Strange Loopiness

This is my guide to how to install Ubuntu. There aren't many like it, because this one is mine. This is using Karmic and for a single-user computer.

I start with the alternate install CD, and install a command-line system. There's a lot of talk about how Ubuntu is bloated, which is a little silly, as Ubuntu is not the same thing as the ubuntu-desktop metapackage. The command-line system will leave you with a few things you won't need -- it includes the tools for several filesystems, including NTFS, and support for various hardware, some of which you won't have. I don't doubt that there are leaner minimalist distributions, but it's a stretch to call this bloated.

Toward keeping it unbloated, the first step is turning off the automatic installation of recommended packages:

echo 'APT::Install-Recommends "false";' | sudo tee > /etc/apt/apt.conf.d/02notrecommended

Then I install the first tools I want:

sudo apt-get install wajig zile

That's the last we'll see of apt-get, as wajig is my preferred front end to the Debian package manager. zile is a small Emacs-workalike. Next, I make sure it gets used whenever anything needs an editor (and that I never, ever get dumped into vi):

sudo update-alternatives --install /usr/bin/vi vi /usr/bin/zile 99
sudo update-alternatives --config editor

The latter will prompt me to choose among installed editors; I pick zile.

Now I'm ready to configure sudo.

sudo visudo

I add to the line beginning Defaults env_reset, making it:

Defaults env_reset,insults,!tty_tickets

!tty_tickets makes the sudo timeout global, instead of on a per-session basis, so that if I sudo in one window, and, soon after, sudo in another, I won't have to type my password again. This is very useful. insults means sudo will insult me if I type my password wrong. This isn't useful except inasmuch as it amuses the 12-year-old in me.

Next is configuring my repository sources:

sudo -e /etc/apt/sources.list

This boils down to these four lines, with my closest mirror substituted for "us.archive.ubuntu.com"

deb http://us.archive.ubuntu.com/ubuntu/ karmic main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic main restricted universe
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ karmic-backports main restricted universe multiverse

plus I keep the default last few lines:

deb http://security.ubuntu.com/ubuntu karmic-security main restricted
deb-src http://security.ubuntu.com/ubuntu karmic-security main restricted
deb http://security.ubuntu.com/ubuntu karmic-security universe
deb-src http://security.ubuntu.com/ubuntu karmic-security universe
deb http://security.ubuntu.com/ubuntu karmic-security multiverse
deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse

I make sure I'm up-to-date:

sudo wajig update
sudo wajig upgrade
sudo wajig dist-upgrade

Now it's time to install everything related to one of my most important tools, ssh:

sudo wajig install ssh denyhosts molly-guard sshfs yafc keychain
sudo -e /etc/ssh/sshd_config

I modify /etc/hosts to assign shortcuts to several of my most-used machines.

I set "PermitRootLogin no" (even though I don't have a root password, so no one could login as root anyway), and "PasswordAuthentication no" to disable login by password altogether -- it'll require public key authentication.

sudo adduser zed fuse

sshfs is an amazingly useful tool that lets you mount remote filesystems over ssh so they're transparently accessibly as if they were local. But you have to add yourself to the fuse group (and it won't take until you logout and log back in.) I like to drop this in /usr/local/bin/mkmnt as a convenience to make the mount points I'll use with it:

#!/bin/bash
for i in $@
do
mkdir /mnt/$i
chown root:fuse /mnt/$i
chmod 775 /mnt/$i
done

Finally:

sudo chown root:fuse /mnt
sudo chmod 775 /mnt

I used to configure denyhosts to make it more restrictive and quicker to ban, but I don't bother anymore. The defaults are reasonable. molly-guard is there to prevent accidentally shutting down or rebooting my machine when I'm logged in remotely. yafc is a much-improved sftp, with tab-completion. And keychain lets me type my ssh private key password just once. I just add this to my .bashrc:

eval `keychain --eval --nogui -Q -q id_rsa`

And I install my private and public keys in my .ssh directory.

