leobsd

Hello Goodbye

2009-07-04T15:03:00.005-03:00

You say yes, I say no
You say stop and I say go go go, oh no
You say goodbye and I say hello
Hello hello
I don't know why you say goodbye, I say hello

Goodbye Google Pages, hello Google Blogger. A few months ago, Google decided to shut down Google Pages and move its users to Google Sites. But the annoying thing is that Pages and Sites were not designed for the same type of user... not even close! Pages allows you to insert customized html, javascript and css; Sites allows you to insert... hm... custom text! Thank God, they didn't blocked custom text (yet)! :-D

I was not willing to pay for a webhost, neither willing to create my own artwork. That's too expensive and too boring for me. Then I decided to move to Google Blogger! Why? because it's perfect for all types of users. For the beginners, a 5-step wizard make them able to setup the blogger and start writing. For the curious guys, there are lots of pre-defined widgets that they can insert on their pages and a pretty easy-to-use interface for changing the blog appearance. And what about the geeks that love to create custom layouts, artwork, javascripts and explore a little deeper the user interaction/experience on their websites? They can really do whatever they want, by editing the whole blog html code, importing external scripts, styles, images... it's perfect!

Just for your reference, I spent just 60 minutes to: 1) create a new blog in Google Blogger; 2) pick a free layout template on the web; 3) import it on Blogger (you just need to click on a button, select the template's XML file and apply); 4) copy the contents from my old webpages to the blog; 5) clean-up the blog appearance (remove the Blogger's default widgets); 6) redirect the old URL to the new one.

You might be thinking "Oh, but you can't create serious websites in Blogger... those infinite scrolls are annoying!". Alright, just take a look at these websites: 1, 2, 3, 4, 5, 6

Hela, heba helloa...

Speedtouch/Thomson 510v6 on the router mode

2009-04-27T23:31:00.009-03:00

1) First off, connect the modem and your computer by using using the ethernet port. Now, set up the computer's ethernet interface with an IP address from the 192.168.1.0/24 class:

root@localhost:/home/leo# ifconfig eth0 192.168.1.100 netmask 255.255.255.0
root@localhost:/home/leo# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:15:56:0b:3b:46
   inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
   UP BROADCAST MULTICAST  MTU:1500  Metric:1
   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

2) Reset the router from the default configuration: look for the reset button on the router's rear side. Press the button for at least 4 seconds (you might have to use a pen to do that). Keep pressing the button until the green leds turn off, and then release the button. Wait a minute while the router to reboots.

3) Open a web browser and point it to http://192.168.1.254. If you're asked for the administrator password, insert "Administrator" as the username and press Enter, leaving the password field blank.

Note: If you have a pop-up blocker configured, remember to allow access for all pop-ups from modem's IP address.

4) On the "Pick a task" menu, click set up

5) On the welcome screen, click next. On the service selection screen, click over the "routed PPP" option and click next. On the "Routed Internet Connection" screen, select the proper VPI/VCI and connection type (8.35/PPPoE works perfectly for my service provider) and click next. On the "Internet Account Service" screen, enter the username and password that you got from your service provider (e.g: john_doe@aol.com) and click next. On the "access control" screen, you have the chance to change the default username/password used to access the router's configuration interface, or leave it with the default "Administrator" account. Click next once again, check the information on the summary screen and click start. Now, wait a few seconds for the router to perform the configuration and press "finish" to reboot the router. Now, wait a minute while the router reboots.

At this point, the client machines on your network are able to resolve DNS names but not to browse the Internet. To fix this, you will need to enable the network address translation (NAT) on the router. To do that, you have to run some few commands on the router's admin shell.

6) Open a new shell session and telnet the router's IP. The username/password are the same that you've just set on the previous step:

root@localhost:/home/leo# telnet 192.168.1.254

7) type the following commands to enable the NAT on the router:

nat
ifconfig intf=Internet translation=enabled
tmpladd intf=Internet outside_addr=0.0.0.1
saveall

8) Close the telnet session by typing exit and wait a few seconds while the router reloads its configuration. Now, wait a few seconds and test the Internet connection again.

SSH tunels

2009-04-02T12:59:00.004-03:00

A few years ago, during my MSc research, I was looking for a way to access the IEEE Xplore from home. IEEE Xplore provides corporate/educational accounts, and they authenticate these accounts based on the requester's IP address. So, if you're inside a university/company which has one of these accounts, you're automatically authenticated based on your machine's IP address.

