In Portland for Ubuntu Live

Ubuntu Live kicks off tomorrow in Portland, OR, USA, back to back with OSCON.

The tale of air travel

I left London yesterday morning (after my brother accidentally woke me up an hour early), and almost didn't make it out of Gatwick - due to terrible weather, all flights were delayed, and many cancelled. I went through the Trainee security queue, and they all ogled my laptop bag on the Xray machine (filled to the brim with interesting equipment, power supplies, and adaptors, as usual). The lad who frisked me was clearly very green, and I don't think I could have got an unauthorised toothpick through ;-) Thankfully I wasn't picked out for "special attention" again after that, although maybe 10% of people got taken away from the Immigration queue, in at Newark, New York. It's quite a scary process - the queue moves very slowly, because everyone gets interviewed for 2-10 minutes. People with children get a long interview, and if you didn't dot every I and cross every T on your forms, you get sent away, dismissively. Then, as I said, about 10% of passengers fail their interview (or are just unlucky), their papers are put in a big, zip lock bag, and the immigration official shouts for an "ESCORT!" to take them away, down the white corridor, from whence we presume they will never return... There were only 2 escorts, and they were working flat out...

Oh, btw, I'm a huge fan of the air power wiki. My laptop has a negligible battery life, and likes being tethered to the mains. Talking of which, on the 767 from London to New York, there were 110V power sockets under the seats - w00t :-)

My plane to Portland was packed, and delayed for almost 2hrs, in the Friday rush. :-( But I got there mostly on time, and crawled into my hotel bed before midnight, after, literally, a 24hr day. The hotel is dingy, but cheap & clean. And right next door to the convention centre, and a MAX tram stop.

The tale of dodgy wifi

I get free wifi from the Hotel across the street (they have an agreement with mine), but it's dodgy as hell. It just dies without warning, and when it's dead, it's AP seems to cause havoc (when I try and associate with other networks, I always end up connecting to it).

Portland has a free MetroFi service, ad-supported. Which sucks - badly. The signal is mostly pretty poor (I can only get it with my laptop screen right against the window in my room), and when I'm around the town there is normally little signal. They've spread their APs over all 4 non-overlapping channels, polluting the spectrum. When you do have signal, the ad system means you get lots of 302 redirects, which don't agree with my RSS reader, or me. I find myself proxying out over an SSH tunnel, for my sanity. :-( MetroFi--

Portland so far

Portland is nice enough. There is free public transport inside the city centre, it's leafy, and the people seem friendly enough. But I haven't really got a feel for it yet.

I poked around the Saturday market this morning, which could have been just about anywhere in the world (excepting the men selling US flags, and almost all the stalls having credit card facilities :-) ). Some nice work, and some good food (I had a spectacular omlette). I left when it started raining.

I went to see the Body Worlds 3 exhibition at the Oregon Museum of Science and Industry. Very interesting. You get a good feeling for human anatomy and muscle structure. The exhibits of tumours and healthy body parts were quite enlightening. The posed, plastinated cadavers got rather repetitive, although all well worth a close look. I found the exhibits of blood vessels only to be the most beautiful. But overall, I didn't find it to be as mind-blowing or offensive as the media has made it out to be.

Tonight, I'm off to find some fellow Ubuntu Live'ers, unless the Jetlag gets to me first.

s_client's R "feature"

I've just spent a few hours brain-haemorrhaging over why my new Postfix server wasn't allowing me to enter "RCPT TO:" over a STARTTLS connection. Instead it would renegotiate the TLS.

Eventually I found an e-mail by Wietse Venema saying:

Victor Duchovni:
> On Mon, Jan 22, 2007 at 04:31:12PM -0500, Wietse Venema wrote: 
> > RCPT TO:<postmaster>
> > RENEGOTIATING
>
> You got bit by the "s_client" "R" feature... try "rcpt to:" lower case,
> then it hangs up.

What utter brain damage, a non-transparent SSL client program.

Read this and be warned -- we are all stupid, in the eyes of the truly mad s_client

LRL2007 Roundup

Lugradio live is now finished and done. It was well worth attending - I really enjoyed it. Wolverhampton is a shit hole of note, but the conference itself was good.