Now we're ready to install X.

sudo wajig install hal xorg nvidia-glx-185 nvidia-settings xdm msttcorefonts ttf-liberation ttf-droid xscreensaver

This gets you a whole raft of video and input packages, most of which you don't need, but is a lot faster and easier than picking out the ones you do.

Now it's time to start building packages from source.

sudo wajig install build-essential automake m4 subversion git-core fakeroot checkinstall libtool texinfo texinfo-doc-nonfree manpages-dev
sudo wajig build-depend ratpoison
sudo wajig build-depend rxvt-unicode-ml

I like to do my building from source under /usr/local/src, so I'll make that a little easier:

chmod -R root:admin /usr/local
chown -R 775 /usr/local

First, ratpoison:

cd /usr/local/src
git clone git://git.savannah.nongnu.org/ratpoison.git
cd ratpoison
autoreconf
automake --add-missing
autoreconf

I put a patch of my own into title_changed.patch, and apply it, then build the Debian package:

patch -p1 < title_changed.patch
fakeroot debian/rules binary

This drops a .deb into /usr/local/src, and I install it:

cd /usr/local/src
sudo wajig install ratpoison_1.4.6~git-0_i386.deb

Next comes rxvt-unicode. I'm still in /usr/local/src...

wget http://dist.schmorp.de/rxvt-unicode/rxvt-unicode-9.07.tar.bz2
tar xjf rxvt-unicode-9.07.tar.bz2
cd rxvt-unicode-9.07
./configure --prefix=/usr
make
sudo checkinstall --fstrans=no

I use the name 'rxvt-unicode-ml', the same as Ubuntu normally uses for the full rxvt-unicode, the description 'rxvt-unicode-ml', and the version '9.07-1source'. Per the contents of urxvtc's man page, I put this in /usr/local/bin/urxvt:

#!/bin/sh
urxvtc "$@"
if [ $? -eq 2 ]; then
urxvtd -q -o -f
urxvtc "$@"
fi

And that's what I define as my x-terminal-emulator:

sudo update-alternatives --install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/local/bin/urxvt 99

Now I can remove xterm. This'll take the xorg metapackage with it, but that's fine -- it's just a metapackage and all the stuff it installed will still be there.

sudo wajig remove xterm

Oh, so close. Now, per the xsession man page, I put this in /etc/X11/Xsession.d/35×11-custom_xmodmap --

SYSMODMAP="/etc/X11/Xmodmap"
USRMODMAP="$HOME/.xmodmap"

if [ -x /usr/bin/X11/xmodmap ]; then
if [ -f "$SYSMODMAP" ]; then
xmodmap "$SYSMODMAP"
fi
if [ -f "$USRMODMAP" ]; then
xmodmap "$USRMODMAP"
fi
fi

Then I populate /etc/X11/Xmodmap, ~/.Xresources, .ratpoisonrc, and put this in .xsession:

xscreensaver-command -exit
xscreensaver &
x-window-manager

And now we're ready to run X. It's that easy.

sudo invoke-rc.d xdm start

I edit .xscreensaver to set 'splash: False', and run

xscreensaver-demo

so I can set the Mode to 'Blank Screen Only', turn on Display Power Management, and turn off 'Fade to Black when Blanking'. There are many beautiful xscreensaver hacks, but some of them create appreciable system load. I'm running it for security.

OK, now for some miscellany. apt-file can do some tricks wajig can't.

sudo wajig install apt-file
sudo apt-file update

most is my preferred pager.

sudo wajig install most
sudo update-alternatives --config pager

Really, the whole point of the exercise is Emacs.

sudo wajig install emacs23 emacs-goodies-el python-mode yaml-mode

I like Ruby, Perl, and Nethack. Someday I will ascend.

sudo wajig install ruby-full ruby-elisp rubygems perl-doc nethack-el

Some other important command-line tools:

sudo wajig install screen ack-grep

ack-grep's intended name is ack, but that's taken in the Debian world, so I uncomment this in the default .bashrc:

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

And into .bash_aliases goes:

alias ack="ack-grep"

Being able to unpack things is good:

sudo wajig install atool unrar unzip

Put this in ~/.atoolrc:

use_rar_for_unpack 0

The web is pretty important:

sudo wajig install firefox epdfview privoxy

Privoxy is a filtering web proxy.

cd /tmp
wget http://neilvandyke.org/privoxy-rules/neilvandyke.action
sudo mv /tmp/neilvandyke.action /etc/privoxy
sudo -e /etc/privoxy/config

Between actionsfile default.action and actionsfile user.action, I add:

actionsfile neilvandyke.action

In user.action, I add some more sites, as well as define some sites on which to not block ads.

