SUN SGD on Debian Lenny

Surprizingly enough SSGD installs fine on a debian lenny system.

Probably you have to

sudo aptitude install libmotif3

Then convert the rpm package to a debian one:

alien --scripts tta-4.50-907.i386.rpm

Make same necessary symbolic links:

ln -s /usr/lib/libXm.so.3.0.2 /usr/lib/libXm.so
ln -s /usr/lib/libexpat.so.1.5.2 /usr/lib/libexpat.so.0

Install the package:

dpkg -i tta_4.50-908_i386.deb

There is a minor error message that AFAICT does not cause any problems:

pythagoras:~# dpkg -i tta_4.50-908_i386.deb
Selecting previously deselected package tta.
(Reading database ... 24510 files and directories currently installed.)
Unpacking tta (from tta_4.50-908_i386.deb) ...
Setting up tta (4.50-908) ...
chown: cannot dereference `/opt/tarantella/lib/i3so/libXm.so': No such file or directory
chmod: cannot operate on dangling symlink `/opt/tarantella/lib/i3so/libXm.so'
/var/lib/dpkg/info/tta.postinst: line 17218: [: 0configure: integer expression expected
To complete the installation, please run /opt/tarantella/bin/tarantella start

Batch resize and convert images using ImageMagick

Enter the following command to resize all JPEG images in a directory to 750×500 pixels. Obviously, you can change the 750×500 to whatever dimensions you prefer:

convert -resize 750×500 *.jpg

Enter the following command to convert a JPEG into a GIF. You can convert any format image, it doesn’t have to just be JPEG to GIF:

convert image.jpg newImage.gif

Enter the following command to reduce the quality of every JPEG in a directory down to 80%. You can change the 80% to whatever percentage you prefer:

convert -quality 80% *.jpg

Please visit the ImageMagick homepage to learn about the thousands of other commands available.
Note: You can also combine commands. For example:

convert -resize 750×500 -quality 80% *.jpg

Google Docs multiple Headers And Footers

For multiple headers (i.e. different header on each page) use the following tags.:

<div class="google_header">your_content_goes here</div>

For multiple footers:

<div class="google_footer">your_content_goes here</div>

Note that when using multiple footer, do not insert a footer using the UI. It will add the following tag to the page:

<div id="google_footer">your_content_goes here</div>

Setting the id to google_footer makes this header move to the first page, which is not what you intend most of the time with multiple footers.
For page number:

<span class="google_pagenumber">1</span>

For page count:

<span class="google_pagecount">1</span>

Please note that if you are using the page number tags, it would be best not to choose page number option in the user interface as that might conflict with the page numbers you have already entered.

how to setup OpenLDAP log file

how to setup OpenLDAP log file

[root@esker /etc]# man slapd.conf
...
loglevel
Specify the level at which debugging statements and
operation statistics should be syslogged (currently
logged to the syslogd(8) LOG_LOCAL4 facility). Log
levels are additive, and available levels are:
1 trace function calls
2 debug packet handling
4 heavy trace debugging
8 connection management
16 print out packets sent and received
32 search filter processing
64 configuration file processing
128 access control list processing
256 stats log
connections/operations/results
512 stats log entries sent
1024 print communication with shell
backends
2048 entry parsing

...


[root@esker /etc]# cat /etc/openldap/slapd.conf
...
loglevel 4095
...

[root@esker /etc]# cat /etc/syslog.conf
...
# save OpenLDAP log
local4.* /var/log/ldap.log

restart ldap server

Changing the hostname on CentOS

The file /etc/sysconfig/network contains the hostname and will look something like this:

NETWORKING="yes"
GATEWAY="10.1.1.1"
HOSTNAME="www.example.com"

Simply open up the file in your favourite text editor, either as root or using sudo, and change the HOSTNAME value to what you want it to. For example, if we wanted to change www.example.com from the above example to ftp.example.com then you'd end up with the following:

NETWORKING="yes"
GATEWAY="10.1.1.1"
HOSTNAME="ftp.example.com"

