Helping out others in time of crisis

Well, last night was an "interesting" night. I guess it's one way to put it.

http://lcn.canoe.ca/lcn/infos/faitsdivers/archives/2008/12/20081226-081125.html

I was with girlfriend, in her family. A fire started in the house immediately next to the one we were in -- a duplex. We evacuated.

Fortunately, everyone in our family got out, and it looks like the family in the other house got out safely too. However, it brought me to notice how nice it is to have friendly neighbors who are ready to give you a hand in those sad moments. A lot of neighbors kindly offered their help, invited us in to get warm. That was really the spirit of Christmas, helping out those in need and getting to know people you maybe see everyday, but probably only say hi to every once in a while.

For me, it wasn't too bad a night -- I mean we only moved to car to let the firefighters have some room to work, and then we had to wait about four hours for them to finish up, move the trucks and remove the safety perimeter before my girlfriend could get her boots from the house, and we could go home. However, I can imagine the distress of the occupants, who either lost everything, or came very close to.

Good news, my girlfriend's family's house had very minimal damage to the roof, and maybe to slight water issues because of the work that was done on the other side. Still, all the best for them. They've gone through a lot, and they have all our support.

Thing is, from now on I'm guessing we'll be carrying a few little supplies in the trunk of the car... A warm blanket comes to mind, and well as a first aid kit.

Why Ubuntu is important to me

Well, maybe I'm a little late with all of this, but I do invite you to read Jono Bacon's great post "The Ubuntu Ethos", as well as Daniel Holbach's take on the subject: "Why I believe in Ubuntu".

As for my part, I'll have to go with the same answers as them. It's just really stimulating to see all the work that we can put together when working as a community. Sure, there is room for improvement, sometimes things are a little ugly, but overall everybody does a great job. In Ubuntu-QC for example, there is a clear motivation to help out people, and that's nice to see. Just about everywhere else, I see the same drive to make a difference, to help out those who hope for something better (by showing them about our wonderful distro!) and to support those who are just having trouble with one or two little details on their system.

I also feel that drive, and it's great to see that people are recognizing it and are happy to see our interest in their software, in Ubuntu, and in free software in general.

And even more importantly, it's nice to have a nice community you can go have a beer with every once in a while, and talk about those weird computer things that interest us.

As David Thomas so nicely put it in his post on the subject, learning about Ubuntu has been the catalyst to doing more, or at least finding out where to start. I had been wanting to participate more in free software, and as I learned about Ubuntu I also learned how I could make a difference, and found a great opportunity to contribute where it matters, where you've got a friendly atmosphere to work in, and where what you can do to help is clear and goals are attainable.

De vieilles nouvelles, mais quand même...

Bon, j'avoue, c'est pas du nouveau. J'ai juste pas entendu parler de ca auparavant, et je pense que c'est quand même un bon truc à savoir.

Ici, au Québec, le gouvernement accordait directement à Microsoft, sans appel d'offres, des contrats logiciels. Deux organismes/entreprises se sont réveillés, soit l'organisme FACIL et l'entreprise Savoir-Faire Linux, pour amener un cour le gouvernement sur ce point et les réveiller un peu.

http://facil.qc.ca/fr/media/20080827-facil-conteste-les-pratiques-gouvernementales
http://www.qctop.com/actualites/logiciel-libre-cour-gouv-qc.htm

Je n'irai pas dans les détails puisqu'ils sont lisibles dans les liens ci-haut, mais c'est un excellent point à apporter, d'autant plus que le gouvernement devrait encourager l'industrie informatique locale...

Sur un autre point tout aussi "vieux" comme nouvelles, il existe un pacte signée par les députés de différents partis sur le support du logiciel libre. D'un certain côté, c'est très bien que plusieurs députés l'aient déjà signée, mais c'est quand même triste de constater que la majorités sont soit du Parti Vert, soit de Québec Solidaire. Les autres devraient peut-être se réveiller un peu... Le lien est ici: http://facil.qc.ca/fr/PacteduLogicielLibre

Il y a également une pétition, accessible à tous, pour l'utilisation du logiciel libre par le gouvernement du Québec.

Ceci dit, visitez le site de la pétition, signez-là, et tentez d'en parler avec votre député et de l'amener à la signer, ainsi que le Pacte du Logiciel Libre!

A coalition?

Politics here in Canada are just really fucked up -- sorry for the wording, I can't find any better way to explain it.

So what's gotten to people and wanting to just replace the government like that? What about those who are somewhat happy with the outcome? Yes, maybe they hoped for something else, better, but the votes have brought this result.

At the same time, the Conservatives are not the actual majority: Harper was named PM because his party had more elected MPs than the other parties, but on the whole, they are still fewer than the sum of the opposition MPs if you put them all together. As such, I am supporting the coalition idea because it stands as an effort to keep the MPs representing the majority in the position of power. It's not things to be taken lightly, certainly not something that should happen too often, but it currently seems like the right thing to do. Some of the horrible, horrible moral views of the Conservatives will be kept away, and if given a chance, maybe a coalition will be able to change things for the better -- and not only economically.

And no, I certainly don't prefer Dion to Harper. The mix of ideas and views is what I'm looking for, rather than a specific party or leader. All the parties have some good ideas... just like they all have some horribly flawed views too.

Oh and please, PLEASE! Stop this madness of elections almost every year. The X just gets harder to draw every time.

The year is almost over...

I read Stephan Hermann's post today on his blog, that I saw on Planet Ubuntu. I think he pretty much hit the nail right on the head, especially with his quotes from Tom Limoncelli's excellent book: Time Management for System Administrators (ISBN-10: 0-596-00783-3 / ISBN-13: 978-0-596-00783-6)

I won't re-copy the excerpts he quoted, but it essentially stood for saying that system administrators, at least in the majority, are tinkerers, and have a hard time separating work from personal life -- everything seems to blur into one major problem-solving challenge, just endless puzzles from the point you wake up until when you go to sleep. In any case, it is the case for me. I'll just work my full day, solving different usual or just completely new problems, only to come back home to tackle on some open source project that fascinates me, or to play on my computer. I've even witnessed the same kind of thing happening when some friends come over with laptops, or when me and my SO just sit in bed with our netbooks, chatting or, in my case, working away at something that caught my attention on that day.