But what if I'm at home and need to get a copy of that important white paper? Well, at that time, I just had one solution for this: connect to some SSH server on the university, open a text-mode web browser and look for the file at the IEEE Xplore website.

And the change has came when I found this tip http://www.gudlyf.com/2004/01/22/ieee-xplore-from-home, teaching how to create SSH tunnels and redirect ports from a local machine to a remote SSH server.

I found that this is also a pretty useful solution to secure the access to some web-based tools. A few days ago, I installed webmin to ease the management of my home webserver. For security reasons, I just allowed one single IP to access the webmin interface, 127.0.0.1 (the loopback interface in localhost). When I'm remote and I want to access the webmin UI, I just need to execute:

user@OtherPC$ ssh -N -L 10000:127.0.0.1:10000 leo@MyWebServer.net

This creates a tunneled connection between OtherPC and MyWebServer, using my credentials as if I was simply SSHing leo@MyWebServer.net. It then redirects all the requests for the local port 10000 (at the OtherPC) through this SSH tunnel, and when they reach the tunnel's end, forward these requests to the 127.0.0.1:10000 address. In a nutshell, this allows me to type http://127.0.0.1:10000 on the OtherPC's Firefox and to access webmin (in MyWebServer's 10000 port) as I was sitting right in front of the MyWebServer's console.

This is just one of the possible scenarios for SSH tunnels (a very simple scenario), but this is definetively a useful thing for when you just need to access some few resources in your private network but you don't want to set up a VPN server.

OpenVPN, step-by-step

2009-03-27T10:22:00.013-03:00

Special thanks to Cristiano Furtado dos Santos (http://jasonnfedora.eti.br) and Guilherme Rezende (http://www.vivaolinux.com.br/artigo/VPN-em-Linux-com-OpenVPN/)

I've finally set up a VPN to access my home's network from anywhere (and check whether my torrents have finished downloading or not). These are the exact steps I followed. I've also included some notes on how to fix common issues regarding the TUN device creation and how to debug your OpenVPN installation.

1) Server configuration

Cleaning up the environment:

root@VPNserver # cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
root@VPNserver # . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
root@VPNserver #
root@VPNserver # ./clean-all

Building the server keys:


root@VPNserver # ./build-ca
Generating a 1024 bit RSA private key
..++++++
....................................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:BR
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [US]:BR
State or Province Name (full name) [CA]:Sao Paulo
Locality Name (eg, city) [SanFrancisco]:Campinas
Organization Name (eg, company) [Fort-Funston]: mycompany.com
Organizational Unit Name (eg, section) []:NT
Common Name (eg, your name or your server's hostname) [Fort-Funston CA]: VPNserver
Email Address [me@myhost.mydomain]:admin@mycompany.com
root@VPNserver #
root@VPNserver # ./build-key-server server
Generating a 1024 bit RSA private key
...............++++++
.....................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:BR
State or Province Name (full name) [CA]:Sao Paulo
Locality Name (eg, city) [SanFrancisco]: Campinas
Organization Name (eg, company) [Fort-Funston]:mycompany.com
Organizational Unit Name (eg, section) []:NTI
Common Name (eg, your name or your server's hostname) [server]: VPNserver
Email Address [me@myhost.mydomain]:admin@mycompany.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'BR'
stateOrProvinceName   :PRINTABLE:'Sao Paulo'
localityName          :PRINTABLE:'Campinas'
organizationName      :PRINTABLE:'mycompany.com'
organizationalUnitName:PRINTABLE:'NTI'
commonName            :PRINTABLE:'VPNserver'
emailAddress          :IA5STRING:'admin@mycompany.com'
Certificate is to be certified until Mar 25 11:43:43 2019 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

root@VPNserver #
root@VPNserver #
root@VPNserver # ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...............+..................................+..........................................................+................................+..............................................+.................................................+.....................+........+............................................+..............................................................+........................................+................+...........................+...+..........+..............................+.....................................................+..........+.......+...............+..........................+...........................................................................+...............................+..............+....................................................................................................+............................+.........+...........++*++*++*

root@VPNserver # cd keys
root@VPNserver # rm *csr
root@VPNserver # cp 0* ca.* dh1024.pem index.txt* serial* server.* /etc/openvpn/
root@VPNserver #
root@VPNserver # echo "
local 200.201.202.203   # My VPN server's IP
port 1194               # Local Port
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key          # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#status /var/log/openvpn-status.log
#log         /var/log/openvpn.log
#log-append  /var/log/openvpn.log
#verb 3
" > /etc/openvpn/server.conf