I get the Flash 10.1 beta:

cd /tmp
wget http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_1_p3_linux_022310.tar.gz
tar xzf flashplayer10_1_p3_linux_022310.tar.gz
mkdir ~/.mozilla/plugins
mv libflashplayer.so ~/.mozilla/plugins

Sound starts out set to zero, so I need alsamixer to turn it up:

sudo wajig install alsa-utils
alsamixer

Get and install the forbidden packages:

cd /tmp
wget http://packages.medibuntu.org/pool/non-free/w/w32codecs/w32codecs_20071007-0medibuntu5_i386.deb
wget http://packages.medibuntu.org/pool/free/libd/libdvdcss/libdvdcss2_1.2.10-0.3medibuntu1_i386.deb
sudo wajig install w32codecs_20071007-0medibuntu5_i386.deb
sudo wajig install libdvdcss2_1.2.10-0.3medibuntu1_i386.deb

Install the fonts from Powerpoint.

Monitoring is good. This includes:

sudo wajig install lm-sensors htop iftop iotop hddtemp smartmontools

Virtual machines are fun.

sudo wajig install qemu kvm

Downloader helpers.

sudo wajig install transmission-cli axel

Multimedia.

sudo wajig install mplayer-nogui flac vorbis-tools vorbisgain feh

Into every life some Microsoft Word docs must fall.

sudo wajig install antiword

Keep the computer time synced with atomic clocks:

sudo wajig install ntp
sudo -e /etc/ntp.conf

I remove the 'server ntp.ubuntu.com' line and replace it with:

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

I like TeX, and LaTeX, and ConTeXt and printing things.

sudo wajig install context texlive-latex-extra gv texlive-latex-extra-doc texlive-latex-base-doc cups-client texlive-latex-recommended texlive-latex-recommended-doc

That may seem like a lot, and it is, but it's still not much compared to texlive-full.

I just need a client to a Cups server running elsewhere on my local network, so I just need to populate /etc/cups/client.conf:

ServerName hostname_of_cups_server

I want to access a Samba server on my local network, so:

sudo wajig install smbfs
mkmnt smbmountpoint

I add this to /etc/fstab:

//smbhostname/Volume_1 /mnt/smbmountpoint cifs credentials=/etc/smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm 0 0

/etc/smbcredentials is of the form:

username=smbusername
password=smbpassword

Then I just:

sudo mount -a

I've skimped on configuring Firefox, Emacs, urxvt, and on talking about the contents of my .Xresources, .Xmodmap, and .ratpoisonrc, as well as the other little scripts I put in /usr/local/bin. Maybe next time.

Posted by Zed at 9:09 PM | Permalink | Comments (0)

The Debian installer (which I've been using with the Ubuntu Alternate Install CD for years) makes it easy to set up whole disk crypto with cryptsetup, LUKS, and LVM. So easy that it's easy to forget how to get to the info when you're not longer booting the disk, but are accessing it in an external drive. So here's a reminder of how to do it when it's LVM over a LUKS encrypted partition. ls dev or dmesg to get the device name of the encrypted partition. Let's say it was /dev/sdb1.

sudo cryptsetup luksOpen /dev/sdb1 arbitraryname

sudo lvscan

This'll give you the name of the logical volumes as they were originally set up. Let's say the one you're interested in was /dev/myvolumegroup/root.

You're almost there; all you have to do is make a mount point, e.g., /mnt/lvroot and:

sudo mount /dev/myvolumegroup/root /mnt/lvroot

Ta da.