Anyway, I already started, last year, to pay more attention to time management, and having read the book, there's many tricks I still haven't applied to my life. It's great because each work independently, but I'm still going to give it more effort and integrate some of the really nifty little ideas to managing my time more effectively for the upcoming year.

As for giving out details on my other plans for 2009:

In company life, I've been at my current workplace for nearly 4 years now. I still very much enjoy everything I do, especially when I consider that not all places are necessarily as open, as stimulating and interesting to work in, and always full of totally new projects to tackle. It seems like here, things are ever-changing and there's always something new to learn. That's great: I love to learn. For the upcoming year, looks like there are still more new interesting projects to come, and I also have ideas of my own. I want to improve the network in a large scale, especially from the aspects of monitoring and administration tools.

In terms of my personal life, little has changed for a while now -- things are going on just fine, and it's especially great to have been able to re-unite with an old friend, and learn that he's a hardcore geek too ;)

In opensource, thanks to this "new" old friend, I'm planning on spending a lot of time on various little projects. One that should take a good amount of my time is to build a point-of-sales system for the KDE platform -- the details aren't set in stone yet, we're still looking at bringing in ideas, finding out what are the best tools for the job, etc.

I'm also still spending a good amount of time on NetworkManager, and I like to play around with Terminator too. Terminator was a fun little project to look into, and as I stated in a previous post, I was able to adapt a cool feature from a previous version in someone's Bazaar branch, bring it in my own, and make it work with Terminator's latest source (again from bazaar). That was a great new crutch for improving my understanding and skills in Python.

From reading Stephan's blog post, it seems I may need to look into Leonov as well. Looks like a very nice tool, also in Python, so I will definitely at least give it a test run. Maybe I can even find some cool ways to contribute to it too, even with my somewhat limited knowledge of Python.

Ah, and thanks to Fabian Rodriguez for creating a new team specifically for the Ubuntu Quebec Launchpad Answers contacts. It's true that we were getting a lot of messages from Launchpad Answers, and I'm guessing that not everyone wanted to have to deal with this. Anyway, I've already applied and I've been accepted to join that team, and I'll still do my best at answering any questions that come up. So if you're using Ubuntu, have questions about a feature, or how to do something (especially if you want to ask it in French!), drop by Launchpad and ask away! There's lots of very talented and understanding people ready to help you out.

Un nouveau blog?

Intéressant. Le CTO de la compagnie où je travaille vient de lancer un nouveau blog. C'est pas mal, reste à voir si il y aura des mises à jour...

En tout cas, c'est certainement un pas dans la bonne direction, si on peut avoir davantage de détails sur les idées des hauts dirigeants de l'entreprise, sur leurs perspectives de la situation économique, et de ce qui se passe du côté de la direction générale que prend l'entreprise. Le blog n'est pas public, seulement accessible (du moins pour le moment), aux employés via un site Intranet. Ca m'a fait un peu penser aux weblogs, par exemple, de Mark Shuttleworth (CEO de Canonical) ou Jonathan Schwarz (CEO de Sun), qui ont aussi des weblogs, pour ne nommer que ceux que j'ai bel et bien lus.

Ce qui me surprendrais, mais me donnerais vraiment un boost de motivation par contre, ce serait de voir qu'on a un "militant" du logiciel libre parmis la direction, ou la haute direction... Ceci dit, je suis pratiquement certain que ce n'est pas le cas. :)

Status update

Not much to say here. I've been working for some time at the adaptation of a patch to Terminator (a GNOME terminal wrapper that supports panning), and quite a lot of time on NetworkManager's VPNC plugin still, which seems to still give me some issues. The goal is mostly to adapt the plugin to mimic some of the features of the OpenVPN plugin, where the auth dialog goes to read some GConf keys, but so far I seem to run into ugly SegFaults, or other errors, and I'm still kind of tracking them down, although I haven't spent too much time on that, since I've bought an Xbox. Fixing those should be done fairly soon, and there should be a nice update to network-manager-vpnc on my PPA (and some of the still-broken code is already on my Bazaar branch). As for Terminator, my bazaar branch already has the fix committed, and my PPA has it packaged:

terminator - 0.11-2ubuntu2~ppaintrepid1

Assassin's Creed and Crackdown do seem to steal quite a lot of time from me, but it's a fun way to finish a forced vacation from work ;)

Intrepid OpenWeek day 1

This OpenWeek started off really well. An incredible amount of really interesting information, supplemented with very good questions from the audience -- truly stimulating.

I especially liked the Reporting and Fixing Kernel Bugs, Report bugs about Ubuntu, and Bazaar: Beyond The Basics talks. Not that the others didn't contain useful information: they did, and I still learned quite a lot, but the kernel, bugs, and bazaar stuff was just closer to what I had been doing recently, and answered my questions. Anyone wanting to join the MOTU team and missing these would probably look at the IRC meeting logs at https://wiki.ubuntu.com/MeetingLogs.

Given that I've started to push my work to Launchpad, for the packaging efforts and soon my patches to Network Manager, the Bazaar tips and tricks really filled a hole in my understanding of the tool, especially the difference between some of the commands I was using. I only wish there had been more information about how it ties in to packaging specifically, like more about using bzr-buildpackage, keeping debian directories or full packages in Launchpad bazaar trees, etc. I've read the documentation, but there's nothing like getting feedback from other's experiences.

Thanks to Jorge Castro and Jono Bacon, and all of the others who participated so far to realizing this great first day of OpenWeek. I can't wait for the next sessions!

