiki/data/pages (or /var/lib/dokuwiki/data/pages in Debian). Or, you can take the nuclear option and remove the cache directory entirely (/var/lib/dokuwiki/data/cache in Debian). Either way, once you’ve done this – you can trigger a full refresh of the page in your browser and check the page headers:
July 24th, 2010
4:50 pm
Geek
There are plenty of arguments for and against Security Through Obscurity – I’m of the opinion that while the benefit for doing it might be slim, actually implementing it doesn’t cause any problems, so why not?
Moving On! The fastest way to upgrade the PHP version on Debian/Lenny “stable” without running into dependency hell is through the dotdeb repositories. Not only does it allow you to upgrade to PHP 5.3.2, you also get the ability to install PHP-FPM through the Debian package manager, instead of having to re-compile PHP from source.
There is one small problem though – once you upgrade using the Dotdeb repository, all your PHP pages have an “X-Powered-By” header included:
If you are serving PHP content using Apache/2 alone, fixing this is relatively simple. Enable mod_headers as follows:
a2enmod headers
Then add the following line to your Virtual Host definition:
RequestHeader unset X-Powered-By
Now reload your Apache configuration and the header information should disappear when you do a full refresh of the page in your browser.
On the other hand, it becomes a little more complicated if you are using Nginx as your public web-server and proxying PHP requests to a backend Apache process. Depending on how your Nginx setup is configured to handle PHP requests, you may need to use one of two approaches:
Approach 1 – Nginx directly serves PHP content by proxying to a PHP/FastCGI server
If you have installed PHP-FPM, you will know that it runs as a service listening for any requests on Port 9000. Hence, you could have Nginx serve PHP content using the following directives:
location ~* ^.*\.php$ {
fastcgi_pass localhost:9000;
fastcgi_param SCRIPT_FILENAME /var/www/mywebsite/$fastcgi_script_name;}
To hide your PHP version, add the following directive to the Nginx configuration:
#Prevent version info leakage
fastcgi_hide_header X-Powered-By;
Approach 2 – Nginx serves PHP content by proxying to an Apache process:
In this approach, the Nginx configuration for serving PHP content looks very different from Approach 1:
location ~* ^.*\.php$ {
proxy_pass http://127.0.0.1:80;
}
The directive for hiding the version information also changes as Nginx is now acting as reverse-proxy:
#Prevent version info leakage
proxy_hide_header X-Powered-By;
Reload your Nginx configuration and check that the changes have taken effect by triggering a full refresh of the page in your browser:
July 12th, 2010
8:56 pm
tips
One of the more fully configured VMWare images for Debian on the VMWare Appliance Marketplace is the image provided by Visoracle.
While it does work almost flawlessly out of the box, there is one small problem – the Guest OS doesn’t support Mouse grabbing/ungrabbing by default.
To fix this, add the following line to your /etc/X11/xorg.conf , in the “Section “InputDevice”" for the Identifier “VMware Mouse”:
Option CorePointer
Then hit CTRL+ATL+BACKSPACE to restart X-Windows. Now enjoy the awesomeness of seamless of mouse grabbing/ungrabbing.
July 4th, 2010
6:46 pm
Geek
When trying to setup a new Virtual Machine, you could take the tough approach and do it from scratch. Or you could let someone else do the hard work for you and download a pre-built image. For VMWare, the place to do this is the VMWare Applicance Marketplace.
This may or may not work perfectly for you. Here’s how I fixed a couple of problems that I encountered:
- I can’t connect to the Internet via Wi-Fi from the Virtual Machine
If your host machine connects to the Internet via Wi-Fi, you’ll find that the Virtual Machine cannot browse the net or download any packages. The reason for this is that by default, Wi-Fi adapters are excluded by the VMWare Workstation. You can fix in one of two ways:
1. Remove your Wi-Fi adapter from the Exclusion list – Go to Edit > Virtual Network Editor > Automatic Bridging:
You should see your Wi-Fi adapter listed in the “Do not attempt to bridge” list. Select the adapter and hit Remove. Now try rebooting the Virtual Machine and see if Internet access has started working.