Updated: One may have to load some kernel modules before the luksOpen, e.g.,

modprobe dm_mod
modprobe dm_crypt
modprobe aes

And mark the logical volume and/or volume group active:

lvchange -ay logical_volume_name
vgchange -ay volume_group_name

Posted by Zed at 3:12 PM | Permalink | Comments (0)

I've been frustrated with Firefox grinding to a halt over time, and needing restarting. I've heard tell that Google's Chromium browser is much faster on Linux, so I thought I'd try it.

It took as long as the first time I tried to type something in a text field to be bit by this bug. The X Window System supports essentially a second shift key, called mode_switch. The other keys can have different definitions for all four of their unmodified, shifted, mode_switched, and shifted and mode_switched meanings.

So far as I know, most distributions don't do anything with them by default, but I use them extensively to provide, among other things, a set of cursor keys under my fingertips, without requiring moving my hands.

In Chromium, it's as if mode_switch is being held down all the time, so those keys can only produce the cursor movement, and not their normal text values, leaving me with half my keyboard missing.

A developer has marked it WontFix, saying it was a gtk problem that's been fixed in more recent versions. It's a problem that doesn't occur in any other gtk app; the gtk bug the developer cited as responsible is clearly unrelated; and I tried updating my gtk with no effect.

I'll try delving into the code myself, but this is the extent of my gtk experience.

Posted by Zed at 12:50 PM | Permalink | Comments (0)

I have the Civilization IV: the Complete Edition DVD sans DRM. It works pretty well under Wine. But this is what it took (Ubuntu 8.10, aka Intrepid):

I find it makes life easier to segregate my Wine apps, so first steps were:

export WINEPREFIX=/usr/local/civ
winecfg

There, I set Wine to also consider /usr/local/civ to be where my My Documents folder was, so the game would create its "My Games" folder there instead of under my real Linux home directory.

Wine 1.1.22. It failed with Wine 1.1.23, the current development release.
Used winetricks to install d3dx9 and msxml3
Needed this to get around a stupid sound bug:

mkdir -pv $HOME/.kde/socket-$HOSTNAME

Then just running

wine setup.exe

on the file at the top level of the DVD did the rest. I selected "custom install" so I could set a less long, obnoxious installation path than the default. I installed the just-released Beyond the Sword 3.19 patch.

I put Blue Marble on top of that, and ran vanilla Civ, Warlords, Beyond the Sword, and Colonization once each to create the appropriate folders under My Games, and to set the graphics and audio options to my preferences.

I edited each of the CivilizationIV.ini files in their respective directories under the installation directories to set NoIntroMovie = 1 and EnableVoice = 0. (The first is just by preference; the intro movies worked fine. The default EnableVoice = 1 resulted in a warning under Warlords, but not the others. Strange.) It didn't work to set these just in the CivilizationIV.ini files under My Games, which I would have thought was the point.

Finally, I backed up the results so I won't have to do all that again when I inevitably screw something up while playing with mods.

The startup scripts are simply like this:

#!/bin/bash
WINEPREFIX=/usr/local/civ 
/usr/bin/wine /usr/local/civ/drive_c/Program\ Files/civ4complete/Civilization4.exe $@

Everything but a few cosmetic details works. Unit health bars don't, city progress bars on the main map don't (this can be ameliorated by requesting detailed city info in the options), the cursor animation doesn't work, so it doesn't turn into a little spinning globe when you're waiting. So far as I can tell, everything else works. (And my words are backed by a Holy Roman spaceship at Alpha Centauri.)

Posted by Zed at 5:21 PM | Permalink | Comments (1)

Well, that's odd... (ruby 1.8.7)

irb(main):021:0> '\\' + 'x'
=> "\\x"
irb(main):022:0> "x".gsub("x",'\\' + 'x')
=> "\\x"
irb(main):023:0> '\\' + '&'
=> "\\&"
irb(main):024:0> "&".gsub("&",'\\' + '&')
=> "&"

Posted by Zed at 6:36 PM | Permalink | Comments (0)

Recently, I’ve had a crush on the computer lcd front panel displays you can find here or here. But they’re either tiny or expensive.