MOTU bookmarks

Just because it's there and really useful, here's a great page that was put together by Tiago Faria, who is also the mastermind behind Ubuntuweblogs.org: a list of links to interest to anyone wishing to join MOTU, develop on Ubuntu, or help out with triaging, testing, or confirming bugs: http://goukihq.org/misc/bookmarks/insipid.cgi?tag=motu

Montreal Intepid Ibex release party + Ubuntu OpenWeek

Wow. Great stuff. I'm at the release party in Montreal, and there's a lot of people... Okay, by the standards of other places, we're probably just a handful at 40 people, but at least we're filling the room :) Fortunately, we've got the great talents of some support people from Canonical, as well as the guys from FACIL making CDs for people to install Intrepid on their systems. Beer is flowing too, so that's always good news :)

So, thanks to MagicFab, Drago, Etienne, Saïd, Yannick... am I forgetting anyone? For throwing this great party!

Also, thanks to Oguz Yarimtepe (I've noticed his post on Ubuntuweblogs.org) for bringing this to my attention. There's a LOT of really interesting subjects that will be discussed for openweek, and thankfully, in my timezone, all of them are at a time I can easily follow and take part in the discussions -- So I really intend to follow as many as possible of the classrooms, especially what touches to Bazaar and packaging, since those are definitely very interesting subjects to me.

Intrepid Ibex release parties

With the release of Intrepid Ibex in just two days (at the time of this writing), come the inevitable release parties.

If you're from Montreal, or the province of Quebec in general (or even if you live elsewhere and feel like meeting the people here!), feel free to show up at the Montreal Intrepid release party, which will be held on October 30th, 2008; at Bar St-Sulpice in Montreal, starting at 18h00. You'll be able to meet the people who make the Quebec (and Canada) Teams work. We can all have a beer and celebrate the truly outstanding work that's being done to bring to an unsuspecting world another great release!

And if you're from Quebec city, you should know that there is also a party there, same date and time, at Bistro Zonorange.

While you're at it, if you're from Quebec why not join the Quebec Team on Launchpad? Moreover, if you would be interested in finding a way to get.. maybe a plugin for the SRC (Radio-Canada) much like the Totem plugin for the BBC, or some other way of getting easily accessible information and broadcasting on Linux, don't hesitate to subscribe to the Ubuntu-QC mailing list.

Also, the global Ubuntu community always needs new people to help with bugs, answer questions, or document stuff.

call for testing: network-manager-vpnc update

I've been working on a patch to network-manager-vpnc to better support one-time-passwords (OTP), as suggested by Dan Williams on the NetworkManager discussion list:

http://mail.gnome.org/archives/networkmanager-list/2008-October/msg00094.html

If anyone is a little familiar with NetworkManager, and more specifically connecting to VPNs (using the VPNC plugin), then I'd really appreciate if you could test the two updated packages I've built for Intrepid; network-manager-gnome and network-manager-vpnc. Using OTPs to connect to the VPN is a plus.

Some of the major changes are in the vpn connection configuration dialog, where you can setup the type of password to use for the user password and for the group password. The options in both cases are either "Default", for the standard behavior, or static passwords that can be saved to the gnome keyring; "OTP", for one-time-passwords which will be prompted for at every connection (technically saved in the keyring if you choose to do so, but ignored and reprompted every time), or "Unused", for a password that's not actually being used in a particular connection type (I may have missed something there, this is also a case I'd like to test more thoroughly).

Along with the changes above, the authentication dialog only shows the passwords that are OTP or not in keyring, unless it is a "reprompt", in which case even known passwords are shown again, to get a chance to fix spelling mistakes.

The packages are found on my PPA, can be retrieved by using the following lines in /etc/apt/sources.list:

deb http://ppa.launchpad.net/mathieu-tl/ubuntu intrepid main
deb-src http://ppa.launchpad.net/mathieu-tl/ubuntu intrepid main

And can be downloaded separately:

network-manager-applet - 0.7~~svn20081020t000444-0ubuntu2~ppaintrepid1 (i386)
network-manager-vpnc - 0.7~~svn20081015t024626-0ubuntu2~ppaintrepid1 (i386)

If you'd prefer to apply the patches yourself, I also have them available on Launchpad, in my bzr code branch shortly: lp:~mathieu-tl/+junk/patches. I'll check it again later, bazaar is still giving me trouble.

Thanks to anyone who comments and gives me constructive criticism... :)

network-manager-vpnc regression

I may or may not have blogged about this in the past, but given the nature of my work I use network-manager, vpnc, and network-manager-vpnc a lot. I noticed recently that there was no longer an option to save the group password only in network-manager-vpnc's authentication dialog, something I had already worked on to some extent.

So I looked at it again.

This time, it's been a little more complicated. Given that the current version of network-manager-vpnc comes out of SVN, there has been major changes from 0.6.x which have forced me to revise quite a few parts of the initial patches I had found on FC8. After about 3 and a half hours of work, I can finally say that it works -- and I'm happy about it too, because I see it as a pretty nice accomplishment given that I'm a novice at tackling bugs, far from used to the way code works in Gnome, and much less in a system as complex as NetworkManager.

For those who are actually interested in the results, my patch is up on the gnome bug #363918, and also on the relevant Launchpad bug #262191.

A working (based on the tests I did, anyway) package is up on my PPA, too.

How-to fix SVN's bug 160004: corrupted file system.

My notes on the subject... The idea is generally to revert to the last sucessful commit, then work from there. It's less than ideal, but at least it's relatively safe to do, and easy.

First, find the commit that broke things:

svnlook youngest /path/to/repository

Next, check whether the commit was successful, and proceed on backwards in revision numbers until you find one that works:

svnadmin dump /path/to/repository -r rev_number_from_svnlook --incremental > /home/mtrudel/rev_dump.svndump

If it works, you're stuck. If it fails, and it should, continue on to the previous build (current_build - 1), if it succeeds, you can do the following:

• Edit /path/to/repository/db/current, change the first item (revision number) to the revision that works.
• Try to checkout -- things should work.
• Try to checkin changes -- things should work.

