iTerm on OS X

Over the past week and a half I’ve been fine-tuning my Mac experience: getting used to the system in general, in particular the keyboard, and building up my arsenal of applications.

I’m not a Unix wizard, but I do make a lot of use of the command-line so I’m enjoying the underlying BSD-goodness of OS X and multiple terminal sessions are a necessity: one to tunnel select local ports to my home slackware box via ssh, one to perform local operations and one to host a screen session on our development box.

I initially used Terminal.app but running several instances of it proved a bit fiddly: if I avoid cluttering my screen real-estate by minimising my terminals and then try to switch to one it isn’t automatically unminimised. Enter iTerm.

iTerm seems to solve my problem: it allows me to have multiple shells open and accessible via a single, tabbed interface without having to think about the implications of running a screen session within another screen session.

The only real difficulty I’ve had is the behavior of the arrow keys within vim, but after much head-scratching and googling this post came to my rescue: I added export TERM=dtterm into my ~/.profile, executed a quick source ~/.profile to make the changes active and went about my merry way.

A minor niggle is when I create a new tab: it’s background colour doesn’t seem to match up with that I specified in the preferences, but this seems to be fixed by going to View > Show Session Info and turning Transparency on and then off.

All in all, I’m adjusting and next on my agenda might well be looking into Quicksilver and possibly VirtueDesktops. I still haven’t found out how to go to the start or the end of a line in vim without using ^ or $ in normal mode though…

PyAIMt

Last week I found myself with the need to communicate with some people via AIM. I’d never bothered with that particular protocol before but being a Linux enthusiast I detected the opportunity for a bit of geekery…

All my IM needs are taken care of by jabberd running on substance. I can communicate directly with the people I know who use Google Talk and I’ve the MSN transport running to keep in touch with a few folks using that network, so, instead of taking the easy route and switching to a multi-protocol client, I opted to install the AIM transport.

I downloaded the latest release, extracted it to /usr/local/pyaim-t and proceeded to simply, almost blindly, follow the given instructions.

I assigned a JID to the transport, aim.nulltheory.com, added the info into /usr/local/pyaim-t/config.xml and created a corresponding subdomain in my dynamic DNS settings.

I added the transport details into /usr/local/etc/jabberd/router-users.xml and
added an alias for chatroom.aim.nulltheory into /usr/local/etc/jabberd/router.xml. No heavy lifting so far…

I restarted jabberd and, fingers crossed, launched the transport with python /usr/local/pyaim-t/PyAIMt.py &, used my Jabber client to discover the available services and there it was, w00t!

The whole process took the minimum of effort and the lengthiest part was signing up for an AIM account: once I had that it was plain sailing to register with the transport and add the contacts to my roster. Open-source to the rescue once again :)

Fun with port forwarding

I’ve been having great fun with tunneling connections through SSH lately and today it dawned on me that I could close another hole in my firewall by connecting to my Jabber server via a tunnel. In the past, when I’ve been working remotely, I’ve made changes to my firewall by connecting to my public-facing machine; from there to my desktop machine through a DMZ-pinhole and once a presence has been established within the “green zone” browsing to the routers web-interface with lynx.

I decided to try something a bit different today. I started by forwarded an arbitrary local port with PuTTY on my windows desktop at work:

Fun by proxy - PuTTY configuration

Next up was to connect from my Slackware box over to my Kubuntu desktop and use it as a SOCKS proxy, using the previously forwarded port:

steve@substance:~$ ssh -D 8100 steve@192.168.0.2

Viola, my desktop was now acting as a proxy and was accessible through a local port. I added the details of my newly created proxy into the SwitchProxy extension for Firefox thusly:

Fun by proxy - SwitchProxy

I enabled the proxy and tested it out by browsing to whatismyip.com with both browsers available to me:

Fun by proxy - different IP addresses

Happy days. From there it was perfectly effortless to access the web-interface of my router and close the client-to-server Jabber port and to skip over to my download box and queue up a DVD to entertain me this evening.