2. Map a specific VMNet Adapter to your Wi-Fi adapter – In the Virtual Network Editor, Choose the Host Virtual Network Mapping tab:
Pick a VMNet Adapter and map it your Wi-Fi adapter. Next go to your Virtual Machine settings and modify the Network option to point to the VMNet Adapter you had modified:
- I’ve shared a folder from the Host PC, but the Linux Virtual Machine can’t see it.
The nice part of using images from the Appliance Marketplace is that VMware tools is typically installed, enabling the best features of the VMWare Workstation such as changing the resolution and Unity View. However, you might find that Shared folders aren’t working properly. To test whether you have a fully working VMware tools install, run the following command:
sudo lsmod | grep vmhgfs
You should something similar to the following output:
# lsmod | grep vmhgfs
vmhgfs 51336 1
If the command exits without any output, you have an incomplete VMWare tools install. Run the following command:
sudo /usr/bin/vmware-config-tools.pl
Accept the default prompts and wait for the configuration to finish. Now try the following commands:
# modprobe vmhgfs
# lsmod | grep vmhgfs
If the lsmod command returns some output now, you’re all set to start copying-and-pasting files between the Host PC and your Virtual Machine.
May 30th, 2010
6:14 pm
Geek
The command-line is and will always be the fastest way to administer a remote Linux installation. But whether it’s running a speed test of the server or monitoring AWStats reports only accessible from the localhost, a GUI interface can often come in handy.
The typical recommendation in such cases is to install VNC and a <Insert preferred desktop environment here>. There are a few problems with this:
1. VNC requires you to open an additional port (or two) at your firewall.
2. VNC relies on it’s own user-authentication database and doesn’t support long passwords.
3. Trying to get usable performance out of VNC is a black art in itself.
The smart answer is NX – a remote desktop solution that relies on SSH for authentication, scales to any sort of connection (all the way down to a 56kbps modem link) and supports multimedia and file-sharing support.
I’m not going to talk about how to install NX on Debian/Ubuntu – there are plenty of guides, including this one on the Ubuntu Wiki.
There are a few “gotchas” when it comes to installing FreeNX on a Debian/Ubuntu VPS and it took a while for me to work out the answers. For the reference of anyone else struggling with these problems then, here are my tips:
- When I use the NoMachine NX Client and try to exit a session, the application seems to “hang”:
One of the best features of NX is robust suspend/resume support for sessions. On a default install of FreeNX however, trying to exit a FreeNX session from the NoMachine NX client doesn’t work. The problem is that a couple of dependencies aren’t included. To fix this, run the following commands:
On Ubuntu –
aptitude install x11-utils
On Debian 5 –
aptitude install x11-utils && aptitude install xterm
Now when you try to exit the session you should see the following dialog box:
- I was told that the NX Client could tunnel sound, but all I get is an error message on my VPS. I was lied to!
Actually the lack of sound is a problem of working with FreeNX on a VPS. You need to install a Sound Daemon – specifically the Gstreamer Sound Daemon. To fix this, run the following commands in Debian/Ubuntu:
aptitude install gstreamer0.10-esd
Once this done, go to System > Preferences > Sound and modify your settings as follows:
Now when you click the Test button, you should hear the soothing sound of a test tone on your local speakers. Note that this isn’t guaranteed to get applications like rhythmbox working and I have no idea on how to go about fixing problems like those. Also keep in mind that the volume control applet will still complain about missing plugins and refuse to “unmute” itself.
- I’m able to login via SSH, but trying to login via NX fails.
I’ll begin this section with a big caveat – the fix for this problem does involve reducing the security of your SSH config. Another caveat – this problem appears to be isolated to Ubuntu.
Situation – you have disabled clear text passwords in your SSHD config (i.e PasswordAuthentication no) and only allow Public Key authentication.
Problem – The NX client fails when trying to connect to the Server. If you turn on debug-level logging for SSH, you see the following message in your auth.log:
(nx) Failed login for user=<someuser> from <so.me.I.P>
You know the password for <someuser> is correct and have typed in letter-by-letter 10 times now.
Diagnosis – Tracing the root of this problem is very hard for two reasons – 1) the error message is very generic and can occur in a number of scenarios and 2) It seems specific to Ubuntu. Debian does not require any changes to your SSHD config to get FreeNX working.
