#eurovision
I'm kinda hoping Google Hangouts will nudge it out to keep things saner. IRC is still the best IM though.
@BBCiPlayer
For 192.168.5.*
nmap -PR -sP 192.168.5.0/24
Store markdown formatted index.mdwn files in a directory hierarchy. Store the style.css, header.inc & footer.inc in the base directory with the following Makefile:
INFILES = $(shell find . -name "*.mdwn")
OUTFILES = $(INFILES:.mdwn=.html)
all: $(OUTFILES)
%.html: %.mdwn footer.inc header.inc style.css
m4 -PEIinc header.inc > $@
markdown $< >> $@
cat footer.inc >> $@
clean:
rm -f $(OUTFILES)
PHONY: all clean
Now simply run make to generate your site.
Using:
Using the dwm window manager and dmenu to run commands at the top.
The screen casting tool is recordmydesktop2.0.
If anyone knows a faster way to do it, using say a Web application, please let me know!
Putting Powertop tunables in a systemd format will probably be blogged by Lennart, though here goes. Prompted by the legendary Power regressions thread.
Using PowerTOP versionv2.1:
powertop -html
Use the td:first-child { display: none; } trick to be able to copy and paste the second column.
You will get something like
iw dev wlan0 set power_save off
echo 'min_power' > '/sys/class/scsi_host/host0/link_power_management_policy';
echo '0' > '/proc/sys/kernel/nmi_watchdog';
echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs';
echo '1' > '/sys/module/snd_hda_intel/parameters/power_save';
echo 'auto' > '/sys/bus/usb/devices/3-1/power/control';
echo 'auto' > '/sys/bus/pci/devices/0000:0e:00.0/power/control';
ethtool -s net0 wol d;
Which you need to convert like so in systemd's /etc/tmpfiles.d/power-savings.conf:
w /sys/class/scsi_host/host0/link_power_management_policy - - - - min_power
w /proc/sys/kernel/nmi_watchdog - - - - 0
w /proc/sys/vm/dirty_writeback_centisecs - - - - 1500
w /sys/module/snd_hda_intel/parameters/power_save - - - - 1
w /sys/bus/usb/devices/3-1/power/control - - - - auto
w /sys/bus/pci/devices/0000:0e:00.0/power/control - - - - auto
For ethtool and iw have a look at Vodik's /etc/rules.d/50-network-powersave.rules
21:32 <akumaks> hi. i have question. help me,pls
21:32 <retard> i can't
21:32 <retard> i don't have it, you kept it
21:33 <akumaks> witch patch apply - to move by tags at "MOD"+ArrowKey?
21:39 <retard> [B[B[B
21:39 <retard> [6~
Background
I'm too embarrassed to write this "statistics architecture" up on the Webconverger blog and this is too technical for Natalian.
After messing around with Anselm's monitor rc scripts, fiddling with GNUplot, looking into statsd and graphite (v. scary) and watching metrics everywhere... I have a LOT to think about.
- https://www.icinga.org sucks
- munin sucks
- nagios sucks
Of course I want to apply the suckless philosophy and cut through the crap.
Measure what?
I started with this faux problem of measuring my machine temperature, since this is related to Webconverger deployments, that require monitoring. Monitoring translates to business value, since this is what clients are prepared to pay for.
My "suckless" approach is to generate time series CSV rooted on epoch time.
*/5 * * * * echo $(date +%s) $(cat /proc/temp) | ssh server 'cat - >> /data/${id:-$SSH_CLIENT}/temp/$(date +%j).csv'
Over a ssh socket. Then on the server we either run GNUplot over the CSV or churn it in JSON and write put the data into a time series graph.
The problem with quirky GNUplot is that the Web output of a PNG or SVG can be difficult to explore or interact with. However it's powerful, fast and plays well with shell.
Then again the JSON frontend is easier to write and interact with, but it can become pretty darn cumbersome.
This approach makes a number of assumptions about ssh and the frequency and such and so forth. And it lacks monitoring alerts. I'm not quite sure how to do that yet. Perhaps extra logic on the server, that filters new data and if something goes wrong, it sends an alert. My preference would probably be an email.