You should obviously do this with exclusive access to the SVN repository you're trying to fix, *just in case*, so shutdown Apache, svnserve or whatever else may be publishing the repository.

Other details:

• svnadmin verify is a bad idea on repos with a large number of commits, if resolution time is critical and the information in the last commit is not too important.
• Take backups of any files you modify.

Automatic mounting of Samba shares

Here's a nice complement to using Likewise, which is in the Ubuntu repositories, to handle among other things, the mounting of Samba shares on logon: pam_mount. This article assumes that you've already done everything necessary to make Likewise work properly in your environment.

Sadly, there was a lot of documentation about earlier versions of pam_mount, and very few (or few that I could find) about this newer version packaged in Ubuntu. Hopefully this will help people who have been struggling with making it work properly on their installs.

Pam_mount is easy to install:

sudo apt-get install libpam-mount

Once installed, you will want to edit /etc/security/pam_mount.conf.xml to uncomment a line:

<luserconf name=".pam_mount.conf.xml" />

And perhaps the debug line just above it if you need to troubleshoot potential issues.

Then, create a file in your home directory: .pam_mount.conf.xml. Here is mine, for example:

<pam_mount>
<volume user="*" fstype="cifs" server="fileserver1" path="share34" mountpoint="~/share34" options="iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" />
<volume user="*" fstype="cifs" server="fileserver1" path="share35" mountpoint="~/share35" options="iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" />
</pam_mount>

Once you've enabled pam_mount by adding it in common-session and common-auth with the following line, this file will allow mounting on login \\fileserver1\share34 and \\fileserver2\share35 in ~/share34 and ~/share35 respectively, without having the enter your password if you were already using Likewise as an authentication mechanism. One interesting detail is precisely the tilde in the mountpoint path, since in the case of full paths and the pam_mount $(USER) variable for example, you may be catching other issues, such as how to transform a DOMAIN\user name in a /home/DOMAIN/user path. The good old '~' takes care of that issue. At the same time, 'user="*"' seems to resolve to the currently logged in user, so if you were deploying multiple systems from a kickstart or cloning; or keeping a generic .pam_mount.conf.xml in /etc/skel for mounting public shares, you can keep only one file that works for everyone. Keeping the generic volume tags in the main /etc/security/pam_mount.conf.xml can also be a good idea.

So far, the tests we've been doing at work seem to indicate that these lines needs to be added in common-session and common-auth, though maybe it's possible to do it with fewer changes, or a slightly different line:

For common-session, around the top, I guess:

session optional pam_mount.so nullok try_first_pass

For common-auth, around the end, so that it's evaluated at the very least after pam_lwidentity.so:

auth optional pam_mount.so nullok try_first_pass

I'm fairly confident that "nullok" could be omitted on both lines, since empty passwords are probably not allowed in your Windows domain.

Also, pam_mount can also handle mounting different types of filesystems, such as truecrypt filesystems :)

One other little known command

Do you know about "join"? It's a nice little utility that comes from the "coreutils" package, which means that it's there by default on most, if not all Unix/Linux distributions. What this does is join (duh) two files, based on the values in fields.

For example, the other day I had to correlate Apache requests from the logs on one Apache server acting as a proxy, with the logs of another Apache server used as a backend. Because of missing configuration, the proxy Apache had public IP addresses, but didn't have domain names (virtual hosts), and the backend had domain names but only the private IP addresses from the proxy systems. So, I took copies of the two Apache's combined_logs, and awk'ed them to only keep the IP, URI requested, and domain name requested (this was necessary because it's better to have clear field numbers with join, and Apache can, if configured to do it, log the UserAgent of a client, which spans multiple fields if you field separator is space).

With the logs doctored as required to be easy to handle with join, you can just run the command:

join -1 2 -2 2 -o "1.1 0 2.3" log_proxy.txt log_backend.txt

What this will do, is tell join to use the second field from the first file (-1 2, aka log_proxy.txt), the second field from the second file (-2 2, aka log_backend), and join the data together to form a new file, outputted to standard output, following the format stated in -o: first file's first field (the public IP), the join field (0, or the URI in this case, which appears in both files), and the third field in the second file (the virtual host domain). You can obviously adjust the field numbers if necessary, or change various settings such as the field separator (default is space), which is all very clearly documented in the man page.

On other news, I seem to have because fairly well know in my workplace to be the Ubuntu wizard... Maybe the Ubuntu laptop bag helps? Anyway... Friday I was asked by Marc about installing Ubuntu on a Lenovo T60, and yesterday I was asked about my thoughts and experiences with Intrepid by Richard. I've already managed to get one Ubuntu machine in use as a server, and hopefully there will be more to come in the future.

Planet Ubuntu Meme (aka I am so unoriginal)

My computers are named with the names of Greek/Roman dieties, and more specifically some that I've also seen in the songs of my favorite band, The Cruxshadows.

So far, I have:

• eurydice : my openwrt router
• orpheus: my main desktop computer (currently offline because of some issues though)
• icarus: my work laptop. It also obviously has a name for the office.
• daedelus: used to be my palm pilot.
  
• cerberus: my EEEPC.
• persephone: my jailbroken iPod Touch.

Hopefully there will be more to come.

Dropbox was released today

Dropbox was released in Public Beta today. Yay!

As soon as I got to my email with the invite, I installed the 8.04 version of the Dropbox package from the website on my primary system (running Intrepid). It worked perfectly, installed without a glitch, and I can now happily synchronize files between machines.

Oh, and I subscribed to identi.ca today. I'll attempt to regularly post something there too... I just need to find a good way of doing these posts easily and without always logging in to the website.