This change won't take affect until the next reboot, but you can make the change happen immediately using the hostname command like so:

$ hostname ftp.example.com

Simply issuing the command on its own will return the current hostname, eg

$ hostname
ftp.example.com

You may also need to add/change the hostname in the /etc/hosts file. By default this would look something like this, using our www.example.com example again:

127.0.0.1 www.example.com localhost localhost.localdomain

You would then change it to be like so:

127.0.0.1 ftp.example.com localhost localhost.localdomain

OpenSSL Usage tips

OpenSSL can be a complicated application to be sure. This page intends to shed some light on how to accomplish some typical operations, such as viewing a certificates details or creating a SSL (client) connection to an email server that supports STARTTLS.

View a certificates' details

openssl x509 -in filename.crt -noout -text

Where filename corresponds to the X.509 certificate file, which typically would end in .crt, .cert or .pem. See also: man x509

Viewing the details of a certificate revocation list (CRL)

openssl crl -in filename -noout -text

Where filename corresponds to the CRL file, which typically would end in .crl or .pem. See also: man crl

DER to PEM conversion
Converts a DER format certificate to PEM - which is more widely used in applications such as apache.

openssl x509 -out exported-pem.crt -outform pem -text -in derfile.crt -inform der

See also: man x509

Generate the hash value from a certificate
Sometimes useful when you want to store multiple CA certificates as separate files in a directory configured into your application.

openssl x509 -hash -noout -in certfile.pem

See also: man x509

Testing STARTTLS
Connects to a mail server and starts TLS session, shows all the server certs (certificate chain) with -showcerts.

openssl s_client -connect test.smtp.org:25 -starttls smtp -showcerts

Note: only support in newer versions of openssl (check man page for -starttls option) See also: man s_client

What is UMASK?

UMASK is a Unix environment variable which automatically sets file permissions on newly created files.

The UMASK variable can be confusing to use, because it does work as a mask. In other words, you set the permissions that you do not want in the UMASK.

To calculate permissions which will result from specific UMASK values, subtract the UMASK from 666 for files and from 777 for directories.

If you want all files created with permissions of 666, set your UMASK to 000. Alternatively, if you want all files created with permissions of 000, set your UMASK to 666.

A reasonable value for UMASK is 022, which will cause files to be created with permissions of 644 (rw-r--r--) and directories to be created with permissions of 755 (rwxr-xr-x).

A more secure value for UMASK is 066, which will cause files to be created with permissions of 600 (rw-------) and directories to be created with permissions of 700 (rwx------).

UMASK is nomally defined in the .profile or .login user startup files.

The Zen of Python, by Tim Peters

Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one-- and preferably only one --obvious way to do it.
Although that way may not be obvious at first unless you're Dutch.
Now is better than never.
Although never is often better than *right* now.
If the implementation is hard to explain, it's a bad idea.
If the implementation is easy to explain, it may be a good idea.
Namespaces are one honking great idea -- let's do more of those!

On joining an EMC NAS to a SAMBA 3.x domain

I have a SAMBA 3.x domain with security = user, so each SAMBA account must have a corresponding entry to /etc/passwd. The same thing holds for machine accounts, although Debian complains that machinename$ is not a valid user name.

The password-based join is what people should prefer to use, but 'smbpasswd -a -m' should match NT4 is this respect (setting a password matching the machine name).

Mathematical Point of View

What Makes 100%? What does it mean to give MORE than 100%? Ever wonder about those people who say they are giving more than 100%? We have all been to those meetings where someone wants you to give over 100%. How about achieving 103%? What makes up 100% in life?
Here's a little mathematical formula that might help you answer these questions:
If:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z is represented as:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26.
Then:
H-A-R-D-W-O-R-K
8+1+18+4+23+15+18+11 = 98%
And
K-N-O-W-L-E-D-G-E
11+14+15+23+12+5+4+7+5 = 96%
But,
A-T-T-I-T-U-D-E
1+20+20+9+20+21+4+5 = 100%
And,
B-U-L-L -S-H-I-T
2+21+12+12+19+8+9+20 = 103%
AND, look how far ass kissing will take you.
A-S-S-K-I-S-S -I-N-G
1+19+19+11+9+19+19+ 9+14+7 = 118%
So, one can conclude with mathematical certainty that While Hard work and Knowledge will get you close, and Attitude will get you there, it's the Bullshit and Ass Kissing that will put you over the top.