Please see https://github.com/kaihendry/sg for an implementation!
On Archlinux, /etc/systemd/system/ takes precedence over /usr/lib/systemd/system/.
System: /usr/lib/systemd/system/
x220:~$ ls /usr/lib/systemd/system/ | grep rsync
rsyncd.service
rsyncd@.service
rsyncd.socket
x220:~$ systemctl list-unit-files | grep rsync
rsyncd.service disabled
rsyncd@.service static
rsyncd.socket disabled
Your system wide systemd stuff: /etc/systemd/system/
x220:/etc/systemd/system$ tree
.
├── autologin@.service
├── conn.service
├── foobar.service
├── getty.target.wants
│ └── getty@tty1.service -> /etc/systemd/system/autologin@.service
├── local-fs.target.wants
├── multi-user.target.wants
│ ├── conn.service -> /etc/systemd/system/conn.service
│ ├── dcron.service -> /usr/lib/systemd/system/dcron.service
│ ├── httpd.service -> /usr/lib/systemd/system/httpd.service
│ ├── ntpd.service -> /usr/lib/systemd/system/ntpd.service
│ ├── remote-fs.target -> /usr/lib/systemd/system/remote-fs.target
│ ├── sshd.service -> /usr/lib/systemd/system/sshd.service
│ ├── syslog-ng.service -> /usr/lib/systemd/system/syslog-ng.service
│ └── vboxservice.service -> /usr/lib/systemd/system/vboxservice.service
├── network.service
├── sysinit.target.wants
└── syslog.service -> /usr/lib/systemd/system/syslog-ng.service
4 directories, 14 files
Enabling and disabling a service
$ sudo systemctl disable network
rm '/etc/systemd/system/multi-user.target.wants/network.service'
/etc/systemd/system$ sudo systemctl enable conn
ln -s '/etc/systemd/system/conn.service' '/etc/systemd/system/multi-user.target.wants/conn.service'
Symlinks to /etc/systemd/system/multi-user.target.wants.
So listing the contents of /etc/systemd/system/multi-user.target.wants shows basically what a user wants to startup.
Listing /etc/systemd/system/
If you have a /etc/systemd/system/foobar.service present:
$ systemctl list-units | grep foo
$ systemctl list-unit-files | grep foo
foobar.service disabled
Make the version information useful like so:
make VERSION=$(git describe --always)
Maintain URL integrity (including HTTPS!!!)
Entering https://paypal.co.uk into a mobile Android browser should take you to a secure payment site. There you should be secured and stay secured.
What happens currently is that Paypal UA (Browser) sniffs the mobile UA and redirects you to an unsecured http://paypal.co.uk/m. Attackers can exploit this by overriding UA strings so that Web sites use insecure connections.
When you do log in to Paypal, it does redirect you again to HTTPS, though this is confusing. Maintain the SSL protocol.
Mobile content transformation (ct) can break security
Content transformation proxies deployed on several mobile IP networks might rewrite a HTTPS link and hence lose security.
This is insane.
Maintain wildcard HTTPS certificates
Some sites like paypal.co.uk only have a valid certificate for www.paypal.co.uk.
Hence a dangerous mess if someone goes to https://paypal.co.uk from any device, as SSL won't work!
Title is redundant
- HTML title's get buried in iframes and like it or not this is how a lot of mashups will work (sandboxing)
- Titles often maintain identity. This is better done by URLs (domain names). When you go to Yahoo.co.uk, your tab should read yahoo.co.uk, not "Yahoo! UK & Ireland"
- HTML titles should instead be a heading h1. This is very often the case already.
UAs should show the full URL at the top of the page. So people know where they are and can use this information to switch between devices and guard against phishing attacks. The URL also can provide powerful input mechanisms. Example URLs are the corner stone of the Web, do not hide or obfuscate them!
http:// is redundant
URL links should not promote typing of http://.
It's seven unnecessary characters which really harms the take up of the mobile Web.