More network-related tools: Network Discovery

I've found out about this other really nifty tool for networks. It's called NeDi (for NEtwork DIscovery), and is used to inventory devices connected to a network, the ports available on network devices, routes, modules, and other kinds of details that are just fun to have, or really useful to refer to from a central repository. It's nice too because it installs extremely well on Ubuntu; a wiki entry even exists to give a quick how-to on the installation and configuration process: https://help.ubuntu.com/community/NediHowTo.

Once you've gone through the steps described in the wiki entry, and run your first nedi.pl -cob (and waited the a minutes if you've happily asked it to map your whole corporate networks (oops!)), you can access the web interface and view all the information that was gathered, such as devices routes, firmware versions, models, serial numbers, and what end-user devices are connected where.

NeDi is also apparently part of the GroundWork OpenSource products, which is a pretty interesting suite of software if you want to roll out systems monitoring in your location.

Two useful network-related commands

mtrudel@laptopl-mtrudel:~$ sudo ethtool eth0
[sudo] password for mtrudel:
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: pumbag
Wake-on: g
Current message level: 0x00000001 (1)
Link detected: yes

ethtool is a command that gives you information on the capabilities of your network card, and the network that it is connected to. The most interesting things are the Speed and Duplex lines, which are somewhat useful when diagnosing some very specific problems. Some people may already know of mii-tool which is also available on default installs of ubuntu, however, you should know that mii-tool doesn't support Gigabit ethernet, and as such may give you weird results in that case. ethtool, on the other hand, works fine on gig.

Another cool command I found out about recently, is an implementation of a CDP listener on linux: cdpr. cdpr is available with a simple sudo apt-get install cdpr. cdpr listens for CDP advertisements coming from Cisco hardware, which will let you know what switch you are connected to, some additional information about the switch, and more importantly, which port you are connected in. That's pretty neat for large offices, especially if you're not sure where all the wired are going, and which is which when in a wiring cabinet. To use cdpr:

mtrudel@laptopl-mtrudel:~$ sudo cdpr
cdpr - Cisco Discovery Protocol Reporter
Version 2.2.1
Copyright (c) 2002-2006 - MonkeyMental.com

1. eth0 (No description available)
2. tun0 (No description available)
3. any (Pseudo-device that captures on all interfaces)
4. lo (No description available)
Enter the interface number (1-4):1
Using Device: eth0
Warning opening device (arptype 65534 not supported by libpcap - falling back to cooked socket)
Waiting for CDP advertisement:
(default config is to transmit CDP packets every 60 seconds)
Device ID
value: switch4529
Addresses
value: 192.168.45.29
Port ID
value: FastEthernet0/33

Now I'd just need to walk over to that switch to do whatever I may need to do directly on it... or telnet, ssh, or point a browser to it if I needed to change the configuration.

An education issue? + Yay for the Intrepid user switcher and shutdown/logoff window

Talking to my father tonight, helping him with some computer tasks and advocating free software in the process, I've come for myself to the realization of what many may already know, but anyway... the use of free and open-source software is an education issue. What I mean by that is that if we want FOSS to be adopted in a more widespread fashion, if we want projects to succeed (and FOSS-focused companies to succeed), we need to make sure that people know that alternatives exist. We need to let people know too, that the alternatives are legit -- because I think that this may actually be a problem too. Maybe people are accustomed to paying for software that has very specific capabilities, or lots of features, or for operating systems, and from that habit they are inferring that whatever is not being charged for is like the today sadly common pirated software? Is anybody else noticing this kind of thing?

As such, I think that is really is important to support projects like Fabian Rodriguez' Ubuntu In Libraries, that promote availability of open-source software, education of potential users on the fact that legit, free, and working software actually exists, and that it can replace other software with fewer features that you could potentially pay a lot more for.

Extending this, I also think that Ubuntu should be advocated in a more overt manner in schools. I'm often somewhat shocked at the fact that teachers will encourage students to procure themselves extremely specialized and pricey software like Adobe Photoshop or Illustrator (which tend to be somewhat out of most students' budgets, especially living on their own... and usually also out of their parents' budgets!), when viable alternatives like GIMP or Xara Xtreme, which could not only do the same work in many cases, but benefit from the additional user base while helping these new users by adding features. If there is demand for something, it has more of a chance to be added to a software project. At the same time, from my experience with the commercial and free alternatives of graphics tools, I see that a lot of things are done exactly the same way, with very similar menus or icons for the same tasks. I'm no expert, but wouldn't that still be good if students are taught the theory basis, and can then transport, transfer that knowledge to whatever different tool they use to do the job? At the very least, I say thanks to Ubuntu for making some of the finer of these alternative programs easy to install or even available by default in new installs (I'm thinking OpenOffice.org).

Intrepid Ibex on a Lenovo T60

Think of this post as somewhat of a response, or extension to Pavel Rojtberg's post regarding the need for closed-source drivers for the T60, that I've found on UbuntuWebLogs.org (posted August 30th). I'm also keeping this as install notes for when I will have to reinstall my laptop.

It seems that it is indeed no longer necessary to use closed-source drivers at all for a Lenovo T60 on Intrepid. On hardy, I also used to be forced to run the closed-source FGLRX drivers to handle advanced things like OpenGL (gaming and nice screensavers), dual-head setups, etc.