Team Work

There are four people named Everybody, Somebody, Anybody and Nobody. There was an important job to be done and Everybody was asked to do it. Everybody was sure Somebody would do it, Anybody could have done it but Nobody did it.

Somebody got angry about that because it was Everybody's job. Everybody thought Anybody could do it, but Nobody realized that Everybody wouldn't do it. It ended up that Everybody blamed Somebody when Nobody did what Anybody could have done.

Running Matlab through a ssh tunnel

It is (un)common in a Computer Center environment to run applications on a remote server and see the graphical output on the local machine. This is usually achieved using X11 forwarding over ssh.

I had to set up Matlab R2009a on a brand new SUN blade server and make it available to users through the SUN Global Desktop software. If I get it right, SUN's SGD merely passes X11 forwarding over ssh, over the http protocol. The big disappointment was that Matlab's interface was sooooo slow in a way that the program was practically unusable. I tried to pinpoint the problem by fine tuning SGD but this was not the case. Then I realized that accessing Matlab from SGD is the same as accessing it using X11 forwarding over ssh.

The first clue that Matlab's way to draw the interface sucks is that you cannot run it under a standards compliant window manager like XMonad or Awesome. The proposed hack:

$ export AWT_TOOLKIT=MToolkit

just segfaults on any recent (and old, afaik) linux distro (I think this is a java problem, well java sucks also). Another clue that something is wrong with Matlab's way to draw its interface is the warning message I got when I tried to run it on OpenSUSE 11.1:

libxcb: WARNING! Program tries to unlock a connection without having acquired
a lock first, which indicates a programming error.
There will be no further warnings about this issue.

I don't really understand the above warning but what I get is that Matlab's interface developers are doing ad hoc hacks or just don't really care about Matlab's functionality in Linux.

By googling for more than three days I finally realized that the problem is a combination of java and the X11 libraries. A lot of people under different setups reported the same problem with Matlab and the common fact was that everything was fine until they upgraded their linux distro to the latest version. So I decided to install CentOS 4 in a virtual machine and try this setup as a last resort. Fortunately Matlab R2009a runs just fine in CentOS 4 and its interface is bearable under ssh -X.

UPDATE: Finally it turns out to be a libraries problem. Matlab R2009a runs also fine in CentOS 5 as long as you install the "Legacy Software Support Libraries" in the "openmotif22-2.2.3-18.i386" package.

UPDATE (issue finally solved): I found a resolution for this problem! Just put a file called "java.opts" containing the Java option "-Dsun.java2d.pmoffscreen=false" into the directory *matlabroot*/bin/*system*/

VLAN handling on Cisco Switches

These notes appear on a scratch paper found on my desktop. They seem useful and I'll try to see that they are ok.
In order to add a vlan:

vlan database
vlan <id> name <name>
exit
show vlan name <name>

In order to add a port to an existing vlan:

conf t
interf <interface>
switchport mode access
switchport access vlan <vlan>

In order to delete a vlan:

vlan database
no vlan <vlan>
exit

I cannot understand the meaning of the following:

set vtp mode transparent
show vtp domain

Debian Lenny: How to disable ipv6

If you use good old IPv4 instead of IPv6 for your network connection and dont wanna play with iptables6 or leave ipv6 wide open, you should disable IPv6. In /etc/modprobe.d/aliases add two lines after the commented out line:

# alias net-pf-10 ipv6
alias net-pf-10 off
alias ipv6 off

You can safely wipe out any IPv6 reference in /etc/hosts and /etc/network/interfaces

Thanks to this article.