UAs currently will take users to an unsecured http:// domain, especially if they bother to type in this redundant prefix.
UA should check for HTTPS site first, before redirecting to http://, though no UAs unfortunately do this currently.
If you need to point out a link in a billboard, I suggest underline the example.com.
www. prefix is redundant
Honestly! Purists can use CNAMES.
Typing these four extra characters harms the mobile Web! 
Typing google.com into the URL bar will redirect the user to www.google.com. NO!
Notice the HTTPS padlock takes up room
I suggest using colours like a gold or green bar like Firefox does already.
However the padlock is well supported and recognised. Probably just leave this one as it is.
Fix dot com
Far too many useful dotcom domains are squatted upon. This is ridiculous and greedy. We need a bigger namespace (with shorter URLs), however without promoting fragmentation, like the uncool device specific dotMobi TLD.
If the domain is not in use, it should be thrown back into the pool.
Domain names need to become much shorter, to make them usable on the mobileWeb.
Unicoded URLs with IRIs might ease the situation, but it's still really really bad. Worryingly Unicode glyphs can confuse and allow for even more phishing attacks.
Search is a dangerous form of identity
One can argue the mess with domain names is largely solved by URL search. Submit "Paypal" in the search bar and Google will redirect you to "Paypal.co.uk" (if you live in the UK).
Search is more usable than domain URLs, but people must be aware of the risks and clearly be shown the resulting URLs by UAs.
Google is essentially an identity broker.
Want to become the domain for when someone enters "Paypal" into the URL bar? Pay Google for it and it could likely be the case.
Silly TLD suggestion of my own
Have a TLD for every year. Effectively this is the site's founding year.
- dabase.2000
- google.1998
- yahoo.1994
Though I don't think they should be necessarily backdated like the above examples.
.com should be mapped to .2009 and then next year, 2010, one could register google.2010. People should keep in mind when a company was formed or founded to know the correct identity of the domain. Through use, I don't think it will that difficult to remember that Google's domain is google.1998 as opposed to google.2020. Some fool could register google.2020 in Bangkok in the year 2020, though who cares?
If the google.2020 business is better at searching than the company behind google.1998, which shouldn't we use google.2020? :P
Certificate fragmentation
Different devices. Different trusted roots. Complete nightmare.
What's worse is that many devices like the Iphone and Android ?G1 do not allow you to manage certificates. This could well be a super disaster.
Here I am touching a few files to add a header to the markdown pages:
COUNT=1
while IFS=, read id name
do
COUNT=`expr $COUNT + 1`
if test "${name}"
then
#echo '\[\[!meta title="'${name}'"\]\]' >> general/$COUNT.mdwn
sed -i "1i# ${name}" general/$COUNT.mdwn
fi
done < titles.csv
I am assuming the ids are order for this silly example.
What are widgets?
Time and time again, I hear people ask: "What are widgets?"
I think there is a lot of confusion in the industry from what I heard last Tuesday at Mobile Monday London.
So let's start from the beginning. Remember File->Save Page as?
Notice how Firefox saves a "webpage.html" with the webpage_files/ directory and perhaps a style sheet? Notice how Opera saves a Web page as a single mime html? Notice how Internet Explorer does this again differently?
So you've written a Web page or perhaps really it's an "office document" written with open proven Web standards instead of that ghastly proprietary Word XML. How do you store that file and share that document interoperably from a USB stick with all your work colleagues? Everyone in your organisation has a Web browser, but how do you package it all up? You need a standard dude!
Zippity-do-dah
Ok, you could 'get by' with a zip file. "Send me that zip file with document, style sheet and the images!" Fine. Zips are great, though can browsers handle them consistently?
Guys, widgets actually are simply zip files. You just need that config.xml. Widgets first and foremost are a packaging format. You've probably created hundreds of widgets already, except they are called Zip files.
Now with widgets under the W3C family of standards, this will drive browsers to support zip files, oh sorry... I mean widgets natively. Super convenient!