I've recently setup my work laptop to run Intrepid (alpha 4), and as such I did happen to notice this pretty nice change. So far, it works like a charm. A few notes I'd add however, is that the dual-head setup is slightly complicated if you want to not have to edit xorg.conf too much (since the possibility of running without the file is one of the features of Intrepid). So, here are my notes:

• Don't even think of installing fglrx at all if you want the open-source drivers to work. The fglrx install (both from apt and from the ATI website) changes a lot of things, including the location of some libraries, it seems. If you install the driver, make sure you take all the steps to be really certain it's completely removed. If you're at the point that you think it's removed and you are now running on radeon or ati, and when you run glxgears or glxinfo it ends with a Segmentation fault, then it is VERY likely that it isn't completely removed yet. My guess would be to look in /usr/lib/xorg for the libGL libraries, and to remove the package that relates to these files (I'm not sure which one yet).
• Go slowly, and if you're unsure, get rid of xorg.conf to start from scratch.
• Don't trust the failsafe X configuration wizard too much, do the very basic, get back to some single-headed working config that pleases you and work from there.
• If you want to run dual-head with a resolution any higher thant 800x600 (which I'd guess most people will want to do...), at this point in time you WILL need to slightly modify your xorg.conf file manually and add a Virtual line in the "Display" subsection of the "Screen" section to support your higher resolution, as described here, but you will NOT need the "MergedFB" option, since that will be taken care of by Xrandr. Hopefully the hard limitation of 1600x1600 as a Virtual resolution will be increased by the time Intrepid is released, but for now it blocks you completely from using xrandr right away to setup dual-head, and forces you to modify xorg.conf manually.
  
• If you are like me and use a similar dual-head setup at work and at home with your laptop (but with different monitors), be ready for some minor modifications to xorg.conf. In my specific case, I found that modelines from my work secondary screen (a Samsung SyncMaster something 940a, 17inch), and my home secondary screen (Acer AL1716, 17inch), didn't always match. If I setup the dual-headed config with the failsafe wizard at work, and bring my laptop home, the modelines for work will not allow me to use my home screen, but if I do the config the same way at home, the modelines will still allow me to use my work screen. The modelines were of course completely handled by the failsafe wizard, I didn't have to edit xorg.conf.
• Don't hesitate to break xorg.conf with some weird config (like refering to the fglrx driver when it isn't installed) to get in the failsafe X wizard if you need to... I don't know of a simpler way to get to it, but I admit I didn't really check.
• Mind the command: "sudo dpkg-reconfigure -phigh xserver-xorg" to build for you a base xorg.conf file, if you want to start over with a clean config that will work quite nicely for single-screen setups.

The only slight annoyance I can think of, it that the gnome panels show up on my secondary screen every time I boot, but I'm thinking of trying it out like that for a little while.

As for the ath9k drivers, I'm not sure if they are already being used or not, and haven't had a change to look and make sure.

I learned a new command today

Let's make it simple, it's pretty self-explanatory. Since I'm a netadmin, every little thing can help, and this is no exception. It should make my life MUCH easier.

sudo apt-get install sipcalc

And then:

mtrudel@icarus:~$ sipcalc 10.10.0.0/21
-[ipv4 : 10.10.0.0/21] - 0

[CIDR]
Host address - 10.10.0.0
Host address (decimal) - 168427520
Host address (hex) - A0A0000
Network address - 10.10.0.0
Network mask - 255.255.248.0
Network mask (bits) - 21
Network mask (hex) - FFFFF800
Broadcast address - 10.10.7.255
Cisco wildcard - 0.0.7.255
Addresses in network - 2048
Network range - 10.10.0.0 - 10.10.7.255
Usable range - 10.10.0.1 - 10.10.7.254

-
mtrudel@icarus:~$ sipcalc 10.10.9.9
-[ipv4 : 10.10.9.9] - 0

[CIDR]
Host address - 10.10.9.9
Host address (decimal) - 168429833
Host address (hex) - A0A0909
Network address - 10.10.9.9
Network mask - 255.255.255.255
Network mask (bits) - 32
Network mask (hex) - FFFFFFFF
Broadcast address - 10.10.9.9
Cisco wildcard - 0.0.0.0
Addresses in network - 1
Network range - 10.10.9.9 - 10.10.9.9

-

Beautiful little program, gives you all kind of useful information, and it's free!

Intrepid's install takes a bus ride-long

I installed Intrepid Alpha 4 on my work laptop tonight. It's pretty nice -- it took the time of the bus ride home from work, plus a little more time.

So far, I'm not sure how well things go, but there has already been some small issues: failure on my first install try with full-disk encryption w/ LVM. Shortly later, some video corruption in usplash (and kept up if switching from X to consoles).

Other than that, there's been one instance where the Graphics submenu stayed open, wouldn't close (even if I clicked on an application -- nothing would happen), so I had to restart X.

Mostly however, it seems so far like it's stable enough to do actual work -- quite unlike Hardy's alphas which kept freezing my poor Thinkpad T60. VPNs work with vpnc, and ... not sure yet if they work through network-manager: network-manager-vpnc wouldn't enable the Add button, and I haven't had a chance to reboot yet.

Other than that, I like the NewHuman theme a lot ... not surprising given that Darklooks was already my favorite.

Evolution used to work, and now somehow tries to connect to the wrong Exchange server, although it doesn't hold its name anywhere in the config that I give the Exchange plugin -- maybe it tries to read domain information somewhere, but that doesn't seem quite ready yet.

Ah, I can't even think of other things to try anymore... Maybe more in a new post. I've got to check if a lot of bugs are opened yet.

And the bus ride... it takes about half an hour. Not bad, but that's definitely something that will need to be worked on.

UDF 2.5 support in Ubuntu, new network-manager

For the past week and half, I've been using the new network-manager packages from the network-manager team's PPA. My understanding was that these packages are pretty close to what will be included in Intrepid, while they seem to me like they have the benefit of being stable enough to be usable (and quite efficiently too!) on my work laptop... which needless to say, needs to be totally stable. I initially ran into small issues with password prompting for VPNs, but those have been resolved for a little while now. Anyway, here is the line you'll need to add to your sources.list file if you wish to try out the new network-manager packages:

deb http://ppa.launchpad.net/network-manager/ubuntu hardy main
deb-src http://ppa.launchpad.net/network-manager/ubuntu hardy main

One of the great things about the new packages is the possibility of running multiple connections concurrently (for example, both wireless and wired connections at the same time), and, in my opinion, much cleaner handling of multiple connection profiles -- for when you want to use static IPs for some place, DHCP elsewhere -- perfect for the mobile worker!