Solution – The only solution that I could find after multiple iterations with the SSHD Config is to enable clear text passwords. In other words, open the sshd_config file and change the line
PasswordAuthentication no
to
PasswordAuthentication yes
Reboot the SSH daemon and FreeNX will start working without a hitch.
It is worth noting that enabling PasswordAuthentication does not imply the passwords are sent unencrypted – they are still encrypted using the host key. In addition, you can lock down SSH access to specific users/groups using the AllowUsers or AllowGroups directives in your SSH config.
October 4th, 2009
5:06 pm
Geek
At COMEX 2009, I picked up a Chinese-made set-top media player, called the Q7. Made by a company called Blue Angel, the tiny box packs in an amazing feature set:
- Supports RMVB,AVI,DIVX,MKV,MOV,HDMOV,MP4,M4V,PMP,AVC,FLV,VOB,MPG,DAT,MPEG file formats
- Does HDMI Output upto 720P
- Built-in Flash memory of 2GB and USB-Host Support
The feature I was most intrigued by however, was a note buried in the instruction manual – it claimed that the manufacturer would provide firmware upgrades for the device!
Since this a device manufactured in China, even finding the manufacturer’s website took some digging around. Eventually, I did locate the site and after viewing it through Google Translate, I was able to download the upgrade installer. Awesome right?
Well not quite – as I had to go through quite a few hoops to actually get the installer to actually run. I figured that I might as well put down the steps on the Web for other folks who might be having the same problems as I did.
OS Compatibility Warning: The installer simply does not work under Vista. Trying XP Mode etc. on Vista is of no use. I have no idea whether it will work under Wine/Linux but for now I recommend sticking to Windows XP.
1. The latest firmware upgrade for the Q7 can be found here. Scroll down and look for the link text in green (or you can try this direct link, but I have no idea how long it will work)
2. The site is a bit slow, so be prepared to wait 15-20 mins for the file to download, even on a broadband connection.
3. Once you have extracted the files, you will wind up with a set of folders like so:
4. Extract the 2nd set of RAR files and we get the following:
5. If you are on a English-language version of Windows, the Mandarin characters can cause a lot of problems with launching the installer. I recommend renaming the files to something like “q7upgrade.img” or the like.
6. I also suggest placing the files under the root of C: drive or some partition. It definitely won’t work with folder names containing spaces. Here’s the folder structure that worked for me:
7. Next you need to launch the installer application. The 2nd round of RAR file extraction would have created a folder and a disk image. Look for an application called “LiveSuit.exe” in the folder:
8. When you launch LiveSuit.exe, you will get the following window:
Note: If you would like to see the actual Mandarin characters used in the installer and get a translation of what they mean, please see Ashwin Nanjappa’s comment on how to enable Chinese character support & translations in Windows. Thanks Ashwin!
9. Click on the first icon (a packing box?) and locate the IMG file that you had extracted earlier. Once you do this, the second “gear” icon becomes active:
10. Now plugin the Q7 into your PC. It will be recognized in Windows as a USB 2.0 Flash Device
11. Once you get the “Hardware installed” popup in Windows, click on the gears icon in the LiveSuit app (Step 9 above)
12. You get a prompt of which very little is readable, except for one very important button:
13. You will now be prompted to install drivers for the device. The USB Drivers are located in a subfolder inside the folder you launched the Livesuit installer from, i.e:
Once you have navigated to the correct folder with the drivers, your “install drivers wizard” should look like this:
14. You might have to run the Driver install wizard twice before the actual upgrade starts. Once the Driver install completes, the LiveSuit installer takes over:
15. Eventually, you get another unintelligible popup:
16. At this point, you have upgraded your Q7’s firmware – Congratulations! What do you get from this you might ask? Well the highlights are:
- Proper resume from Standby when using the power button on the remote
- Support for SUB format subtitles
- Better MKV Support
- Support for UTF-8/UTF-16 encoded subtitles.
Not bad at all eh? The entire release note is available on the webpage where the firmware is hosted, but you will have rely on Google Translate if you can’t read Mandarin – here’s a translated link
Post-Firmware Upgrade Warning:
- After the upgrade, the On-Screen menus default to Mandarin again. You will have to go into the Settings menu and select the “Globe” icon to be able to change the language back to English.
