Friday, June 27, 2008

Interesting Viewpoint

I wandered across this article this morning and thought it deserved posting, especially in the light of similar Microsoft sentiments in recent months.

While Microsoft can't possibly 'buy out' Open Source as a whole, it'll be interesting to see if it means Microsoft start interacting with Open Source in a better light to ensure more interoperability between systems (possibly the only way to achieve continued market share), or if they'll make better quality end-products, or systems to deploy those products on, or if they'll continue to do exactly what they've done in the past.

One thing is nearly certain, within the next five years, Microsoft will need to do something a) special or b) underhanded to continue to operate in the market as they have done -- the amount of end-users that are coming to me and other ISV's since the advent of Microsoft's Vista product-line and asking about Linux on the desktop is increasing and that can only be a promising sign for the future.

The time for lipservicing the FOSS market, is over.

Monday, June 16, 2008

Using mod_security 2.5.x with Apache 2.x

note: This article is intended for a technical audience -- you should use extreme caution when modifying a production system, as your data will be nearly impossible to recover if you use this command incorrectly -- caveat emptor.

There's a lot of posts about how to setup the mod_security module for Apache, but few on how to configure it -- hopefully people find this post useful in doing just that.

Before we start, i'm assuming you've actually installed mod_security 2.1.3 or 2.5.x here already (Red Hat/CentOS packages are here, Ubuntu / Debian ones are here, an OpenSuSE howto is here).

I'm also assuming you've made a copy of the core rules that come supplied with the package and put them in the /etc/modsecurity directory.

note: If your distribution of choice doesn't ship the core rules with the packages, you can download those from here.

Now, to make a decent configuration.

First, move (don't copy, or the default configuration may override any environment-specific changes you make) the /etc/modsecurity/modsecurity_crs_10_config.conf file to /etc/apache2/conf.d/mod_security.

Open the newly copied /etc/apache/conf.d/mod_securityfile and edit the following parameters:


  • SecResponseBodyLimit
  • -- Because the default configuration doesn't check binary files, you may wish to reduce this to 256K, so change this value to 262144.
  • SecAuditLog
  • -- The default configuration saves the logfiles relative to the configuration file directory, under most modern Linux/BSD distributions, the apache or www-user account already has rights to the /var/log/apache2 directory, so you can safely change this to /var/log/apache2/modsec_audit.log
  • SecDebugLog
  • -- Using the same rationale, you can change this to /var/log/apache2/modsec_debug.log


At this point, you should save your file and restart your Apache 2.x server in order to ensure your configuration works. If you run:

cat /var/log/apache2/error.log | grep “ModSecurity”


You should see the string:

“[Fri Jun 13 23:23:23 2008] [notice] ModSecurity for Apache/2.5.5 (http://www.modsecurity.org/) configured.”


Which means we can proceed to add our rules to the configuration. To do this, open your configuration file again and add the following line to the bottom:

Include /etc/modsecurity/rules/*_crs_*.conf


This will add the core rules to your configuration. Once again, you can restart your server and the changes will take effect.

Sunday, June 15, 2008

Transmission, MIME-types, Java?

I'm posting this here for two reasons, a) the solution works but sounds like overkill and b) because I couldn't find any information on the interschnitzel directly -- it just happened to be a solution for another application that worked in this case too.

After updating Transmission (my favourite bittorrent client) on my Ubuntu 8.04 desktop machine, I found that torrent files I downloaded weren't appearing in my client, but they weren't appearing on my desktop either.

Sometimes they worked if I downloaded the .torrent file more than once, but more often than not, they didn't.

Looking through all the usual suspects (MIME-types in Nautilus, etc) proved unsatisfying, so I had a look in my .xsession-errors file (using: tail -f ~/.xsession-errors from a terminal while downloading a file, and found:


GCJ PLUGIN: thread 0x816c470: NP_GetMIMEDescription
GCJ PLUGIN: thread 0x816c470: NP_GetMIMEDescription return
GCJ PLUGIN: thread 0x816c470: NP_GetValue
GCJ PLUGIN: thread 0x816c470: NP_GetValue: returning plugin name.
GCJ PLUGIN: thread 0x816c470: NP_GetValue return
GCJ PLUGIN: thread 0x816c470: NP_GetValue
GCJ PLUGIN: thread 0x816c470: NP_GetValue: returning plugin description.
GCJ PLUGIN: thread 0x816c470: NP_GetValue return


GCJ?

Ah, the Open Java Variation of Sun's Java Runtime.

Turns out, if you have the Ubuntu Multiverse and Universe repositories configured & you install the ubuntu-restricted-extras package (the one that gives you multimedia encoding and playback capabilities, Java, Flashplayer amongst other things) it installs the Open Java (openjdk-6-jre) variations and not the Sun one.