HEY! HTML5 has offline support so we don't need no stinkin' widgets
HTML5 defines how offline Web applications work! Gears had a stab at implementing this and the lastest Iphone firmware does client-side database storage. I don't need a widget!
So why aren't we using HTML5? HTML5 offline technology features the Application cache, defines a 'logical package' with a manifest. It's actually a great feature to give Web developers extra control of how browsers cache resources.
However one could argue this new feature:
- might be tricky for some browers to implement (whilst it's easy to slap on Zip support to PocketIE)
- difficult to implement for Web developers since it's new
Compare this to zipping up a Web page of your bus schedule. BOOM! You have an "offline Web application 1.0" (aka the W3C Widget). Was that hard? No. Will widgets be the end all of offline Web applications? Certainly not. Though they fill a gap.
A gap that will exist as long as people do not have the latest software and aren't inherently connected. That I'm afraid might be a few years.
Well Google will push this as they need a way of slipping you advertisements.
WTF happened to my killer widget application then?
Ok, ok, you're thinking what happened to the idea of a widget finding out your Geolocation and then vibrating? You know, using all these BONDI device APIs! Widgets are awesome!
Ok let me let you onto a dirty little secret: The Web's security model is completely broken. The reason why all these APIs have not made it onto the Web so far, is because of the security nightmare that would ensue.
Though we must have these APIs. How can we introduce them safely, define them and then hopefully get them into the Web sanely? And when there is a will there is a way. That's widgets for you.
Widgets are self-contained little balls of the Web. We can secure widgets by signing and associating an access control policy for them. If something goes wrong with the policy, we can pull the plug and revoke the signature. Great, now we have a basis for a security model. Rock on!
Once we know how these API control policies work with widgets, the big idea is that we can bring this "trialled by fire" technologies to Web applications via W3C participation. So BONDI is not just about widget APIs, they are looking to the future with Web applications.
So for the early adopters, yes you can write widgets using volatile mobile device APIs right now, to get Geolocation, your addressbook, battery information, file access and much more!
So my widget is a Web application! (or not)
Widget applications aren't exactly Web applications. They aren't reliant on the back ends like Apache & PHP. Widgets are not inherently connected. They probably will not update and degrade seamlessly like Web applications do at first. Those new device APIs aren't mature. And ... what happens if widgets are just SVG files or canvas elements? DUDE that isn't the Web is it? Or is it?
Thinking of widgets as applications is hard. We are feeling our way here, to the connected Web application platform (HTML5) several years down the line. So let's keep our expectations in check.
Widgets will be useful and they won't neccessarily be doing anything new & connected at first. Though widgets will make sharing content offline a whole lot easier.
So when you are on the Underground and you want to share some funny cat pictures, you can now transfer that content as a widget. Simple.
Get it?
Ok, fine... then can I have a widget of a book please?
Hey! That's more like it! You understand! Here is a real example of how a zip file of a book from Project Gutenberg is turned into a widget with shell:
#!/bin/sh -e
[ $1 ]
wget http://www.gutenberg.org/files/$1/$1-h.zip
unzip $1-h.zip
rm -f $1-h.zip
cd $1-h
index.html is the default start file.
mv $1-h.htm index.html
echo '<widget xmlns="http://www.w3.org/ns/widgets"></widget>' > config.xml
The content must be at the root of the folder.
zip -D -r ../$1.wgt *
cd ..
rm -rf $1-h
Or you could just use the widget books interface I cooked up to save Gutenberg books as a widget. With that book/widget on your device, you can read offline and share the widget with a friend who can't afford a pricey mobile Internet plan. Cool eh?
Remember widgets are just a simple offline encapsulation format to begin with. Backup your files to a widget. Share a widget. Authenticate & trust a widget. Buy a widget. There are new opportunities, you just need to see them for what they are.
Update -- Widgets as a serialisation format for HTML Appcache?
Hopefully widgets will adopt the cache manifest as a mechanism for updating.
So what does this mean? Imagine you had an HTML5 application installed on your mobile. It could be a simple todo list that you want to pass on to your partner or perhaps deploy to zillions of devices.