Notable talks I saw were:

  • Malcolm Yates from Canonical: numerous talk on anything that he considered relevant :-)
  • Alan Cox on how to help in Open Source, and persuading hardware vendors to part with their documentation.
  • Matthew Garrett on Power Management
  • Scott James Remnant on 10 really cool things (quite a few of which didn't work) :-)
  • Michael Sparks from the BBC on Kamelia - a concurrent programming framework
  • Becky Hogge from the Open Rights Group
  • Gervase Markhams brilliant talk - How to Win every argument. He went through various fallacies, and how to use them to your advantage.
  • Joe Born from Neuros

Talks that I missed, but want to catch up when they post the videos (any guesses why I'm blogging this :-)

  • Flumotion
  • IAAL (I am a lawyer)
  • Telepathy
  • Gong a Thong
  • Chris diBona
  • ELER

I walked off with a free Nokia N800, as I'd come from so far away. A man who flew in from Singapore also won one. I have a suspicion that the Californians should have got it instead of me, but the WiFi was down so nobody could google distances :-)

On that topic, I really think that all geeky events like this should have pervasive WiFi coverage. Some of us are a long way away from home, and would like to be able to read our mail in-between talks. Also, it makes the GPG key signing party easier. I didn't pre-register for the signing, so only a couple of people signed my key, but I did get 2 CAcert assurances. I'll try and get some more points while I'm in a part of the world, where you can actually find assurers.

The N800 is very cool. It's ARM based, runs Linux (Maemo), and has decent WiFi / bluetooth abilities. If you want to quickly check your mail, watch youtube (yes it has flash) or do some basic IRC chatting in free wifi zone (i.e. a hotel reception area), then it rocks. The handwriting recognition isn't great, and it's quite different to what I'm used to on my P910. So I mostly use the on-screen keyboards (there is quite a good thumb-sized-keyboard option).

It uses Telepathy for Jabber IM, and has a few VoIP options: Gizmo, Skype, Google Talk. But the best part is that because it's an open platform, you can run most Linux software on it. I've installed Xchat, Mplayer, and an Xterm, so far... Because my amd64 laptop can't run Skype / flash, this is a really handy device to have around.

My train back was re-routed, and in total, it took 5hrs to get home :-( (fortunately I had a movie to watch on the n800)

LRL 2007

For those who don't know, I'm in the UK, catching up on some sun and geeky events. The sun hasn't got going yet (I still have my South African cold), but I'm in Wolverhampton for LugRadio Live 2007.

Getting to Wolverhampton was a pain in the arse:

  • My credit card got replaced last week, but the new one has a PIN number that I don't know :-)
  • I missed my train because of the above, and had to wait until after rush hour.
  • Then ended up catching a train to Manchester by mistake (I'm a geek, I only read signs once, and expect to be going the right way)
  • So an extra hour's detour later, I was in Wolverhampton, but my taxi got stoned by teenagers hanging outside the Kebab joint.

Anyway, now I'm sitting outside the cafe at LRL, and occasionally posting photographs

The poor cafe's internet connection is screwed - the DNS totally broken, OpenDNS is the answer: 208.67.222.222 Mr Butler from Ubuntu UK plied me with Biltong and free "Powered By Ubuntu" stickers. Wohoo!

New GUI for 3G Datacards under Linux

Tectonic has spotted a new GUI for 3G Datacards.

You can see it in action.

Vodafone Spain sponsored it's writing, and they made the right choices: it's GPL, Python-GTK, and pretty well written. It looks like a clone of the Windows Vodafone client, but using libnotify, and other cool GTKisms. I highly approve.

Installing it was as simple as downloading the deb, and installing it with gdebi.

The first thing I did was add the support for my Option 3G GT Quad Fusion Datacard, which was as simple as finding out the USB IDs, and modifying another card's driver:

class OptionGTFusionQuadLite(Device):
    __properties__ = {
        'usb_device.vendor_id' : 0x0af0,
        'usb_device.product_id': 0x6300,
    }
    __name__ = "Option GT Fusion Quad Lite"
    conn_dict = OPTION_DICT

simple eh?

This should be incorporated in default Ubuntu installs. It should also be extended to support talking to phones over bluetooth / IRDA. (At the moment, it seems to only like talking to things that HAL knows about)

PHP4 for feisty - pbuilder for beginners

I helped Robbster out on #clug today, building php4 for feisty (it's been dropped after edgy, in favour of php5). If you want to install it, don't care about security holes, and want to use the debs I created, add this line to your apt sources list, and go wild:

deb http://ftp.leg.uct.ac.za/pub/stuff/tmp/php4-feisty ./

If on the other hand you want to know how to do it (so when the next PHP security hole appears tomorrow, you can build the latest version yourself), read on:

I've never used pbuilder before, so it was fun:

# aptitude install pbuilder

Edit /etc/pbuilderrc to point to your closest mirror, and uncomment the COMPONENTSline (so that you get universe included)

# pbuilder create

Now pbuilder is ready for work. Get the latest sources from debian (Download those 3 files at the end, dsc, orig.tar.gz and diff)

# pbuilder build *.dsc

Sit back and watch...

