Saturday, December 18, 2010

Ubuntu 10.10 (Maverick Meerkat) Upgrade Notes

I just upgraded my Macbook to Ubuntu 10.10/Maverick Meerkat (long story involving incessant curiosity and the need for libpam_python), from 10.04 (see previous post on the install).

There were a few issues, but nothing major:

1) The config API for my window manager, Awesome, changed a little. This is really just Awesome's fault, and was in an unmodfied part of my ~/.configs/awesome/rc.lua. The binding for mod-w changed from:
function () mymainmenu:show(true) end
To:
function () mymainmenu:show({keygrabber=true}) end
So I made that change in my config and things were golden. ~/.xsession-errors was helpful in finding this.

2) gnome-power-manager changed (either default configs or actions) so it hibernates my machine whenever I'm on battery power below 2%. Unfortunately, my battery-level reporting is broken and permanently stuck at 0%, so it triggers each time the power cord accidentally comes undone.

Fix is to use gconf-editor (or gconftool-2 or whatever) to set /apps/gnome-power-manager/actions/critical_battery to "nothing". Now it prints an angry message, but is otherwise harmless.

3) Not a new issue with 10.10, but something that's been intermittent with with Macbooks is a crackling on the left headphone channel. (The external speakers aren't good enough for me to tell whether it's on the speakers too.) The "S/PDIF" channel causes this -- mute it if it's not already muted, and the crackling goes away.

That's it!

Tuesday, December 14, 2010

Easy SOCKS proxy with autossh

Worried about your non-https connections when you're at the coffee shop on public wifi? It's super-easy to proxy your connection over ssh through a box whose connection you trust. Check it:

I assume, for convenience, that you're using Firefox on Linux. It should be relatively easy to adapt these instructions to different browsers and platforms. I also assume you own a box you trust somewhere, on a connection you trust to some degree (i.e., a wired connection). I'll call this your  "trusted machine". (In my case it's a box that sits in my apartment and acts as a fileserver, among other things.) This is a hard requirement.

Also, I prefer to stay on https whenever I can, so I use the EFF's HTTPS Everywhere extension. This will redirect you to https versions of sites when you navigate to plain-http versions.

Setting up the SOCKS proxy is extremely easy: ssh(1) can do "dynamic" application-level forwarding (i.e., SOCKS):

$ ssh -D localhost:1080 -N trusted.box

Now you're listening on localhost:1080 (or whatever other port you choose), which can be specified as your SOCKS proxy. In Firefox, go to: Preferences -> Advanced -> Network -> Connection -> Settings -> Socks Host, and enter hostname "localhost", port "1080" -- not "HTTP Proxy" at the top, like everyone does the first time.

That's a pain in the ass, however, because you have to re-establish the ssh tunnel every time you lose your connection. autossh is the solution.

Make sure you can log in to your trusted machine without a password, otherwise autossh won't be able to automatically reestablish your connection. Either use a private key without a password, or, preferably, an ssh-agent. (keychain(1) is useful for making ssh-agent more convenient. Getting a comfortable ssh-agent environment is probably the most tricky part of this, but the payoffs widespread when you get it working.)


Now, instead of the ssh(1) command above, run this:

$ autossh -D localhost:1080 -N trusted.box

autossh will reestablish the connection when it fails. I have a tiny shell script called 'tunnel' which just runs the above command.

For added convenience, install something like QuickProxy to easily enable and disable the SOCKS proxy.

[Edit: Chrome can be set up to use the proxy like this:

google-chrome --proxy-server="socks5://localhost:1080" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"

]

Monday, October 4, 2010

Suspend Problems with Gigabyte GA-770TA-UD3

I have a desktop machine with Gigabyte GA-770TA-UD3 motherboard, and up until now I've been unable to suspend it in Linux. It would suspend, then immediately wake up. If I ran, e.g., 'pm-suspend' from the command line, I would see this in /var/log/messages:

[   92.192894] PM: Syncing filesystems ... done.
[   92.268839] PM: Preparing system for mem sleep
[   92.268847] Freezing user space processes ... (elapsed 4.87 seconds) done.
[   97.140091] Freezing remaining freezable tasks ... (elapsed 0.00 seconds) done.
[   97.140218] PM: Entering mem sleep
[   97.140228] Suspending console(s) (use no_console_suspend to debug)
[   97.140386] pm_op(): usb_dev_suspend+0x0/0x20 returns -2
[   97.140388] PM: Device usb8 failed to suspend: error -2
[   97.140390] PM: Some devices failed to suspend
[   97.140421] PM: resume of devices complete after 0.029 msecs
[   97.690227] PM: resume devices took 0.550 seconds
[   97.690247] PM: Finishing wakeup.
[   97.690250] Restarting tasks ... done.

The motherboard has a usb3 hub in it -- thanks to this post I figured out it was the xhci module that was holding up the suspend.  I did 'sudo modprobe -r xhci' and confirmed I could suspend.

To "solve" it permanently, I'll put a file in /etc/pm/config.d with the line:
SUSPEND_MODULES="xhci"
 Whee.