The Appcached application could be exported into a Widget (a Zip file) and then bluetoothed or deployed into a ~/widgets directory. When the destination device boots the browser, the browser will have the application (and its information contents) readily availble without connecting to the Internet!
Oops, here is the answer: http://vimdoc.sourceforge.net/cgi-bin/vimfaq2html3.pl#5.6 Rest of this is good for saving window info: IRC is actually pretty great. From #vim:
22:09 < hendry> How do I configure VIM to resume editing where I was last editing in a file, saved and quit?
22:10 < LeChef> :mksession iirc
Of course,
:help mksession
For the docs with further information.
The proprietary headphone jack
HTC use a proprietary
ExtUSB
interface for audio. You can get a Stereo Headset Adapter - HTC
exUSB
for 8GBP. 
Last Friday, the 30 of January Google Maps UK did work from my G1. Or that of another G1 device.
Latest: Leonard Rosenthol has since posted a followup on the discussion.
PDFSAGE wondered what the cons are with PDF/A compared to simple HTML for document archival. The debate generally comes down to what you think a document is. If it's an A4 page for printing, you probably want PDF. If a document is an arbitrary unit of information, I would suggest HTML.
Lets start why the PROS of PDF/A. You'll need Flash to view this PDF preview. Actually to do mostly anything with PDF, you need proprietary tools monopolised by Adobe.
You can't just assume people have a PDF viewer installed. Hence PDFSAGE shared his PDF document assuming I had Flash installed. Another proprietary tool. Great, what a start!
Cons of PDF/A
- The PDF viewer isn't nearly as pervasive as a Web browser. Is there a PDF viewer on your mobile? No, I thought not.
- The PDF viewer is slower than a Web browser.
- A PDF is many times larger than an HTML file. Imagine Wikipedia as a PDF/A file? That would be CRAZY.
- Since the viewer and content are much larger than HTML counterparts, PDF/A demands a faster internet connection. Have a slow connection? You're out of luck!
- PDF isn't part of the Web. It's non-trivial to get PDF content on the Web. People end up converting it into a PNG and that's a terrible loss of information.
- It's non-trivial to index and parse out information from a PDF
- "Protected PDFs" break common computing paradigms of copying&pasting
- It's non-trivial to edit content in a PDF. Indeed, PDFs are often designed to be static for archival and reproducible results. Though if information can't be maintained, one can argue it's dead.
- Only accurate representations of stored content can be produced if you embed the font. Bloat!
- A document is of little use unless it's transcribed into text. Scan a STASI file into a PDF. Great, now what? Storing it as a PNG would be even better as people would at least been able to view it easier.
- PDF has a poor accessibility record
- Non-trivial to diff, track and compare PDF documents
- An open standard? That you need to pay ISO 200GBP for?! Are there at least two interoperable implementations of PDF/A?
- Probably only one conforming implementation (Guess who!). Is there a test suite or validator? No
- Not as secure as Web technologies
- OMG WTF PDF
Pros of HTML
- You can read HTML in the simplest of text editors
- An algorithm for parsing HTML is openly defined
- You can "sign" an HTML file by using XML digital signatures. Widgets in fact use a subset called Widgets 1.0: Digital Signatures.
- Scalable. Want text on big or small? Sure thing.
- Easy to edit and maintain. Anyone can edit HTML with a plethora of tools and support.
- Simple to index, find and use the information marked up within an HTML file. Same is not true of a PDF.
- HTML is space efficient. PDF isn't.
- HTML can include "marginalia" like comments and notes.
- HTML has several ways of adding metadata support, though Google search generally does not rely on them for best results
- HTML can convey critical information. It's done so more effectively that PDF has ever done.
- Need to package some HTML content? (i.e. self-containment) Use a widget!
- You can generate static snapshots of HTML to formats like PDF, with tools like Prince. You can't do the reverse very easily!
- HTML is already the primary medium for archival of information! Checkout the waybackmachine
- Worried about data being tampered with? Mandate source control like git where each document can be explicitly tracked since HTML can be treated as plain text for this purpose.