Network Card Bonding On CentOS

Today I had to setup a network bond on CentOS. These are the necessary steps. In the /etc/modprobe.conf file added the following:

alias bond0 bonding
options bond0 miimon=80 mode=1

mode=1 is for my active-backup setup witch is common to all the SUN blades I had to setup. In the /etc/sysconfig/network-scripts/ directory I created ifcfg-bond0 (fill according to your setup):

DEVICE=bond0
IPADDR=
NETMASK=
NETWORK=
BROADCAST=
GATEWAY=
ONBOOT=yes
BOOTPROTO=none
USERCTL=no

I changed ifcfg-eth0 to:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes

I also changed ifcfg-eth1 to:

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes

Finally you have to restart networking:

$ service network restart

Many thanks to De Zordo Patrick

Debian Lenny: secure OpenLDAP traffic with SSL

I consider that you already have a database running. First of all enable ldaps in /etc/default/slapd:

SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:///"

The following creates a self-signed certificate valid for 10 years:

$ mkdir /etc/ldap/ssl
$ openssl req -new -x509 -nodes -out \
> /etc/ssl/ldap-cert.pem -keyout \
> /etc/ldap/ssl/ldap-key.pem -days 3650

Under /etc/ldap/slapd.conf (server configuration) add (somewhere between include entries and database entries):

TLSCertificateFile /etc/ssl/ldap-cert.pem
TLSCertificateKeyFile /etc/ldap/ssl/ldap-key.pem
TLSCACertificateFile /etc/ssl/ldap-cert.pem

In order to configure a client, under /etc/ldap/ldap.conf add at the end of the file:

URI ldaps://ldap.your.domain:636/
BASE dc=your,dc=domain
TLS_CACERTDIR /etc/ldap/ssl/

Don't forget to restart OpenLDAP:

$ /etc/init.d/slapd restart

Thanks to Sébastien Wains for his excellent article about CentOS.

How to create a bridge interface using a NIC bond

The following setup works fine on a Debian Lenny system. Notice also that the same setup on a Ubuntu 9.04 server causes a kernel panic!

The machine is a SUN blade server with two NICs. Each NIC is connected to a different switch in a redundant manner. These are the contents of the /etc/network/interfaces file:

auto lo
iface lo inet loopback

auto bond0
iface bond0 inet manual
slaves eth0 eth1
bond_mode active-backup

auto br0
iface br0 inet static
address 192.168.11.20
netmask 255.255.255.0
network 192.168.11.0
broadcast 192.168.11.255
gateway 192.168.11.1
bridge_ports bond0

Ναυτική ορολογία

Ονόματα των ανέμων:

• Τραμουντάνα (βόρειος)
• Γραίγος (βορειοδυτικός)
• Λεβάντες (ανατολικός)
• Σιρόκος (νοτιοανατολικός)
• Όστρια (νότιος)
• Γαρμπής (νοτιοδυτικός)
• Πουνέντες (δυτικός)
• Μαΐστρος (βορειοδυτικός)

Σταβέντου: υπήνεμα
Σοφράνου: πάνω στον καιρό (από εκεί που έρχεται ο άνεμος)
Αρόδου: ανοιχτά
Πρίμα:
Όρτσα:
Σία: πρόσταγμα, σ´ αυτούς που τραβούν τα κουπιά, να σταματήσει επι τόπου η βάρκα

Βυρσοδεψία της Νάξου

Η χρησιμοποίηση δερμάτων για την κάλυψη πρωταρχικών αναγκών του ανθρώπου, οδήγησε από πολύ πρώϊμα στην αναζήτηση τρόπου κατασκευής τους. Για να γίνει η δέψη του δέρματος απαιτείται πολύ νερό και αρκετή αιολική δύναμη (δεδομένου ότι οι μηχανές ντίζελ τότε σπάνιζαν). Βέβαια απαράιτητη ήταν και η ύπαρξη ζωϊκών δερμάτων που η Νάξος διέθετε σε αφθονία.