The more I use Linux and the wealth of software bundled with the majority of distributions the more I see what is left out of windows by default. Instead of thinking “which application do I need to perform this task?” it is becoming more a question of “which protocol?” I love it!

Site update

Over the past bunch of days I’ve been back into web-development land and seeing as I was staring at code for prolonged periods I decided I might as well “enhance” this site a bit too.

I started with tweaking the frontpage: I rearranged things a bit and instead of displaying my latest blog entry in its entirety I now have excerpts from the previous 4 entries. I initially tried using the built-in the_excerpt() WordPress template tag to achieve this but I wasn’t too fussed with the result and after some brief searching I found a plugin called the-exceprt-reloaded which seems to do the job better.

It was only a month ago that I upgraded my WordPress installation to version 2.0.5 and I was aware that 2 other point releases had been since published which I ignored: I just couldn’t be bothered with the hassle of upgrading and I knew that the next minor release was upcoming and was in fact released 8 days ago.

I began the upgrade to 2.1 by packing the full site into a tarball and using the backup plugin to create a copy of the blog database. I deactivated the installed plugins, unpacked latest.tar.gz and replaced all the old files apart from .htacces and wp-config.php and wp-content/. After running wp-admin/upgrade.php the blog was up and running without any problems and I could easily reactivate my plugins.

The rest of my site wasn’t so lucky: the require_once() statement on my frontpage responsible for pulling in wp-blog-header.php was throwing a fatal error which I eventually solved by moving the statement into /index.php from its previous location.

So far the things I like about this upgrade are auto-saving of drafts and having the ability to switch between the WYSIWYG and code views smoothly which makes entering XHTML character entities and CSS classes etc much easier. The spellchecker will also come in handy when I’m blogging from my home desktop which doesn’t yet have the benefit of the Firefox 2.0 spellchecker.

Security Enhancements for Dummies

I read a thread over on linuxquestions.org recently about server “hardening” and got thinking about my own security measures and the lack there of. Here’s an example of the content of /var/log/auth on the machine this site is hosted on:

Jan 24 13:43:33 substance sshd[14182]: Invalid user test from 203.242.160.193
Jan 24 13:43:33 substance sshd[14182]: error: Could not get shadow information for NOUSER
Jan 24 13:43:33 substance sshd[14182]: Failed password for invalid user test from 203.242.160.193 port 37298 ssh2

The first time I checked the likes of that file and /var/log/secure it really disturbed me to see the megabytes-worth of failed login notifications. I felt the same way when I first started playing with Apache and saw the number of attempted FrontPage Extensions exploits logged in /var/log/apache/access_log!

That thread led me to a more detailed article which gave me much food for thought. Measures I had already taken included disabling root login via ssh by specifying PermitRootLogin no in /etc/ssh/sshd_config and I’d spent a bit of time turning off unneeded network services. When I setup the MTA on this machine I fully intended to encrypt the traffic via TLS but I’ve never gotten in the practice of using public-key cryptography and don’t personally know anyone who is so that hasn’t seen fruition yet. The consequence of this was plain-text traffic (including username/password!) which I put up with for a while but solved the problem by closing port 143 in my router and tunneling the IMAP connection through ssh.

Since grokking that info I’ve configured SSHD to only use the SSH2 protocol by specifying Protocol 2 in /etc/ssh/sshd_config and decided to see what would happen if I changed the port used to connect via ssh. Instead of changing the sshd configuration I took the lazy man’s approach and closed port 22 in my router and forwarded a differently numbered port to port 22 on this machine. I didn’t know if this would be effective but the logs have been unsullied since, take that script kiddies!

Future plans include only permitting login authentication via private keys, implementing packet filtering with iptables and scanning my home network with nmap. Be paranoid!