Cons of HTML
- Can't be rendered consistently across devices or mediums -- HTML is not a (static A4 print) presentation format, it's a publishing format
- Printing is particularly tiresome, which is good news for trees
- HTML is living markup and it ideally needs to be maintained
Thanks to the Hide & Seek festival in London this Sunday, I played two interesting games using a mobile device.
Playing And I saw was about simply messaging a 6 digit shortcode to a designated telephone number. So it could be played by old and new phones and didn't require the mobile Web. However if you did have a "mobile Web enabled phone", you could look up the status of the game which is as useful as a twitterstream, i.e. very useful. I enjoyed bumping into people around Southbank and exchanging shortcodes with other short-coded players and finding coded nearby objects.
The Go Game makes explicit use of the mobile Web to
give challenges to teams and co-ordinate the whole game. It was interesting to
hear the game's organisers give the introductory talks and make special note of
problems concerning Blackberry's browsers. Unlike the previous game, you
play in a team and you also can do inter-team challenges. It's a lot of fun and
you should try it!
I've been waiting a long time for a good game on the mobile. And this weekend I feel like I've finally hit that milestone. Not only have I now played a worthwhile and enjoyable game using my mobile, I have confirmed that theory about mobiles being more social and immersive is so very true.
This script use the Open Movie Database API to get
the ratings of movies listed in the file movie-list.
Interesting things to note is the way titles of movies are URL encoded using cURL's data-urlencode switch.
xmlstarlet pyx as mentioned in 09020 is a easy way of using parsed XML
output using shell, without frustratingly building an Xpath.
while read -r movie
do
year=$(echo $movie | grep -Eo '\b(((19|20)[0-9][0-9])|2100)' | head -n1)
m=$(echo $movie | sed 's,\[.*,,' | tr '.' ' ' | sed 's,(.*,,' | sed 's/dvdrip.*//gi')
test "$m" || continue
if test "$year"
then
m=$(echo $m | sed "s,${year}.*,,")
test "$m" || continue
imdbid=$(curl -s -G --data-urlencode "r=XML" --data-urlencode "s=$m" --data-urlencode "Y=$year" http://www.omdbapi.com/ | xmlstarlet pyx | awk '$1 == "AimdbID" { print $2 }' | head -n1)
else
imdbid=$(curl -s -G --data-urlencode "r=XML" --data-urlencode "s=$m" http://www.omdbapi.com/ | xmlstarlet pyx | awk '$1 == "AimdbID" { print $2 }' | head -n1)
fi
if test "$imdbid"
then
rating=$(curl -s -G --data-urlencode "r=XML" --data-urlencode "i=$imdbid" "http://www.omdbapi.com/" | xmlstarlet pyx | awk '$1 == "AimdbRating" { print $2 }')
fi
#echo D: $movie C: $m Y: $year I: $imdbid R: $rating
echo $movie,$rating
done < movie-list
Finally sort by the last CSV value, the rating:
awk -F, '{print $NF,$0}' rated.txt | sort -nr | cut -f2- -d' ' > sorted.txt
If you have your own Debian based VPS on the Internet, you might want to install a VPN service just in case.
I've gone for the PoPToP Point to Point Tunneling Server, since it seems supported by IOS6. I don't have experience of L2TP or IPSec. I'm keen on the fastest and simplest solution.
On your VPS:
sudo apt-get install pptpd
Configure a login in /etc/ppp/chap-secrets. I used this as a guide.
Using rsyslog and tail -f /var/log/syslog, when I connect from my iPhone5, I see:
Dec 27 05:46:44 uk pptpd[14292]: CTRL: Starting call (launching pppd, opening GRE)
Dec 27 05:46:44 uk pppd[14293]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 27 05:46:44 uk pppd[14293]: pppd 2.4.5 started by root, uid 0
Dec 27 05:46:44 uk pppd[14293]: Using interface ppp0
Dec 27 05:46:44 uk pppd[14293]: Connect: ppp0 <--> /dev/pts/3
Dec 27 05:46:44 uk pptpd[14292]: GRE: Bad checksum from pppd.