Also, I've struggled the other day with reading a UDF volume I created on my girlfriend's computer running Vista. Not expecting any issues with a newly burnt DVD, I happily chose to write the data in Vista's UDF format, only to notice that the specific format that is used is not recognized by Ubuntu, at least not in kernel 2.6.24-19. To add support for UDF 2.5, you will need to patch your kernel as directed in this fine Ubuntu Forums post:

http://ubuntuforums.org/showthread.php?t=718744

Happy hacking!

More packaging fun

After a little break for vacation (and an awesome trip to Quebec city!), I'm back at working on the two packages I'm trying to get included in Ubuntu: congruity, and it's dependency; concordance.

Today, I've learned to clean up my debian/rules file (and got nice errors when I got too enthusiastic at it), and creating watch files.

The watch file stuff is quite interesting. It is quick, and efficient... If you want to learn how to use this to keep your packages up to date with the upstream (for example, a sourceforge project!), consult the very complete wiki entry about it at https://wiki.ubuntu.com/PackagingGuide/Howtos/DebianWatch.

Watch files basically contain lines of strings to parse in order to let utilities like uscan and uupdate download any new updated build tarballs from upstream.

OpenChange: a nice boost for Linux adoption in the enterprise?

Since I'm already a happy user of Linux at work and fortunate enough to have other means to access email, calendar, and other services traditional on a Windows infrastructure through workarounds and generally complex tricks, I'm quite interested in the developments on offering support for the Windows infrastructure in Linux.

I found out today about OpenChange a somewhat new project to deliver MAPI support in various tools by implementing MAPI in a library. Although this is still fairly new and probably not yet ready for any kind of production use, I'm definitely going to give this some effort and try to have it run... perhaps even contribute code to it?

In my opinion, OpenChange brings a promising "outlook" for the future to enterprises wishing to migrate desktops to Linux, without necessarily going through the lengthy and complicated process of migrating Active Directory domains, Exchange servers with millions of messages, and other features in use immediately. For enterprises, although Linux desktops seem a good idea for, among other things, alleviating licensing costs; most are not yet ready to scrap complex Windows-based architectures, and will instead wish to make good use of them until upgrade (or migration) is no longer avoidable.

On the bright side, although OpenChange is not quite ready, Evolution at least has come a long way since previous versions provided on Ubuntu repositories. Since Hardy, it crashes less often, and you can even actually see free/busy information for other AD users, when Evolution decides it wants to cooperate :)

On the same subject, now that Active Directory integration is available through the use of Likewise Open on Hardy, joining a machine to a Windows domain is easier than ever. The constant state of progress I'm noticing from all distributions, but especially Ubuntu on the subject of Windows integration definitely gives me a lot of hope for the future.

RSA SecurID integration

Short rant here... Why is it that GNOME or KDE don't support using SecurID (or OTP or anything like that that could potentially display a prompt other than "Password: ") ? To me, it is a fairly important requirement, if not for server applications, at least for the interfacing between servers and Ubuntu desktops.

We use RSA SecurID to control access to systems. If you try to use the new PAM module provided by RSA, and attempt to connect to a system using, for example, sFTP, you will notice that nautilus or dolphin will just hang there, waiting indefinitely for something, and eventually time out. This is annoying, I feel like it could be something relatively simple to fix, and I am certain it would help not only Ubuntu, but just about any distribution to see more interest from large corporations, only because the security they use is supported, and does not pose a usability problem.

Interestingly, Dolphin in KDE4.1 seems to respond a little better, and actually displays a "OpenSSH" window with a PASScode prompt... However, it then complains immediately that it cannot grb the keyboard, and even if you type something it will not be used... and the prompt will still reappear 5 times :)

I will probably take a second attempt at fixing the issue, or at least finding where the problem starts, at least in nautilus. Is there anyone who knows that could point me in the right direction?

Encrypting data in Hardy...

Think of this post as a more or less of a response to David Thomas' post about how to encrypt data in Ubuntu... However, as a little warning, this has the potential to cause you issues depending on where you are travelling, what is the political climate like where you are going, or if your country has regulations about using encryption. I'm thinking France here, for example, where if I'm not mistaken you are not allowed to use specific encryption algorithms like 3DES or AES? If I'm mistaken, please let me know.

As for me, I'm only using it as a theft protection device, don't want people to have access to sensitive data that could be on my drive if I forgot my laptop somewhere or had it stolen.

Anyway, so you can encrypt your whole disk in Ubuntu. This feature has been available since Gutsy in the installer, where it will permit you to partition your whole disk using LVS and LUKS or some other system. You could also do the partitioning yourself, provided you remember to create the partition for "physical volume for encryption" first, and then use that as a "physical volume for LVS"... You'll also need to have /boot separate, unecrypted. Here's a nice overview of using the installer to encrypt the whole drive: http://learninginlinux.wordpress.com/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/

Also, you can use another very nifty tool called TrueCrypt. Sadly, while some GUI (or so they seem, at first glance) tools exist in the repositories to interface with Truecrypt, the actual software still doesn't appear to be available. You can however get it here, on the official TrueCrypt website.

To setup a truecrypt drive, plug a USB key for example, run truecrypt, select the device and options and follow the directions. I've found that they are all pretty clear. I personally use this to secure my GPG key and lists of contacts... Oh, and my hackergotchi too :)

TrueCrypt happens to have this interesting feature where you can hide an encrypted volume inside another one, and thus benefit from "plausible deniability", since if only the outer volume was decrypted, the data contained (which would effectively be your inner encrypted volume) would not be distinguishable from random data -- still, I probably wouldn't let my life depend on people's lack of curiosity.

Anyway, using these two options, and strong passphrases, you would be able to deter most attempts at reading your personal, sensitive data, and you won't have to worry about the proprietary company information you were carrying to be viewed by your laptop's thief.