16. If you are wondering how to exit the LiveSuit application, here’s a hint – it isn’t the regular close button on the App window. Instead you need to click the little running man/AIM icon:
That’s the HowTo. Let me know in the comments if this helps or you have any problems. Happy Viewing!
August 18th, 2009
7:21 pm
Geek
Sitting at home and trying to beat a particularly nasty throat infection, I decided to follow-up on and put together what my push-email/calendar solution looks like:
To summarize, it currently uses:
- 6 different sites for the Calendar – Dopplr, Upcoming, Remember The Milk and fbcal feeding into Google Apps Calendar. Nuevasync syncs a subset of my Google Apps Calendar to my Samsung i600 phone. Remember The Milk feeds into my Google Apps email.
- I use Google Calendar Sync for my desktop calendar that lives in Outlook 2007.
- I had a sync setup between my phone and Outlook as well, but stopped using that after .
- I sync my Google Apps mail via IMAP on my phone and backup using POP3 in Outlook 2007.
- Regular Gmail is synced via IMAP and some magic sauce using Seven.
It probably has too many moving parts and is overly dependent on various free services. But it works well enough for me.
August 18th, 2009
3:48 pm
Geek
Location-networking is meant to provide two experiences:
1. Broadcast your location to your friends and FoaF network in the hope of making unexpected connections; and
2. Share comments and rich media (photographs, video, voice etc.) about your experiences at a particular location.
This then, is the state of my location networking experience one year on:
Two problems have remained stubbornly unresolved for that entire period
1. The lack of two-way sync between Brightkite and Fire Eagle – While I can understand why Google Latitude won’t play with Fire Eagle, I’m puzzled by the reluctance of the other players in location networking like Brightkite and Foursquare to integrate with Fire Eagle. Integrating with Fire Eagle would allow location-networking providers to stop worrying about how their users send updates to their service and focus on making the experience more fun to use. Instead, all the players in location-networking are guilty of listening only to the echo-chamber hype of early adopters and providing solutions only for the platforms the geeks love, i.e., the iPhone, the Blackberry Bold generation and the Android OS. This is remarkably short-sighted considering:
a. While the iPhone is the fastest selling Smartphone today, it still isn’t beating older Blackberries, Windows Mobile or the Palm OS in terms of installed base.
b. No Smartphone is coming close to beating the "dumb" cell phones install base
If location-networking is to really become as ubiquitous as social networking, it has to run on a variety of platforms and require little by way of a hardware minimum. The promise of location-networking, to open your phone and see the location of not just your friends but of your FoaF network is truly remarkable. But meeting only the needs of the echo-chamber will keep location-networking a niche product, until it is killed off by the geeks who abandon it for the next cool thing on the horizon.
2. The lack of rich metadata for any media shared through Brightkite – Let’s ignore the fact that Brightkite does not support video uploads to Flickr (despite the fact that Flickr has had video in place for over a year now). No, my complaint is about how little metadata is passed to Flickr when I send a photo to Brightkite.
a. No tags
b. No Titles
c. Email subject as description
c. No EXIF data
Using the Email Subject line as a description isn’t a very great idea either – why can’t we specify the Title via Email Subject and the description via Email Body? Isn’t that more logical. The lack of tags means these images are going to be very hard to surface via search. All in all, it’s a very limited and clunky solution for something a lot of other products do very well.
I had hoped that 2009 would be the year that location-networking really started to take off. It now seems like location-networking will continue to stagnate until someone builds a product that not only works for the early adopters, but for the early majority and the users after that
July 5th, 2009
4:37 pm
Life
Part of my 3 week trip to India earlier this year included a visit to a series of temples in Tamil Nadu – popularly known as the "Navgraha temples". I came away from that trip amazed at the enormous potential for tourism in Tamil Nadu and saddened by how much of it goes to waste due to frustratingly archaic customs.
Driving into a tiny village of 10 or 20 houses that holds at it’s centre an enormous temple complex that covers a square acre of land left me wondering what was this place like in it’s heyday. Or walking down a 500 foot hallway with curved archways soaring 50 feet into the air, you wonder whether the European architects of the Renaissance were really all that original. When one finishes praying at the Garbha graha of a temple and notices that every square inch of the rock is covered in gold leaf – it’s a glimpse into the enormous wealth of those Pandian kings that drove this building spree.