Sunday, October 3, 2010

Notes on a New Laptop

My current laptop (a mid-2007 Macbook, machine model "Macbook 2,1" with the T7200 Core 2 Duo) is starting to age: the edges of the case are splitting (like all early-revision Macbooks of this model), I've yet to replace a broken 'i' key cap, part of the display is slightly discolored from a run-in with a bowl of olive-juice, and the trackpad button sometimes sticks, causing constant mouse-clicks.

That said, it's perfectly usable for my purposes at the moment. I'm starting to consider possibilities for a replacement, though. These are my conclusions:

My current machine is 5lbs with a 13.3" screen. (My work laptop is 4.5lbs, with 13.3" screen). Both of these are totally acceptable, though I could probably get a larger screen *or* lighter machine now. Battery life is important.

I've not outgrown the 120GB disk -- this means I could spring for a 128GB solid-state disk and see what all the fuss is about.

I'm looking only at ThinkPads right now. Those keyboards are just too nice, and they have generally solid Linux support.

The W series seems too heavy; T series looks just about right. I like the Core 2 Duo a bit better than the i5/i7 because of the lower power consumption (25W vs 35W).

The ThinkPad T400s seems just about right, but it looks like it's discontinued (http://shop.lenovo.com/us/notebooks/thinkpad/t-series/t400s). Other likely candidates are the T410 (on the heavy side) and T410s. The X201 is also a possibility, but it has a small screen (12.1").

Sunday, September 5, 2010

Mongol Rally 2009: A Retrospective

Fair warning: This post is not about technology.

About a year ago, I had just gotten back to the United States from Mongolia, where I took part in the insane, awesome event that was the 2009 Mongol Rally, as a part of Team Great Job!. I reckon the 2010 rally is finishing up right about now.

It was an amazing experience.

We bought a used car in Düsseldorf, Germany. It came with a scratched up copy of Hakim's Tamni Aleek in the CD player, which became our official start-of-a-new-journey music. Our trusty steed was a 1999 Nissan Micra, which we named 'Goat' in part because of its hardy nature, and in part because of our questionably-tastful decision to tie a goat skull to the front when we got into Mongolia.

We randomly ran into a friend from our university radio station in a market in Amsterdam.

Some mechanics in Poland fabricated a sump guard for our car out of sheet metal. We communicated with drawings, by talking on the phone to a friend of the mechanics who spoke some English, and via a short explanation written in Polish by our couchsurfing host, Bolek.

We broke down in Vilnius, Lithuania (broken U-joint), and the head mechanic at the local Nissan shop was so interested in our trek that he his crew repaired our car, and did some extra maintenance, for free -- all while staying late on a friday evening.

It took three tries (with three different car registrations) to get into Russia at the Russian-Latvian border. We finally got through with the help of some nice Latvian college students we met at a bar (which had become our local base of operations), one of whom registered the car with her father's address.

At a farmer's market somewhere in Russia, we bought a kilo of by far the most delicious almonds I have ever tasted. Every almond I have tasted since is but a shallow and unworthy imitation.

We tried to make a U-turn in Moscow. Ha!

We didn't get to go through Kazakhstan, even though we had the visas, because of our long delay in getting into Russia. We drove straight to western Mongolia.

I got to drive through the Russian mountains near Mongolia in the middle of the night, windows down, blaring Italian hip-hop. We stopped once at a waterfall which we could hear and smell but, because of the pitch black, could not see.

We camped out many nights under the beautiful Mongolian sky, next to the Gobi. The washboard-textured dirt roads repeatedly rattled our rear-view mirror off, and broke our gas gauge so it read about a half-tank lower than it had (which frightened us until we discovered the real situation).

Compared to many other teams, we got by without any major run-ins with the law. We got pulled over just a handful of times, and never had to pay a fine/bribe.

Teammate Will, as chief documentarian (and a professional photographer), wrote some excellent essays, with photos, as we were on the trip. They are far more detailed and better-written than this post. He also compiled portfolios of photos from Europe and Mongolia. Check it out! Also check out his photos from times when he's not hurdling across Europe and Asia in a Nissan Micra.

My thesis is this: I thought it was a great 2 months. I learned a lot and experienced a lot. It was stressful as hell in parts, too. We raised a good chunk of change for the Mercy Corps in Mongolia. Seeing Europe in a car is actually quite nice, though. You get to park outside cities, stay in cheap euro-camping, and take the tram in. It gives you freedom to move between cities that you don't get with just public transportation. Then, after that, you can get around in places that don't have real public transportation, like rural Latvia and Russia, and, well, pretty much all of Mongolia outside of Ulaanbatar.

It's not terribly expensive, either. I didn't have an apartment at home in San Diego, and everything except my plane tickets back from Ulaanbatar (bought on short notice since we didn't know till late when we would actually get to Ulaanbatar), was cheaper than just paying my rent in San Diego. Including those bastard plane tickets, it was an extra month-and-a-half of rent.

If anyone's thinking of doing something similar, do it!