I remembered a project to let you use a Palm in its cradle as an LCD display. PalmOrb has been orphaned since 2005, and, as of the last version, indicates you’re on your own with USB Palms (which are the only ones I have left.) It actually worked decently with LCD4Linux. But it only left you with a tiny block of text, and it was harder than I’d like to customize the output.

So I tried simply running ptelnet, a Palm telnet app, to make a serial connection, and running a script that wrote to /dev/pilot (I had the visor module loaded), clearing the screen every minute (with VT100 escape codes) and sending status info.

It works pretty well, but the text is tiny, with no way to change the size. Anyone know of an alternative to ptelnet to just receive data from the serial connection and display it, that allows you to change fonts?

Posted by Zed at 10:14 AM | Permalink | Comments (0)

I'm much happier with this combination. /usr/local/bin/editor is:

/usr/local/bin/editor2 is:
#!/bin/bash
EMACS=/usr/bin/emacs
EMACSCLIENT=/usr/bin/emacsclient
SOCKET=/tmp/emacs`id -u`/server

$EMACS --daemon

count=25

while [ $[ count-- ] -gt 0 ]; do
if [ -e $SOCKET ] && [ ! (lsof $SOCKET &> /dev/null) ]; then
$EMACSCLIENT -c "$*"
break
fi
sleep .2
done

Among the advantages here over the old one:

emacs --daemon is only run if emacsclient can't find a socket, as opposed to emacsclient encountering any error

The old one slept for 1 second after launching the daemon. This was occasionally too short, but usually too long. This one checks for the socket five times a second, and gives up after five seconds. (There are imaginable race conditions that could give undesirable results, but I don't expect to ever actually encounter them.)

Posted by Zed at 7:02 AM | Permalink | Comments (0)

A nifty feature in the current development version of Emacs (now available in a pretest release candidate) is that you can start it as a daemon, to which graphical and terminal clients alike can attach. A not so nifty lack of feature is there being no easy standard way to do the obvious: launch a client if the daemon's running; if it's not, start the daemon, and then launch the client. So everyone cobbles together their own. Here's mine, which cribs from here.

#!/bin/bash
if [ -z $DISPLAY ] ; then
OPT="-t"
else
OPT="-c"
fi

if [ -z "$*" ]; then
OPT="$OPT -e (raise-frame)"
else
OPT="$OPT $@"
fi
emacsclient $OPT 2>/dev/null || (
(emacs --daemon)
sleep 1
emacsclient $OPT)

I have that as /usr/local/bin/editor. To stop emacs nicely, and get prompted to save unfinished business, I have another script with:

/usr/local/bin/editor -e '(save-buffers-kill-emacs)'

Posted by Zed at 2:24 PM | Permalink | Comments (0)

1. Make sure your CPU supports virtualization (you may have to turn it on in the BIOS)

   cat /proc/cpuinfo |egrep '(svm|vmx)'

   If you get no response, it doesn't. A response means you're good to go.

2. Download the Ubuntu Intrepid Beta alternate install CD

3. install qemu and kvm

   sudo apt-get install qemu kvm

4. create the disk image that will serve as the virtualized intrepid's hard drive

   qemu-img create -f qcow2 intrepid.img 6G

5. start the vm, booting the Intrepid CD

   sudo kvm -cdrom ubuntu-8.10-beta-alternate-i386.iso -hda intrepid.img -boot d -m 256M

6. Hit F4 to choose a command-line install; go through the installation.

7. When the installation finishes and reboots, kill the VM. Restart it with:

   sudo kvm -hda qemu/intrepid.img -boot c -m 256M -redir tcp:2222::22 &

8. In the VM, turn off apt-get automatically installing recommended packages

   echo 'APT::Install-Recommends "false";'|sudo tee /etc/apt/apt.conf

9. In the VM, Edit /etc/apt/sources.list to point to the closest mirror

10. In the VM, Bring yourself up-to-date and install openssh-server

    sudo apt-get update sudo apt-get upgrade sudo apt-get install openssh-server

11. On your real machine, ssh into the VM.

    ssh -p 2222 username@localhost

12. Have fun with your new virtual Intrepid.

Posted by Zed at 10:11 PM | Permalink | Comments (1)

I’m a fan of the rxvt-unicode terminal emulator, but it has one problem: it sometimes spaces xft fonts badly, with conspicuous gaps between the characters, making for fewer characters per line.