2) Adding users

2.1) Building the user keys


root@VPNserver # ./build-key leo
Generating a 1024 bit RSA private key
...............................................................++++++
.++++++
writing new private key to 'leo.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:BR
State or Province Name (full name) [CA]:Sao Paulo
Locality Name (eg, city) [SanFrancisco]:Campinas
Organization Name (eg, company) [Fort-Funston]:mycompany.com
Organizational Unit Name (eg, section) []:NTI
Common Name (eg, your name or your server's hostname) [leo]:
Email Address [me@myhost.mydomain]:leo@mycompany.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'BR'
stateOrProvinceName   :PRINTABLE:'Sao Paulo'
localityName          :PRINTABLE:'Campinas'
organizationName      :PRINTABLE:'mycompany.com'
organizationalUnitName:PRINTABLE:'NTI'
commonName            :PRINTABLE:'leo'
emailAddress          :IA5STRING:'leo@mycompany.com'
Certificate is to be certified until Mar 25 11:45:50 2019 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

2.2) Preparing the files that will be used on the client machines


root@VPNserver # mkdir /root/vpnconfig
root@VPNserver # # Creating a generic config file for the client machines
root@VPNserver #
root@VPNserver # echo "
client
dev tun
proto udp
remote 200.201.202.203 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert leo.crt
key leo.key
comp-lzo
verb 3
" > /root/vpnconfig/vpn.conf

root@VPNserver # cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys
root@VPNserver # cp leo.{crt,key} ca.crt /root/vpnconfig;

One additional step for users that might want do connect to the VPN server using OpenVPN for Windows:


root@VPNserver # unix2dos /root/vpnconfig/vpn.conf
root@VPNserver # mv /root/vpnconfig/vpn.conf /root/vpnconfig/vpn.ovpn

Now, we create a pack with the files configured for this particular user:


root@VPNserver # cd /root/vpnconfig
root@VPNserver # tar cf leo.tar *

Now, figure out what's the best (and safe) way to send this to the user. For linux vpn clients, the files show /etc/openvpn. For windows clients, unpack the tarball on the C:\Program Files\OpenVPN\config directory

3) Starting the VPN

3.1) on the server's side

root@VPNserver # /etc/init.d/openvpn start

root@VPNserver # openvpn --config /etc/openvpn/server.conf --daemon

root@VPNserver # # If the following line shows something, we're fine
root@VPNserver # ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
     inet addr:10.10.10.1  P-t-P:10.10.10.2  Mask:255.255.255.255
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:0 errors:0 dropped:0 overruns:0 frame:0
     TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100
     RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Enabling the packet forwarding on the server's side:

root@VPNserver # echo 1 > /proc/sys/net/ipv4/ip_forward

Add a route for the client's private network (10.0.0.10 is the IP of the interface tun0 in VPNclient)

root@VPNserver # route add -net 192.168.2.0/24 gw 10.0.0.10

3.2) on the client's side

root@VPNclient # /etc/init.d/openvpn start

root@VPNclient # openvpn --config /etc/openvpn/vpn.conf --daemon

If the following line shows something, we're fine.

root@VPNclient # ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
     inet addr:10.10.10.10  P-t-P:10.10.10.9  Mask:255.255.255.255
     UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
     RX packets:8 errors:0 dropped:0 overruns:0 frame:0
     TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:100
     RX bytes:672 (672.0 B)  TX bytes:672 (672.0 B)

Enabling the packet forwarding on the client side:

root@VPNclient # echo 1 > /proc/sys/net/ipv4/ip_forward

Add a route for the client's private network (10.0.0.1 is the IP of the interface tun0 in VPNserver)

root@VPNclient # route add -net 192.168.1.0/24 gw 10.0.0.1

4) Testing
Pinging a machine on the server's private network

root@VPNclient # ping 192.168.1.199
PING 192.168.1.199 (192.168.1.199) 56(84) bytes of data.
64 bytes from 192.168.1.199: icmp_seq=1 ttl=127 time=62.4 ms
64 bytes from 192.168.1.199: icmp_seq=2 ttl=127 time=58.7 ms

Pinging a machine on the client's private network

root@VPNserver # ping 192.168.2.10
PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
64 bytes from 192.168.2.10: icmp_seq=1 ttl=127 time=61.9 ms
64 bytes from 192.168.2.10: icmp_seq=2 ttl=127 time=58.9 ms

5) Troubleshooting:

5.1) Firewall-related issues. Make sure that the needed ports are properly opened (Thanks to Cristiano Furtado dos Santos (http://jasonnfedora.eti.br))

root@VPNserver # iptables -A INPUT -s 10.10.10.0/16 -j ACCEPT
root@VPNserver #
root@VPNserver # iptables -A INPUT -p udp --dport 1194 -j ACCEPT
root@VPNserver # iptables -A OUTPUT -p udp --sport 1194 -j ACCEPT
root@VPNserver #
root@VPNserver # iptables -A INPUT -i tun+ -j ACCEPT
root@VPNserver # iptables -A OUTPUT -o tun+ -j ACCEPT
root@VPNserver # iptables -A FORWARD -i tun+ -j ACCEPT
root@VPNserver # iptables -A INPUT -i tap+ -j ACCEPT
root@VPNserver # iptables -A OUTPUT -o tap+ -j ACCEPT
root@VPNserver # iptables -A FORWARD -i tap+ -j ACCEPT
root@VPNserver # iptables -A INPUT -i ppp+ -j ACCEPT
root@VPNserver # iptables -A OUTPUT -o ppp+ -j ACCEPT
root@VPNserver # iptables -A FORWARD -i ppp+ -j ACCEPT
root@VPNserver # iptables -A INPUT -p gre -j ACCEPT
root@VPNserver #
root@VPNserver # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 139 -m state --state NEW -j ACCEPT
root@VPNserver # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 445 -m state --state NEW -j ACCEPT
root@VPNserver #
root@VPNserver # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 137 -m state --state NEW -j ACCEPT
root@VPNserver # iptables -t nat -A PREROUTING -p tcp -m tcp --dport 138 -m state --state NEW -j ACCEPT

5.2) OpenVPN debugging messages:

You can always run openVPN in the foreground and let it flood your stdout with debug messages:

root@VPNserver # openvpn --config /etc/openvpn/server.conf

or you can optionally uncomment the following lines from your server.conf

#status /var/log/openvpn-status.log
#log         /var/log/openvpn.log
#log-append  /var/log/openvpn.log
#verb 3

5.3) The TUN/TAP error:


Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface

Tried opening /dev/tun0 (failed): No such file or directory (errno=2)
Tried opening /dev/tun1 (failed): No such file or directory (errno=2)
...
Tried opening /dev/tun255 (failed): No such file or directory (errno=2)
Cannot allocate TUN/TAP dev dynamically
Exiting

Solution:

root@VPNserver # mkdir /dev/net; mknod /dev/net/tun c 10 200

5.4) The TLS_ERROR:


Thu Apr  2 12:27:07 2009 TLS: Initial packet from 200.202.220.53:1194, sid=1422627c d18b4e4f
Thu Apr  2 12:27:07 2009 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=BR/ST=Sao_Paulo/L=Campinas/O=My_company/OU=NTI/CN=VPNserver/emailAddress=leo@mycompany.com
Thu Apr  2 12:27:07 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Apr  2 12:27:07 2009 TLS Error: TLS object -> incoming plaintext read error
Thu Apr  2 12:27:07 2009 TLS Error: TLS handshake failed
Thu Apr  2 12:27:07 2009 TCP/UDP: Closing socket
Thu Apr  2 12:27:07 2009 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr  2 12:27:07 2009 Restart pause, 2 second(s)

Solution:
1) check whether you have copied the needed files (ca.crt, user.key, user.crt, vpn.conf) to the client machine (look into the config file for the correct filenames and check whether they are in the same directory as the config file)
2) try to restart the openvpn daemon is running on both sides
3) If it still fails, take a look at the logs and google it :)

Concatenate PS/PDF files

2009-03-23T23:43:00.005-03:00

It's Sunday morning. You've just download the 25th chapter of that book you love, which is available as 25 different PDFs. You save them all in a folder and you're finally ready to start reading it from the very beginning! Here you go!

Problem #1: You decided to print the book. But wait, there are 25 files! Ok, forget about it... start reading on the computer.

Problem #2: You want to send that book for your mom. She would love that! Hey, but how to attach 25 files to an e-mail? And you think "Well, why don't I buy her the new Paul McCartney DVD?"