Η περιοχή της Γρόττας της Νάξου πρόσφερε σε αφθονία νερό και μεγάλη αιολικλη δύναμη. Γι' αυτό εκεί δημιοθργήθηκαν τα ναξιώτικα βυρσοδεψία. Από τα παλαιά χρόνια μια εβραϊκή παροικία είχε ασχοληθεί σοβαρά με την επεξεργασία δερμάτων. Μετά τη σκυτάλη πήραν δύο μεγάλες οικογένειες: οι Λαγουρούδες και οι Πολίτιδες. Οι πρώτοι ήρθαν από την Τήνο κι αγόρασαν πολλά ακίνητα στην περιοχή της Γρόττας. Σε όλα αυτά τα ακίνητα άνοιξαν δεξαμενές (λίμπες) μέσα στο έδαφος, απαρίτητες για τη δέψη των δερμάτων. Έστησαν επίσης ανεμόμυλο στα βόρεια του πρώτου δημοτικού σχολείου Νάξου, ο οποίος ήταν απαραίτητος για το άλεσμα των δεψικών υλών του πεύκου και του περιβλήματος του βελανιδιού (κικίδι). Το ίδιο έκαναν και οι οικογένειες των Πολίτιδων, των οποίων ο ανεμόμυλος ήταν στην αρχή του δρόμου προς στην Πορτάρα, δίπλα στη θέση όπου σήμερα έχει τοποθετηθεί το ωραιότατο άγαλμα της Αριάδνης.

Τα δέρματα χωρίζονταν σε τρείς κατηγορίες. Τα μεγάλα βοδινά (σολοδέρματα). Τα μικρά βοδινά (βακέτες) και τα ψιλά ζώα, πρόβατα, κατσίκια (σεβρά, φόδρες, γάντια, παιδικά παπούτσια) κτλ. Τα ακατέργαστα δέρματα αγοράζονταν από τα σφαγεία της Γρόττας, εκεί που σήμερα είναι η παιδική δημοτική βιβλιοθήκη. Τα αλάτιζαν, μετά τα έπλεναν με άθφονο νερό και τα έβαζαν στις δεξαμενές με πολύ ασβέστη.

Εκεί έμεναν περίπου ένα μήνα, μετά τα έβγαζαν και τα έπλεναν στη θάλασσα κι έφευγαν οι περισσότερες τρίχες. Μετά με ειδικά μεταλλικά ξίστρα, με δύο λαβές, τα καθάριζαν τελείως από τις τρίχες και από τ' άλλα τυχόν υπολείμματα ιστών που έμεναν μετά το γδάρσιμο. Αφού συνεχιζόταν μεγάλο πλύσιμο, τα έβαζαν πάλι στις δεξαμενές και τα κάλυπταν με αλεσμένο πεύκο και αλεσμένο κικίδι. Εκεί έμεναν πολλούς μήνες έως ότου πάρουν το χρώμα και τα άλλα χαρακτηριστικά των δερμάτων. Τα ξαναέβγαζαν από τις λίμπες, τα στέγνωναν και με ειδικά εργαλεία έκαναν τις επιφάνειες των δερμάτων λείες και μετά τα άλοιφαν με ειδικές αλοιφές για να αποκτήσουν την πρέπουσα στιλπνότητα και ελαστικότητα.

Εννοείται ότι σ' όλη αυτή τη διαδικασία πεπεξεργασίας ασχολιούνταν πάρα πολλοί βυρσοτεχνίτες και άλλοι εργάτες. Η δραστηριότητα αυτή έδινε εργασία σε πολλούς. Μετά ερχόταν η σειρά των υποδηματοποιών. Μέσα στη Χώρα και σ' όλα τα χωριά υπήρχαν πάρα πολλοί. Άριστοι τεχνίτες μετέτρεπαν τα δέρματα σε ωραιότατα υποδήματα, ανδρικά γυναικεία και παιδικά. Έτσι καλυπτόταν οι ανάγκες υπόδησης των κατοίκων και εκ παραλλήλου η εξοικονόμηση των απαραιτήτων για πολλούς.

Τάδε έφη Γεώργιος Φραγκουδάκης
3/2/2005