Looking into alternatives, I found that the GTK library includes vte, a terminal emulator widget that a bunch of terminal emulators use. And they all look good, but had a drawback I couldn’t live with: none of the ones I tried recognized my Meta-keys, which I’ve grown used to using for command-line editing in my shell.

vte, along with the Ruby GTK bindings, makes life so easy, I just rolled my own. This is just the Ruby vte demo program that comes with the bindings with a couple of lines added to handle Meta-keys.

require "vte"

window = Gtk::Window.new("Terminal sample")
window.signal_connect("destroy"){Gtk.main_quit}

vte = Vte::Terminal.new
vte.set_font("DejaVu Sans Mono 16", Vte::TerminalAntiAlias::FORCE_ENABLE)

Gtk.key_snooper_install {|t, e| 
  vte.feed_child("\e")  if e.state.meta_mask? and e.event_type == Gdk::Event::KEY_PRESS
}

vte.signal_connect("child-exited") do |widget|
  Gtk.main_quit
end
vte.signal_connect("window-title-changed") do |widget|
  window.title = vte.window_title
end
vte.fork_command
window.add(vte)
window.show_all

Gtk.main

Posted by Zed at 7:12 AM | Permalink | Comments (0)

I recently learned about netselect-apt, a Debian package to find the fastest Debian mirror. Ubuntu Hardy includes it, but it's worse than useless -- it's still hard-coded to work with Debian. But it's easy enough to reproduce its essential functionality.

sudo apt-get install netselect
wget --no-check-certificate -O mirrors https://launchpad.net/ubuntu/+archivemirrors
sudo netselect -v -s 5 $(perl -F'"' -ane 'print "$F[1] " if (/United States/ .. /highlighted/) && /http/' mirrors)

That gives the top 5 (from fastest to slowest) in the US using http. It should be reasonably clear how to adjust the number returned, the country, or the protocol (which could be 'ftp' or 'rsync'.) It erroneously considers canonical.com a mirror in Viet Nam (it fails to find the end correctly for the last country in the list), but there's only one mirror in Viet Nam, and this is a quick hack, so I can live with that.

Posted by Zed at 7:18 PM | Permalink | Comments (0)

I don't use a desktop environment; I use an antidesktop environment featuring the ultra-minimalist ratpoison window manager and the ultra-maximalist Emacs.

It makes me grumpy when applications depend on installing huge portions of Gnome or KDE. So I was never thrilled with the PDF viewer choices.

ghostview and xpdf are good tools, but ugly, and they don't natively talk to CUPS print servers. evince and kpdf want to install huge portions of Gnome and KDE, respectively. I haven't tried acroread, but I scramble for alternative's to Adobe's bloated reader in Windows, so I thought I'd spare myself.

So I was happy to find epdfview, which shares some of evince's dependencies on graphics libraries without the gratuitous dependencies.

But there was a catch: Ubuntu 8.04's binary package doesn't include CUPS support, for no apparent reason (there's already a bug filed.) The good news is that you can build it yourself.

So I'm now a happy viewer and printer of PDFs while still avoiding having dbus, gamin, bonobo, etc., installed.

Posted by Zed at 10:16 PM | Permalink | Comments (0)

The forthcoming Ubuntu release, 7.10, the Gutsy Gibbon, is scheduled for release next month, 10/18. I recently tried installing it, and quickly encountered this bug, reported as fixed yesterday.

Ubuntu had inherited from Debian a problem whereby network interfaces' names can be inconsistent from one reboot to the next. The installer identified my mobo's wired network interface as eth1. On rebooting, the OS decided it was eth2, but /etc/network/interfaces had been configured to use the (now non-existent) eth1, hence no network.

In days' past, I've used /etc/iftab to ensure it didn't recur, but, apparently, as of Gutsy, this approach is deprecated, and the shiny new method is to use udev.