Dec 27 05:46:48 uk pppd[14293]: peer from calling number 175.139.36.248 authorized
Dec 27 05:46:49 uk pppd[14293]: MPPE 128-bit stateless compression enabled
Dec 27 05:46:49 uk pppd[14293]: Cannot determine ethernet address for proxy ARP
Dec 27 05:46:49 uk pppd[14293]: local IP address 192.168.0.1
Dec 27 05:46:49 uk pppd[14293]: remote IP address 192.168.1.1
I didn't change any values like localip or remoteip in /etc/pptpd.conf,
instead relying on a
NAT and (hopefully
working) defaults.
Once connected from the Iphone I saw:
$ /sbin/ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.0.1 P-t-P:192.168.1.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:6688 errors:0 dropped:0 overruns:0 frame:0
TX packets:8514 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1172538 (1.1 MiB) TX bytes:10880037 (10.3 MiB)
Setup DNS:
$ grep ^ms-dns /etc/ppp/pptpd-options
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Ensure forwarding is enabled:
$ grep forward /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
$ cat /proc/sys/net/ipv4/ip_forward
1
iptables:
# iptables -F FORWARD
# iptables -A FORWARD -j ACCEPT
# iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
I found the IPv6 Toolkit app on IOS6 useful for debugging on the iPhone.
For example to clone all repositories upon http://git.suckless.org/, which uses the cgit frontend:
curl -s http://git.suckless.org/ |
xml sel -N x="http://www.w3.org/1999/xhtml" -t -m "//x:a" -v '@title' -n |
grep . |
while read repo
do git clone git://git.suckless.org/$repo
done
Alternatively:
15:24 <c00kiemon5ter> curl -s http://git.suckless.org/ | xml pyx | awk '$1 == "Atitle" { print $2 }'
15:26 <c00kiemon5ter> funnier: curl -s http://git.suckless.org/ | xml pyx | awk '$1 == "Atitle" { printf("git clone %s\n",$2) }' | sh
https://github.com/kaihendry/Kai-s--HOME/blob/master/bin/screenshot
https://github.com/kaihendry/Kai-s--HOME/blob/master/bin/upload
eml attachements are god forsaken things that Outlook conjure up. If you receive one in Gmail, you need to download and run:
munpack noname.eml
To get the base64 encoded data out.
To sanity test dbus:
dbus-monitor
To monitor the bus and:
dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
To send some crap down to monitor it.
x220:~$ cat /etc/udev/rules.d/20-hdmi.rules
KERNEL=="card0", ACTION=="change", RUN+="/usr/sbin/hdmi"
x220:~$ cat /usr/sbin/hdmi
#!/bin/sh
export XAUTHORITY=/home/hendry/.Xauthority
export DISPLAY=:0.0
/usr/bin/xrandr --output LVDS1 --auto --output HDMI1 --left-of LVDS1 --auto
x220:~$
Say you have a function like so:
wait_for()
{
tmp=$(mktemp -u)
mkfifo $tmp
inotifywait -m --format=%f -e create "${1%/*}" > $tmp 2>&1 &
while read output
do
case $output in "Watches established.") test -p "$1" && break ;; "${1##*/}") break ;; esac
done < $tmp
rm -f $tmp
}
If you run it with the command:
type wait_for
You will get re-formatted bash code like so:
wait_for is a function
wait_for ()
{
tmp=$(mktemp -u);
mkfifo $tmp;
inotifywait -m --format=%f -e create "${1%/*}" > $tmp 2
>&1 & while read output; do
case $output in
"Watches established.")
test -p "$1" && break
;;
"${1##*/}")
break
;;
esac;
done < $tmp;
rm -f $tmp
}
Lovely eh?