When it's done, you probably want to create a trivial repository of your debs:

# cd /var/cache/pbuilder/result/; dpkg-scanpackages . /dev/null | gzip -c -9 > Packages.gz

Then add this to your sources.list

deb file:///var/cache/pbuilder/result/ ./

Wohoo. Remember to watch out for those security holes...

OpenVPN / WPAD Mania

I've just spent an afternoon tweaking an OpenVPN install, and I thought it would be a good idea to document it here. Not the world's most interesting post, but it's my method, and I want to document it.

OpenVPN:

The best solution I found was to have the server on it's own subnet:

dev tun0
comp-lzo
keepalive 10 120
server 10.20.2.0 255.255.255.0
push "dhcp-option DNS 10.20.1.1"
push "dhcp-option DOMAIN rivera.co.za"
push "route 10.20.1.0 255.255.255.0"
ca /etc/ssl/vpn-cacert.pem
dh /etc/ssl/dh1024.pem
cert /etc/ssl/certs/vpn.rivera.co.za.pem
key /etc/ssl/certs/vpn.rivera.co.za.key.pem

This sets up a Windows-friendly, routed OpenVPN. (TAP32, the windows tap driver, can't handle arbitrary IP routed VPNs, each link has to have a private /30 network)

Then, the Windows client side:

client
dev tun
dev-node VPN-Connection
proto udp
remote vpn.rivera.co.za 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca cacert.pem
cert winlaptop.pem
key winlaptop.key.pem
ns-cert-type server
comp-lzo
verb 3
pull
keepalive 10 60
explicit-exit-notify 2

This is nice and simple, and has the advantage of pulling a lot of configuration from the server rather than statically storing it on the client.

WPAD:

My network has Proxy Autodetection. While I wanted DNS queries to go through the VPN, I didn't want web traffic to. (DNS through vpn, is ugly, but necessary for finding private servers).

My solution was: dnsmasq.conf:

dhcp-option=252,"http://ixia.rivera.co.za/wpad.dat"

Apache, default site config snippet:

<Location /wpad.dat>
        ForceType "application/x-ns-proxy-autoconfig"
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/8
        Allow from 10.20.1.0/24
</Location>

And a fallback, in-case the wpad is already cached, this at the top of the wpad:

// VPN:
if (isInNet(myIpAddress(), "10.20.2.0", "255.255.255.0")) return "DIRECT";

Some CLUG Park work

I've spent some hours wasted on CLUG Park :-) Here are some improvements:

Rafiq is back:

I've been trying to get him to give me a feed to only his posts, but got no response. For a while, I told the park that his feed was http://www.webaddict.co.za/we-need-a-feed-for-rafiq-only-for-clug-park/, to make my point in 404s in his apache logs, but that didn't bring me a reply, either :-)

So now I've got an XSLT filter in place that strips out other webaddict's posts.

The Atom feed now has the person's name at the beginning of the title (like the RSS feed has)

Sharing a 3G connection with Ubuntu

Seeing as I carry around a vast array of equipment, in my massive, 10Ton backpack, I normally have a 3G card at hand. If I'm visiting someone who doesn't have broadband themselves, or I'm sitting in a Coffee Shop with other laptop-lugging friends I might want to share my 3G connection with friends, via WiFi. (assuming I have a data bundle that month, or they understand the horrific 3G data pricing)

I wrote a little script to make this easy

  • It's clearly Atheros-specific, but I've included more generic commands in comments. Obviously interface names would need to be changed
  • I dial the 3G connection before I run this, and disconnect afterwards, but it would be trivial to change that...
  • My dnsmasq.conf contains only the line dhcp-range=10.42.42.10,10.42.42.254,12h
  • Dnsmasq is configured not to run on startup, via update-rc.d

/usr/local/sbin/3g-ap:

#!/bin/sh
/etc/dbus-1/event.d/25NetworkManager stop
# Atheros:
wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode ap
# Other:
#iwconfig ath1 mode master
iwconfig ath0 chan 3
iwconfig ath0 essid SR
iwconfig ath0 enc s:13Char-Passwd
ifconfig ath0 up 10.42.42.1 netmask 255.255.255.0
/etc/init.d/dnsmasq start
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o ppp0 -s 10.42.42.0/24 -j MASQUERADE
sysctl -w net/ipv4/ip_forward=1
echo "Done - when finished, hit enter"
read ignoreme
/etc/init.d/dnsmasq stop
iptables -t nat -F POSTROUTING
sysctl -w net/ipv4/ip_forward=0
# Atheros:    
wlanconfig ath0 destroy
wlanconfig ath0 create wlandev wifi0 wlanmode sta
# Other:
#iwconfig ath0 mode managed
/etc/dbus-1/event.d/25NetworkManager start