To install the Sun Java Runtime from Multiverse, run the following from a terminal window:

sudo apt-get install sun-java6-bin


Then, to make Ubuntu use it, instead of the OpenJDK code, type:

sudo update-java-alternatives -s java-6-sun


Then restart Transmission & your chosen Web Browser and try downloading your .torrent files again.

Friday, June 13, 2008

Using GnuPG Agent on the Console

After hunting around on the internet to find a definitive answer on how to use GnuPG's Agent with a remote console (it's easy if you have X installed, even easier than that if you use the awesome Seahorse application with GNOME -- but pretty awkward if you have neither of the above)

I think i've come up with a usable solution, that uses gpg-agent's --write-env-file variable & does some minimal extra checking to make sure it doesn't get killed accidently, as well as correctly exporting the GPG_TTY variable so applications like mutt and the package builder applications on the console get the key handling right.

In your .bash_profile file, you need to add the following code near the end:


# Invoke GnuPG-Agent the first time we login.
# If it exists, use this:
if test -f $HOME/.gpg-agent-info && \
kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info | cut -c 16-`
GPG_TTY=`tty`
export GPG_TTY
export GPG_AGENT_INFO
else
# Otherwise, it either hasn't been started, or was killed:
eval `gpg-agent --daemon --no-grab --write-env-file $HOME/.gpg-agent-info`
GPG_TTY=`tty`
export GPG_TTY
export GPG_AGENT_INFO
fi


Save the file, then logout and re-login and you should find gpg-agent has been started correctly.

note: We use the "| cut -c 16-" in the first section in order to remove the duplicated GPG_AGENT_INFO= string from the output that causes errors like:


gpg-agent: can't connect to `/home/paul/.gnupg/S.gpg-agent': No such file or directory
gpg-agent: can't connect to the agent: invalid value

Sunday, June 8, 2008

Fixing Font Resolution In Epiphany

After recently scheduling a large client upgrade from Ubuntu 6.06 to Ubuntu 8.04, a number of people started complaining that fonts looked bad on the web browsers (Epiphany).

Although they all had video cards (nVidia) and monitors (Samsung SyncMaster's) in common -- a bit of Googling indicated an underlying software issue.

Fortunately, this is easy to fix.

If you open a web browser and type about:config into the location bar, which should take you to the configuration screen -- consisting of a filter box and a larger portion containing all of the relevant tweakable parameters.

In the filter textbox type: layout.css.dpi it should be a Default, Integer value (that is not bold) that looks like the screen below:



Now, if you right-click the bold text and select modify you should get a textbox appear in the center of the screen, simply use the keyboard or mouse to select and remove the -1 and enter either 70 (if you have a resolution lower than 1024x768) or 92 (resolutions of 1024x768 or higher) instead -- and press OK to return to the configuration menu.

At this point, the screen should look like the one below:



Now you can close the browser, the next time you restart it -- your fonts should look smoother and more readable.

edit: If you find that you can't edit the text-box on an OpenSUSE 11.0RC1 or Ubuntu Hardy 8.04 installation, try forcefully closing Epiphany by typing the following command in a terminal window:

killall -9 epiphany-browser && rm ~/.gnome2/epiphany/mozilla/epiphany/!lock


and then try to modify it again.

Wednesday, June 4, 2008

Updated Unofficial GStreamer FFMPEG Plugin Packages for Ubuntu 8.04

As a follow-up to my recent post about the Fluendo Codecs, I decided to take a look at the GStreamer FFMPEG Plugin. -- and because a new release had just appeared with a lot of new fixes, built packages for it.

The packages are here, are based around the recently released 0.10.4 release and been built using the recommended upstream build of FFMPEG's libavcodec and libavformat code, rather than the (much) older code that ships by default in the Ubuntu 8.04 release.

These should be drop-in replacements for anyone using the current packages in the Ubuntu Multiverse repository.

Monday, June 2, 2008

Updated Unofficial Rhythmbox Packages for Ubuntu 8.04

I've been playing about over the last week integrating a bunch of useful patches into my preferred music player, Rhythmbox.

The packages are here, are based around SVN revision 5710 and have a number of extra patches that haven't made it into the tree yet, including:

Bug 528814: RB should use podcast date and time when transferring to iPod (useful if you put your podcasts in playlists)
Bug 529873: The artdisplay plugin should be able to supply metadata (useful if you have coverart embedded in tracks and you'd like it transferred to the iPod)
Bug 345975: Show album covers embedded in files e.g. mp3 ID3 tags (very, very useful if you have art embedded in music from iTunes or some other tagging program)
Bug 140020: Song skips when position is moved maximum right (fixes a big bugbear i've had for some time, where clicking forward or back within the first second or two after fast-forwarding/rewinding with the slider causes Rhythmbox to skip the next track).

If you have been looking to try a newer Rhythmbox on your Ubuntu 8.04 installation, or have an iPod that you'd like to get more use out of, you might want to give these a go.