I then spent much time bashing my head against trying to arrange to boot into an encrypted root filesystem within an LVM2 logical volume on an encrypted LUKS partition, similar to this but using yaird to create the boot image. This is something I've done in the current Ubuntu release, Feisty. But I ran into a couple of bugs in Gutsy's yaird package. (The trivial one also existed in Feisty, but I didn't report it then.)

It'd be nice if Ubuntu offered an encrypted root installation option like Debian Etch, but I'd probably want enough things different from any set of options offered to end up doing it manually anyway.

I'm pretty sure I know how to fix the problem now. But I haven't had the time to take another crack at it, so my first look has been stalled here.

Maybe when I'm done, I'll write yet another encrypted root howto.

Posted by Zed at 6:56 AM | Permalink | Comments (0)

Pocahontas had some little webcam she'd gotten a while ago as a promo item for signing up with an ISP. For a while, I've had in the back of my mind to use it to build a LavaCan. Because, you know, every home needs a cryptographically secure source of random numbers in hardware. Well, it seems like people were lucky to get this camera working with an allegedly supported OS. This guy heroically analyzed the signal between the PC and the webcam and came up with some sort of picture, but his write-up falls short of providing code.

Oh well. The Weecam's off to the Alameda County Computer Resource Center, and I'll give iwrandom a try. (But a webcam in the dark is so much cooler, drat it.)

Posted by Zed at 7:18 AM | Permalink | Comments (0)

It seems that Debian packages and Ruby gems don't play nicely together. I had apt-get installed rails, and my first attempt to use a rails app (someone else had written) blew up because it had an internal check for a Rails gem of a certain version. Since my Rails hadn't been installed as a gem at all, it immediately failed.

So far as I can read on the Interwebs, most people facing this install rubygems as root, and do their subsequent gem installs as root, letting them write wherever in the filesystem they like.

That makes me queasy. I don't want to mix two package systems in the same environment.

So here's how I installed ruby/rubygems/rails in Ubuntu 7.04, with all gems under /usr/local.

Following the ruby1.8 package's own instructions for a full Ruby 1.8 distribution:

sudo apt-get install ruby1.8 ruby1.8-dev ri1.8 rdoc1.8 irb1.8 ruby1.8-elisp ruby1.8-examples libdbm-ruby1.8 libgdbm-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8

I assign ownership of /usr/local and everything under it to the admin group, and make /usr/local and its subdirectories group-writable (per Ubuntu's defaults, my primary login, which I created during installation, is a member of the admin group.)

sudo chown -R root:admin /usr/local 
sudo chmod 775 /usr/local /usr/local/*

I get and install rubygems.

mkdir /usr/local/lib/rubygems
export GEM_HOME=/usr/local/lib/rubygems
cd /usr/local/src
# as of this writing, the latest rubygems from http://rubyforge.org/frs/?group_id=126
wget http://rubyforge.org/frs/download.php/20989/rubygems-0.9.4.tgz
tar xzf rubygems-0.9.4.tgz
cd rubygems-0.9.4
ruby setup.rb config --prefix=/usr/local
ruby setup.rb setup
ruby setup.rb install

I add the following to my .bashrc, but you'll want them in any environment using gems. With multiple users on a system, you might want to put this in /etc/bash.bashrc.

export GEM_HOME=/usr/local/lib/rubygems
export RUBYLIB=/usr/local/site_ruby/1.8
export RUBYOPT=rubygems
export PATH=$PATH:/usr/local/lib/rubygems/bin

The grand finale:

source .bashrc # or wherever you put them
gem install rails --include-dependencies

It's that easy!

References:

• Installing Rails and Mongrel on a Shared Host
• Ruby on Rails on Debian
• RubyGems User Guide, Ch. 3

Posted by Zed at 10:22 PM | Permalink | Comments (1)

I enjoyed this take on an Emo Philips joke (found on the Church of Emacs page.)

I asked my email-pal: "UNIX or Windoze?". He replied "UNIX". I said "Ah...me too!".

I asked my email-pal: "Linux or AIX?". He said "Linux, of course". I said "Me too".