For now though, there's still nothing more secure than keeping sensitive data in your head only. Encryption can always, given enough resources thrown at it, be cracked, so this just one more thing to ... keep in mind.

My first actual REVU contribution

Since I've been playing a lot with my new Harmony remote lately, and had to package the two programs that I found that could handle this on Linux, I figured I might as well also upload it.

From my upload to my PPA, I've been lucky enough to have a lot of functionality pointers from my friend John... Anyway, thanks for that.

Since neither Debian nor Ubuntu contained the packages, I've also uploaded them to REVU, to get reviews from MOTUs, and hopefully have my packages included to the universe repository.

In the meantime, if someone who has reviewer access be nice enough to review concordance and congruity, I'd be very thankful for any and all input to improve my packaging skills :)

And of course, thanks to the developers of concordance and congruity for making something easy to work with.

My next tasks: getting my workplace to adopt Ubuntu as an operating system for some workstations, and fixing some of the issues I'm still running into with KDE4.1.

Finally, thanks to Tom Dyer for his post about KDE4.1 (found it on ubuntuweblogs.org; was very useful to start fixing the horrendous issues that previous version had, at least on my system.

Update: Congruity & Concordance, packages on PPA

As promised in previous post, the packages for congruity and concordance (the libraries congruity depends on, and a command-line interface) are now available on my PPA:

https://launchpad.net/~mathieu-tl/+archive

If you're using the current Ubuntu version, Hardy, the easiest way to get those is to add the following lines to your /etc/apt/sources.list:

deb http://ppa.launchpad.net/mathieu-tl/ubuntu hardy main
deb-src http://ppa.launchpad.net/mathieu-tl/ubuntu hardy main

Or, for the previous Ubuntu version (gutsy):

deb http://ppa.launchpad.net/mathieu-tl/ubuntu gutsy main
deb-src http://ppa.launchpad.net/mathieu-tl/ubuntu gutsy main

Then sudo apt-get update and sudo apt-get install congruity. This will install all of the required packages to run the graphical version of the Logitech Harmony remote configuration tool, congruity, version 8.

Using the Logitech Harmony 670 remote on Linux

Yesterday I bought the ONE remote to RULE them all. Seriously. The best 100$ investment ever (was on sale).

Anyway, so I brought home my acquisition, proceeded to program it to handle all my electronic equipment in the living room. The only issue was to setup my computer to be able to program the remote. This is how I did it:

1. Make sure you've got libusb (on Ubuntu, sudo apt-get install libusb-0.1-4) installed. Might also need libusb-dev.


2. Downloaded two packages:
   
   
   • congruity-8.tar.bz2
   • concordance-0.20.tar.bz2
   
   


3. Setup concordance first, for the libconcord library as well as the python bindings for using congruity:
   
   
   
   
   1. Under the concordance tarball directory, in libconcord/: ./configure --prefix=/usr
   
   
   2. Then, make and sudo make install to build the library and install it to /usr/lib
   
   
   3. Cd to bindings/python, run python setup.py build and sudo python setup.py install
   
   
   
   


4. Now, you can go in the extracted tarball directory of congruity, and run sudo ./congruity. You'll notice that it fails, expecting to be passed a filename on every run. You'll need to go on the members.harmonyremote.com website, create an account (if you don't have one already), then proceed through the various steps. When the site expects you to download an EZHex file, save it and manually start congruity (with sudo or as root, as always), or setup your browser to open the files using something like a little wrapper script that would call, for example, gksudo congruity.
5. Optionally move the congruity-8 directory (the extracted tarball stuff) to someplace where it can live indefinitely, perhaps somewhere in the path?
   

The rest of the usage should be pretty straightforward. Once the remote is programmed for your devices, point and click :D

I'll probably be building Ubuntu packages for concordance and congruity, so when those are done I'll write a new post with the links. In the meantime, check my PPA page occasionally at https://launchpad.net/~mathieu-tl/+archive, or in sources.list: http://ppa.launchpad.net/mathieu-tl/ubuntu.

Installer UT2003 sous Linux

L'installation de UT2003 sous Linux, tel que vous le savez probablement, est assez facile, il suffit d'utiliser le CD 3 et démarrer l'installeur. Cependant, sous Ubuntu Hardy Heron 8.04, les choses se compliquent: des erreurs d'assertion et des problèmes de son dès le démarrage du jeu. Voici comment régler ces problèmes:

Pour les erreurs "xcb_lock... Assertion failed":

• Faire une copie de sauvegarde du fichier libSDL-1.2.so.0 du répertoire System du jeu.
• Créer un symlink de /usr/lib/libSDL-1.2.so.0 dans le répertoire System, pour remplacer le fichier existant.
• Si le fichier n'existe pas dans /usr/lib, s'assurer d'avoir installé le paquet libsdl1.2debian.

Pour les problèmes de lag de son:

• Faire une copie de sauvegarde du fichier openal.so du répertoire System du jeu.
• Créer un symlink de /usr/lib/libopenal.so.0 dans le répertoire System, pour remplacer le fichier openal.so.
• Si le fichier n'existe pas dans /usr/lib, s'assurer d'avoir installé le paquet libopenal0a.

Voila. Le jeu devrait démarrer sans problème, et rouler à une vitesse très acceptable. :)

SSH X11 forwarding for other users

Forwarding X11 requests from a remote machine to your workstation is often very useful, especially if you have the habit of using graphical clients, or if you're just forced to use a tool that expects a X server to exist. Yet, when you change to a user other than root, the forwarding will most likely fail. Here's how you can fix this:

1. Connect to the remote system.
2. xauth list
   
3. Select the line outputted by xauth, copy it to buffer... If there are multiple lines, use the one that related to your session -- or try xauth list $DISPLAY
4. Su or sudo into the other user.
5. xauth add (paste the line from xauth)

From there, you'll be able to run just about any program. If you have errors, or the command hangs there, verify that the DISPLAY variable is properly set.