Ninan 1.0.5 on Slackware 11.0

A couple of weekends ago I decided to reconstruct the system I use for downloading from Usenet: I had been using a Debian machine which I had setup back when I was still trying to get into using Linux on my desktop and as such it was massively over-powered for the task at hand, namely, leeching files from binary newsgroups and making them available via a network share. What follows is a tidied up version of the notes I made as I went along. Continue reading

Friday Funk

I got into the office this morning and went through my usual routine; I’d put in a good workout and the weekend is fast approaching: life seemed good. I was logged on to my workstation, launched Outlook (I know, I know) and attempted to connect to substance via Jabber and SSH. My heart fell.

That Slackware box has been online for nearly a year now and other than my own lack of technical ability, the only problem I’ve had was when I upgraded my version of OpenSSL and OpenSSH refused to restart. Hooking up my KVM to the box and grabbing a fresh OpenSSH package solved the problem and I didn’t even have to restart the machine. A similar procedure will probably be required now.

The funny thing is that I can write this post, which indicates that both Apache and MySQL are functioning. I’ve just tried using telnet to connect to port 22 and I’m getting a response, but no joy with PuTTY. Checking my AWStats installation sometimes gives an Internal Server Error from Apache, but other times not.

Ah well, there’s nothing I can do until I get home other than to attempt to connect periodically. Not being able to get a VNC connection to my home desktop and the Debian box I use for downloading from Usenet is going to reduce the distraction from finishing off the next version of the application I’m developing. Expect an update later.

XP on Kubuntu via VMware via VNC

I finally got around to doing something today that I had been meaning to do since I got Kubuntu installed on my home desktop, namely, setting up a virtual machine running Windows XP so I can perform DVD encoding/editing/authoring. I’m a relative novice when it comes to these techniques and I haven’t put enough effort into finding the equivalent native Linux applications, so it is a case of better the devil you know for the foreseeable future. If I ever gather any significant skills in Linux application development I would love to create ports of the almighty VobBlanker and the venerable IfoEdit. As for DVD ReBuilder Pro and Cinema Craft Encoder, one step at a time, eh?

Getting VMware Workstation installed didn’t prove as difficult as I thought it would be, the only things I had to do was get the kernel header files, GCC and associated tools and it was more or less plain sailing from there, just requiring me to run the vmware-install.pl and /usr/bin/vmware-config.pl scripts. Cheers Ubuntu Forums!

I fired up VMware and created a new virtual machine and allocated 256MB of memory and 8GB of disk space; I also gave it access to the drive containing my software archives which I had to do via VMware’s shared folders feature instead of just pointing it at the drive itself, but this might just be because I didn’t launch VMware as root. The only thing left was to get the system to use an .iso image as the virtual machine’s CD-ROM. I powered on the machine and it booted off the cd image with no difficulties; I was eventually prompted to select my installation partition which I choose to format as NTFS:

XP Select Installation Partition - Screenshot

I got the installation process underway and when I next checked back the text-mode stuff had finished and the graphical installer was in action:

XP Graphical Installer - Screenshot

The installation seemed to stall at this point and when I came back from my coffee break it was still declaring that the process was 37 minutes from completion. I was regretting only giving the vm 256MB of memory, but I restarted it and the installation resumed itself ok. Entering the product key was the next major step:

XP Enter Product Key - Screenshot

I clicked through all the device driver dialogs, set the localisation info and was greeted by a near ready windows:

XP Welcome - Screenshot

Setting up networking and Windows Updates were the last couple of things to do before the installation was complete and I was presented with a virginal desktop and start menu:

XP Start Menu and Desktop - Screenshot

If you look closely you might be able to see the Windows Genuine Advantage tray icon, needless to say it was swiftly dealt with. Windows Update grabbed all patches issued since September (the rest were handily slip-streamed into the installation CD,) the machine rebooted itself and I promptly took a snapshot of it’s state in case I need to roll back to a pristine copy of XP. The only thing left hanging is accessing the shared folder I setup, but that is a problem for another day.