Astonishingly, almost none of these locations suffer from the typical infrastructure woes that plague most Indian tourist destinations. Reasonably good governance has been a hallmark of Tamil Nadu politics for decades now – translating into rail and air access to the major towns in this temple belt, 2-lane all weather roads to every village, and 5 bars of cell phone coverage wherever you go. And if you have to cross a dry riverbed on a rickety wooden bridge that creaks with every motorcycle that brushes past you – well that’s part of the adventure isn’t it? You also get reasonably decent accommodation (that can be booked on the Internet!) and great South Indian food in every restaurant. So why are these places unknown outside South India?
The first problem I believe is that annoying rule of "No photography allowed inside the temple premises". Whether it was due to Hindu priests believing that photographs stole the deity’s soul or the bureaucrats fearing thieves would use the photographs to decide which temple jewels were worth stealing, all you can get are photos of the temple entrance or it’s Gopuram. Which after the 50th such photo, tends to get really old. How do you promote a place when you can’t even show it to another person?
The other issue is with the Hindu customs – which barely tolerates Indians of other religions entering the temples and outright refuses to let foreigners in. I see the crowds of foreign tourists at the temples in Singapore’s Little India, which (no offence) have barely a fraction of the history of some of these "Navagraha temples" and wonder how much these tourists would be amazed seeing the crystal Lingam that the temple priests in one place claim was placed there by Lord Muruga himself. What would they make of the story of how the stone Lingam in one temple leant to one side to allow Lord Brahma, cursed to be born a human, garland the statue and thus attain Mukti? Every idol and nearly every tree in these temples has a fascinating, richly detailed history that could reward and entertain the patient traveller. Yet thanks to concepts like "aacharam" and "madi", they remain out of bounds to any foreign tourist who might make it this far.
I want to wrap up this post with the incident that truly defined this trip for me. We arrived at one temple a little too early and one of the ubiquitous vendors suggests we take a walk "just a little while away" to a Lord Venkateshwara temple that had just re-opened. We walk barefoot down a stony path trying to avoid the goat dung underneath and the curious village dog around our ankles. Finally, we come to a red brick wall which opens up to reveal two "shelters" thrown together from wood planks hastily nailed together. We walk in and a temple priest informs us that the temple is probably over a 1000 years old and was hidden by the jungle till someone "discovered" it a few years back. He points out the single remaining Vimana of the original temple, stained dark green and with a single stubborn tree still growing out of a crack in the roof. I look at the serene face of Lord Venkateshwara, his features blurred by centuries of rain and neglect and wonder how many generations of people have walked by, not knowing they were being blessed by an almost-forgotten God.
India still has the power to surprise and move us – it’s cynical, careless children.
June 16th, 2009
6:24 pm
Geek
Ruminations on Friendfeed after making my first “block”:
- Since Friendfeed allows for “fake follows”, should I just follow everyone who follows me? After all, I never need to see their updates.
- I finally understand the power of lists in Friendfeed. With every other tool, S/N ratios have to be controlled through manual curation of follow-lists. On Friendfeed, that’s never a concern.
- A classic sign on Twitter of “spammers” is someone with a huge “following” list. If I did start following 12000 people on Friendfeed would I become a “spammer” in someone’s eyes?
- If I was following 12000 people on Friendfeed, would that “cheapen” the “silent attention” that I pay to my friends lifestreams. In other words, would their assessment of my “ambient social awareness” be tainted by the thought “he can’t possibly keep up”. After all right now, a lot of conversations with my friends in real life slip between contexts of “on IM you said” and “on twitter I saw..”. Would that disappear if I was following 12000 people here because folks would assume I couldn’t have kept up?
- Am I plate-of-beans’ing this?
Related idea – Even though URLs on Twitter Profile Pages are no-follow, spammers follows millions to drive up SEO Rankings for URLs in their bios & names. Should Twitter: a) add noindex,nofollow o follower/following profiles? b) remove links to follower/following profiles for not-logged in users/search engine bots? c) remove bio or not-logged in users/search engine bots?