I asked him: "Emacs or vi". He replied "Emacs". I said "Me too. Small world."

I asked him: "GNU Emacs or XEmacs?", and he said "GNU Emacs". I said "oh, me too."

I asked him "GNU Emacs 19 or GNU Emacs 20"? and he said "GNU Emacs 19". I said "oh, me too."

I asked him, "GNU Emacs 19.29 or GNU Emacs 19.34", and he replied "GNU Emacs 19.29". I said "DIE YOU OBSOLETE NOGOOD SOCIALLY MALADJUSTED CELIBATE COMMIE FASCIST DORK!", and never emailed him again.

Ubuntu Linux 7.04 beta, GNU Emacs 23.0.0.1 alpha, with Xft support. But I'm reformed -- any Linux or BSD distro and Emacs flavor is OK by me. (Everyone else can DIE!)

Posted by Zed at 11:25 PM | Permalink | Comments (3)

The default individual entry archive template includes a block of template markup for posting comments... but that block doesn't support Typekey authorization. You need to boost the markup from the comment preview template.

The text boxes on the edit entry page are tiny little things, because mt-static/styles.css is missing an entry for the full-width class. This can be fixed by putting this in your mt-static/user_styles.css:

Posted by Zed at 8:08 AM | Permalink | Comments (0)

This security professional is so paranoid that Bruce Schneier thought he had to be kidding.

And for Bruce Schneier, SHA-1 is merely a compression algorithm.

Posted by Zed at 6:54 AM | Permalink | Comments (0)

The truth about Lisp:

If you're good enough to use lisp, you'll soon be frustrated with lisp. Lisp is not an adequate lisp. By the time my bus had made it two blocks I'd written some simple lisp macros that were so powerful they made lisp completely obsolete and replaced it with a new language. Fortunately, that new language was also called lisp. And i was able to prove, mathematically, that the new lisp i'd created was both far superior to lisp in every conceivable way, but also exactly equivalent to lisp in every possible way. I was very excited by this. But also found it very boring.

Posted by Zed at 6:09 AM | Permalink | Comments (0)

Computing square roots through subtracting half the operand from a magic constant actually works tolerably well.

It brought to my mind the treacherous optimization of grep.

Posted by Zed at 6:37 AM | Permalink | Comments (0)

Keeping your life in subversion is a really good idea I really should implement.

Posted by Zed at 6:48 AM | Permalink | Comments (0)

When I first heard of FIOS, Verizon's fiber-optic Internet service provision, I was amazed: 15 Mbps downstream and 2 Mbps upstream for $44.95 a month? But the devil's in the details.

The consumer offers do not permit customers to host any type of server, personal or commercial.

And they block port 80 and inbound port 25, the standard ports for HTTP and SMTP.

Too many things could be accurately termed servers for this to be meaningfully enforced without outraging all of their customers. Allow remote desktop connections in Windows XP Pro, and you're running a server.

Nearly anything useful you could do with any significant percentage of that upload speed could be described as operating a server. Clearly, they have no intent of enforcing the rule to the letter, or they'd be forbidding a lot of things that most of their customers want.

But it gives them a means of cracking down on anyone daring to actually make use of that upload speed.

This is false advertising + plausible deniability.

Posted by Zed at 6:02 AM | Permalink | Comments (0)

I am scheduled to take Edward Tufte's Presenting Data and Information one-day class in San Francisco in December.

Envy me.

Here's a story about two Sun engineers showing a new UI to Tufte.

We were very proud of our user interface and the fact that we had a way to browse 16,000(!!) pages of documentation on a CD-ROM. But browsing the hierarchy felt a little complicated to us. So we asked Tufte to come in and have a look, and were hoping perhaps for a pat on the head or some free advice.

He played with our AnswerBook for about 90 seconds, turned around, and pronounced his review:

"Dr Spock's Baby Care is a best-selling owner's manual for the most complicated 'product' imaginable -- and it only has two levels of headings. You people have 8 levels of hierarchy and I haven't even stopped counting yet. No wonder you think it's complicated."

Oh.

Posted by Zed at 6:05 AM | Permalink | Comments (0)