Dealing with dozens of PDF files may be confusing and take an extra effort to keep them organized. Sometimes, the best thing to do is to simply concatenate them all in a single PDF. This is pretty simple to do in Linux, using the GhostScript program (yeah... and you were thinking that GS was solely intended to create PostScript documents, huh? ;-) ). The following example concatenates all the PDFs matching myfiles*pdf and another file called another_file.pdf, saving them all as a single document called all_files.pdf:

gs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=all_files.pdf myfiles*pdf another_file.pdf

To do the same for a bunch of PostScript files, do the following:

gs -dBATCH -dNOPAUSE -q -sDEVICE=pswrite -sOutputFile=all_files.ps myfiles*ps another_file.ps

That's it ;-)

Error checking in Python using regular expressions

2009-03-22T19:01:00.005-03:00

Everyone makes mistakes, so is not fair to say that "users are stupid" as an excuse when your application crashes due to user error. If you're a developer and your interface is so poorly designed that no one understands it and no error checking/handling is made, please don't blame the users (*). They probably just want to run that damn piece of software to execute some boring/complex task, and they don't want it to crash because they'll have to restart it over again ;-)

Regular expressions are very useful for checking errors in input text fields. Here you can find an example of how to validate an IP address or MAC address typed by the user. This is a pretty simple example, but you can use it as a base for whatever checking you need:


>>> pattern={\
... 'ip': re.compile(r"^(?:(?:25[0-5]\
... |2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25\
... [0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"),\
... 'mac': re.compile(r"^[0-9a-fA-F]{2}\:\
... [0-9a-fA-F]{2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]\
... {2}\:[0-9a-fA-F]{2}\:[0-9a-fA-F]{2}$")}
>>>
>>> # Is it a valid IP address?
... def valid_ip(address):
...     if pattern['ip'].match(address) == None:
...         return False
...     return True
...
>>> valid_ip("192.168.0.1")
True
>>> valid_ip("192.168.0.457")
False
>>>

(*) If you truly believe that every user wants to mess with you... man, go to a shrink. I'm not kidding.

Linux Swap in a file

2009-03-17T23:45:00.007-03:00

Three years ago I was installing Debian in my laptop and was thinking "do I really need a swap partition?". I believe that most of you, once in a while, have spent some minutes staring at the partitioner screen, thinking on that.

At that time, the 1GB RAM of my laptop was more than I ever needed and I had many reasons to believe that nobody would never use more than 1GB RAM on a laptop... and now I can say I was completely wrong :-) I decided to not install the Linux swap... keeping one of my disk partitions reserved for the Linux Swap seemed to be worthless.

Well, it's been 3 years since I installed Debian here in my laptop... and now my 1GB RAM is fully used most of time. You may be wondering "why?", "What have changed in three years?". Ok, give a try to gnome+screenlets+gdesklets+compiz and you will certainly know what I'm talking about ;-)

The problem was that I didn't have any swap spaces installed and I didn't want to touch my disk's partitions neither wanted to reinstall the whole system... I just wanted a quick and simple solution for the swap problem. And then I found mkswap. It allows you create a swap space in a single file, which can be stored wherever you want in your filesystem. Here is an example situation. On the example below, I'm creating a 1GB swap, and will store it on the root filesystem in my Linux partition:

root@localhost# dd if=/dev/zero of=/swapfile bs=1024 count=1024000
root@localhost# mkswap /swapfile
root@localhost# swapon /swapfile

And that's enough. I'm pretty sure that nobody would never use more than 2GB of RAM on a laptop. I guess. Well, maybe 1.5GB, but no more than 2GB. Or maybe not. Well, anyway, I guess I'm gonna buy an additional 1GB memory module... just in case... :-)

Processing command line parameters

2009-03-16T22:10:00.006-03:00

Sometimes, dealing with command line parameters is pretty useful for configuration scripts. After some minutes banging my head against the wall, I found the solution for that. Here are example scripts for Python and Shell script:

In python

user@localhost:~$ cat command_line.py
import getopt
import sys

def start(argv):
opts, args = getopt.getopt( argv[ 1: ], "n:a", ("name=", "age=" ))
print "Arguments: ", opts
for opt,arg in opts:
if opt in ( "-n", "--name" ):
print "The user typed his name: %s" %arg
elif opt in ( "-a", "--age" ):
print "The user typed his age: %s" %arg

start(sys.argv)
user@localhost:~$
user@localhost:~$
user@localhost:~$ python command_line.py --name="Leo" --age=26
Arguments:  [('--name', 'Leo'), ('--age', '27')]
The user typed his name: Leo
The user typed his age: 27
user@localhost:~$