The world of .IFO, .VOB, .BUP files and even the likes of Photoshop is now back within my reach and what I got a kick out of was that I setup an XP virtual machine on my home Linux desktop from my XP workstation in the office, Russian Doll style. Nice.

Firefox 2

I’ve just installed Firefox 2 on my XP workstation at the office, a week after my colleague Kevin installed IE7.

The installation went smoothly and my extensions copied across ok and eventually got updated, but the theme I had been using wasn’t compatible, a new version of it wasn’t found by the add-ons manager and I didn’t like the default, so the first thing I did was look through the available themes and one that caught my eye was Mostly Crystal as it uses the Crystal SVG icon set I’ve come to love. A bit of reading on the author’s site provided me with a few tweaks to userChrome.css, which I hadn’t heard of before, and I’m content enough with the result.

Firefox 2 - Screenshot

The first difference I found was when I started to write this post and discovered that Firefox now has a spell-checker for form fields. I’ve also stumbled across the ability to open recently closed tabs which I think will come in handy. My main hope with this version is for improved memory management. As much as love, promote and endorse Firefox I’ve found it to be an absolute memory hog, to the extent that it has left my home desktop crawling at a snail’s pace when left open overnight monitoring my usenet client.

I might try to get this version running on my amd64 when I get home, either that or wait until it becomes available through the Ubuntu package system, after all, 2.0 is better than 1.5, right?

First Post From Kubuntu

Kubuntu LogoI finally installed Kubuntu on my desktop machine at home at the weekend and I must say I am impressed so far. From my first experience with Red Hat 5.x in early 1999 (I’m guessing the version number from the date, I bought my first Linux book just before the exams of the first semester of my first year of Computer Science at QUB) I knew that *nix was real computing.

My sole piece of hardware back then was an original Pentium chip running at 100 MHz with 24 MB of RAM and approximately 1.2 GB of drive space (could be wrong about that figure.) I can vaguely remember the joy of partitioning the drive and getting Red Hat dual-booting with Win95. Getting X running wasn’t easy and involved scouring the manual and blindly executing various esoteric commands at the CLI, I don’t think I got the soundcard working and the thing that eventually got me to give up was not being able to use my winmodem (I couldn’t even afford to buy an external one!)

I kept coming back though. A few years later (possibly in 2002) I upgraded to an AMD 1800+ XP processor w/256 MB, initially running Windows ME (pirated, naturally.) This was when WinXP was still new and shiny and you couldn’t just copy someone else’s installation CD, but my mate Keith slipped me a copy of the infamous Devil’s Own release and that was me, even deeper into M$ territory. When I eventually got a broadband connection I was able to download a whole array of different distributions, but there was always something that stopped me making the jump.

My last major upgrade was to an AMD64 chip in 2004 and I thought it would be a prime opportunity to move to Linux as it had more to offer on the 64-bit front than Microsoft (XP64 was in beta at the time.) I think some multimedia aspect stopped me initially and it was back to XP32 for me. I wasn’t too fussed with XP64 either as there was a great lack of any 64-bit software.

Since then I’ve been playing about a lot with Slackware on older hardware (this site is running on it) and so I’m more familiar with core Linux operation, but I had problems with X on the unofficial 64-bit port of it and gave 64-bit Debian a go but couldn’t get OpenOffice to work. But things have been different this time around. The only hiccup in the installation was with the boot-loader trying to load things from the wrong drive numbers (mobo has 2 sets of SATA channels) and since the only thing that has given me stress has been establishing a VNC connection through a SSH tunnel from my XP workstation in the office, but that’s a post in itself!

I’ve been able to write and print documents, burn CDs and download and watch multimedia all with the minimum of effort. The package manager, Adept, is easy to use and Google has been able to satisfy most of my curiosities. I’ve found not having a root account a bit strange though…

Yep, I’ve got the Linux horn.