Assuming you are Internet connected via your wireless interface wlan0 and you
want to supply internet via net0
Start your DHCPd to hand out address on 192.168.0.x with the following configuration:
x220:~$ cat /etc/dhcpd.conf
# /etc/dhcpd.conf
allow booting;
allow bootp;
option domain-name-servers 8.8.8.8;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.10 192.168.0.49;
filename "pxelinux.0"; # the PXELinux boot agent
next-server 192.168.0.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;
}
Script it like so as root:
ifconfig net0 192.168.0.1 up
#/etc/rc.d/dhcp4 start # old initscripts way
systemctl start dhcpd4 #systemd way
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
Furthermore you can try iptraf-ng to monitor the bridge.
Setting up a Web proxy might be needed to evade censorship and geo restrictions. I'm using squid3 packaged in either Debian or Ubuntu.
Out of my frustration of dealing with the crazy bloated default squid3 configuration, I've spent a good hour or two reducing it to the ABSOLUTELY minimal configuration possible.
Install squid3
sudo apt-get install squid3
/etc/squid3/squid.conf
auth_param digest program /usr/lib/squid3/digest_pw_auth -c /etc/squid3/passwords
auth_param digest realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_port 3128
These 5 lines, sure beats the INSANE 5539 LOC of squid.conf.dpkg-dist and I found a bug in the process!
Setting up a user
htdigest -c /etc/squid3/passwords proxy user
Drop the -c for your subsequent users.
tail -f /var/log/squid3/access.log to see who is using your proxy.
What does a FAQ need?
- A table of contents listing the questions
- A way to hyperlink the question
Unfortunately most FAQs seem to fail to do this. To save you time doing this by hand, I highly recommend anolis
FAQ template, faq.src.html:
<h2 class="no-toc no-num">Frequently Asked Questions</h2>
<div id="tocwrapper"><!-- toc --></div>
<h3>How do I create a FAQ?</h3>
<p>Using HTML</p>
<h3>What's the best kiosk software out there?</h3>
<p><a href="http://webconverger.com">Webconverger</a></p>
Run anolis faq.src.html faq.html and boom:
<h2 class="no-toc no-num">Frequently Asked Questions</h2>
<div id=tocwrapper>
<!--begin-toc-->
<ol class=toc>
<li><a href=#how-do-i-create-a-faq?><span class=secno>1 </span>How do I create a FAQ?</a></li>
<li><a href="#what's-the-best-kiosk-software-out-there?"><span class=secno>2 </span>What's the best kiosk software out there?</a></li></ol>
<!--end-toc--></div>
<h3 id=how-do-i-create-a-faq?><span class=secno>1 </span>How do I create a FAQ?</h3>
<p>Using HTML</p>
<h3 id="what's-the-best-kiosk-software-out-there?"><span class=secno>2 </span>What's the best kiosk software out there?</h3>
<p><a href=http://webconverger.com>Webconverger</a></p>
Job done. Here is a better example FAQ
Here is Makefile I use a lot on my Websites:
INFILES = $(shell find . -name "*.src.html")
OUTFILES = $(INFILES:.src.html=.html)
TEMP:= $(shell mktemp -u /tmp/web.XXXXXX)
all: $(OUTFILES)
%.html: %.src.html
m4 -PEIinc $< > $(TEMP)
anolis $(TEMP) $@
rm -f $(TEMP)
clean:
rm -f $(OUTFILES)
PHONY: all clean
After installing Apache 2.4 in /usr/local/apache2/, I struggled to get my
VirtualHost setup going.
After plonking in at conf/extra/virtual.conf:
<VirtualHost 127.0.0.1:80>
UseCanonicalName Off
VirtualDocumentRoot /srv/www/%0
Options All ExecCGI FollowSymLinks +Includes
</VirtualHost>
Then enabling LoadModule vhost_alias_module modules/mod_vhost_alias.so and restarting the httpd, I kept getting these messages:
AH01630: client denied by server configuration: /srv/www/webconverger/
Turns out there seems to be a new permission model, whereby this policy:
<Directory />
AllowOverride none
Require all denied
</Directory>
Stops access to /srv/www. To alleviate this, after that “deny all” stanza above you add the exception:
<Directory "/srv/www">
Options All
AllowOverride All
Require all granted
</Directory>
Read the Access Control bit in the caniocial Apache httpd documentation for more.