In Shell script

user@localhost:~$ cat command_line.sh
#!/bin/bash

NAME=""
AGE=""

if [ $# -gt 0 ]; then
while [ $# -gt 0 ];do
if [ "$1" == "--name" ];then
  if [ -n "$2" ]; then
      NAME=$2
  fi
  shift
  shift
elif [ "$1" == "--age" ]; then
  if [ -n "$2" ]; then
      AGE=$2
  fi
  shift
  shift
else
  echo "Unknown option: $1"
  shift
fi
done
fi

echo -e "NAME: $NAME\nAGE: $AGE"

user@localhost:~$
user@localhost:~$
user@localhost:~$ bash command_line.sh --name leo --age 27 --wrong
Unknown option: --wrong
NAME: leo
AGE: 27
user@localhost:~$
user@localhost:~$ bash command_line.sh --name leo --age
NAME: leo
AGE:

OpenSSH - stdin: is not a tty

2009-03-15T18:01:00.005-03:00

I'm using Debian testing (squeeze/sid) and the SSH/SCP stopped working after my last distro-upgrade.

After executing the SSH client, the server was returning the error below:

Error:

ssh -v root@SSHserver
stdin: is not a tty

Solution 1: you have physical access to the machine
On the machine's console, log in as root and execute the following commands:

root@SSHserver# mkdir /dev/pts
root@SSHserver# mount -t devpts /dev/pts /dev/pts

Solution 2: you only have remote access to the machine
ssh to the target server again, but now remember to append a "/bin/sh" as the last argument. The "/bin/sh" on the command line basically tells the ssh client to ignore the normal logon process (which is not working) and to simply execute the "/bin/sh" right after the SSH authentication. This will give you a restricted shell on the target server instead of logging you on, but don't worry, you won't need anything else to fix the problem.

In order to execute the recovering procedures, you'll need root privileges, so remember to inform root as the user for the SSH authentication. After the authentication, the server will not return any sign of successful authentication. You will only be presented with a blinking cursor. To check whether you were successfully logged or not, you can simply type an 'ls' and check if you're actually seeing the remote server contents. After that, you can go ahead and execute the 'mkdir' and the 'mount' as shown in the box above.

user@remoteMachine$ ssh root@SSHserver /bin/sh
mkdir /dev/pts
mount -t devpts /dev/pts /dev/pts

Try again
ssh to the the target server again and you'll be presented the Linux shell again :-D.

You might also add the following line to the /etc/fstab to make devpts be automatically mounted on the next time you reboot the machine:

none /dev/pts devpts defaults 0 0

Well, that's all. If you have any question or similar solution, please leave a comment.

Case/switch statements in Python

2009-03-14T04:17:00.003-03:00

Python does not have a case/switch statement, but you can easily work this around in two steps:

>>> def exit_ok():
...     print "OK"
...
>>> def exit_error():
...     print "ERROR"
...
>>> def exit_dontpanic():
...     print "AAAH! PANIC! RUN!"
...
... # 1) Create a dictionary with references to the
... #    handler functions or whatever you was going
... #    to call in your case/switch
...
>>> functions = { 0: exit_ok,\
...               1: exit_error,\
...               2: exit_dontpanic }
>>>
>>> myrandomvar = 0
>>>
>>> # 2) Call the function
... functions[myrandomvar]()
OK
>>>

another good example is the conditional attribution. So if you have, for instance, to set the value of a variable according to a conditional statement, you can combine both steps (checking and attribution) in one single step:


>>> cur=""
>>> var1="something"
>>> var2=False
>>>
>>> # This is how any code monkey makes a
... # conditional attribution. People who 
... # like COCOMO would probably love that
... if (var1 == "something") and (not var2):
...     cur = "OK"
... else:
...     cur = "PANIC! RUN!"
...
>>> # But if one does that, he would probably
... # get a bad year-end evaluation...
... status = { True: "OK", False: "AAAH! PANIC! RUN!" }
>>> cur = status[(var1 == "something") and (not var2)]
>>>

...write it down!

2009-03-14T02:22:00.006-03:00

"If you can't remember for long, just write it down". This kind of changed the way I deal with humans.

Limited memory, limited processing power, limited autonomy (it requires a 30-minute recharging period for each hour awake!) and sometimes unpredictable behavior... but they still be a powerful and complex "machine".

So why not look forward to improve the machine's performance, by taking some notes, by using on those modern calculate machines (some call them computers), by letting millions of brilliant minds around the World know your thoughts and help you on finding a better way use it? And what if everyone helped each other on doing that, sharing thoughts, on a continuous and collaborative process, making the overall humanity's knowledge grow?

The complex and limited machine has turned a huge distributed system, and there's no way to stop it. Don't even try. You'd better look around, share, help, teach, learn... and if you can't tell the whole world what you've learned, just blog it down.