Sunday, August 29, 2010

AppEngine CampusMap

When I was a sophomore in college, I wrote CampusMap with David Lindquist. It had a Google Maps-like interface for an interactive map of the UCSD campus, complete with walking directions. It was way better than the official 1990s-style CGI map the university had (and still has, 5 years later) on its website.

We just finished converting the old UI code to Google AppEngine, where the map can live on, for free, without the constraints of my cheap $15/mo shared hosting. It's running at the same URL as before -- campusmap.michaelkelly.org.

Some lessons learned:
  • Online processing is for chumps. Disk space is really, really cheap. Like, unimaginably cheap. For any data that doesn't change, pre-calculate and serve up static content. The old version of CampusMap potentially did an online run of Dijkstra's algorithm (with some caching). The new version has all the path images pre-generated and *never* calculates them.
  • Writing your own JS is for chumps. Use a framework. You really don't want to worry about whether your users are on IE or Safari or whatever, or if Firefox for OS X doesn't generate a keysym for the 'minus' key.
  • Running stuff on your own server, unless you absolutely have to, is also for chumps. You don't want to worry about the version of your webserver or web framework, or whether the power went out in the one building where your server lives. Let someone like Google or Amazon do that for you so you can focus on the unique aspects of your app.
All of this is common knowledge now, but it sure wasn't to us back in 2005.

Saturday, July 17, 2010

Notes from The Next HOPE

I've been spending most of my waking hours at The Next HOPE the last two days. Big notes to self (and anyone who reads this) so far:
  • Support Tor. I've got an always-on bastion machine on my little apartment network. Maybe I should run a Tor node?
  • Check out Monkeysphere. Use an OpenPGP web of trust to authenticate SSH and SSL keys! There's no Chromium plugin as yet. Consider helping with that?
  • Firefox plugins: HTTPS Everywhere, Perspectives, Certificate Patrol.
  • Club-Mate is very nice.
  • USB tethering works extremely well with the Nexus One and a Linux laptop (assuming you've got good cell coverage), and tethering over GSM can be a nice alternative to a wifi network you don't really trust.

Tuesday, May 25, 2010

Notes: Look for password manager

Phishing attacks are worrisome and increasingly sophisticated. I shouldn't have to check the URL bar myself -- a password manager in my browser should do that (and I should trust it enough to be suspicious if it doesn't autofill for a site I know). This will also allow me to strengthen my password-generation methods relatively painlessly.

Issues:
1. Losing the encrypted password file is catastrophic. Must be aggressively (but safely) backed up.
2. Access on other machines. Should I even be logging in on other machines, anyway? Do I really need this?

I must isolate myself from OS changes, and ideally against browser changes as well. Something with a plugin for FF and Chrome (for Linux/OSX/Windows) would be satisfactory.

Should there be a web frontend so I can retrieve my stuff? Must be javascript so my unencrypted shit never touches the server unencrypted. (Is the browser, of all places, REALLY where I want to be unencrypting this, anyway?) I would need to trust the vendor.

Hmm.

Thursday, May 20, 2010

ion3 -> awesome?

I just bought a 24" external monitor and have been fiddling with a dual-screen setup (laptop at 1280x800, external at 1920x1080). The problem, of course, is that this is not a rectangle.

xrandr gives me lots of options, but ion3 was stubbornly insisting that my laptop's screen was 1080px tall.

I ended up trying out the window manager 'awesome'. So far so good: tiling and stacking modes. It supports a bunch of predefined layouts which focus on one master window and a bunch of secondaries. This matches the way I work, and the way I've set up my ion3 workspaces. Rearranging is more freeform than ion3. I'm bothered that I can't save workspace layouts the way I can in ion3 (because windowless frames aren't an entity unto themselves).

It understands non-rectangular virtual screens, though, which is what I'm after.

[Edit: I've since tried dwm and xmonad, but I've lazily stuck with awesome because its default configuration is a bit nicer. Don't want to edit some .h file and recompile. Don't want to have to do too much config to get menu bar with time, list of virtual desktops, window titles, etc. Happy so far, though -- could use any of awesome, dwm, or xmonad.]

Friday, May 14, 2010

Ubuntu 10.04 Install Notes

These are my notes (mostly for myself, but maybe useful to someone else) about a clean install of Ubuntu 10.04 on a Macbook. Previously running 8.10. Will update these notes as I get things working.

How to get Macbook version:
sudo dmidecode -s system-product-name
(It's "MacBook2,1" for me.)

I installed ion3 and brought my old configs over. gdm shows me an ion3 session. xdm and slim do not work because they cannot start xorg (xorg can't set up the display with the intel drivers; no obvious command-line differences).

Window Manager:

I prefer to use an ~/.xsession, so I made this file in /usr/share/xsessions/:
[Desktop Entry]
Encoding=UTF-8
Name=Xsession
Comment=Run ~/.xsession
Exec=/etc/X11/Xsession
Type=Application
My ~/.xsession starts up various apps (mainly xscreensaver, gnome-power-manager, and ivman) then execs /usr/bin/ion3. Everything works smoothly. (Info on creating an .xsession file.)

Networking:

Wired connection works fine out of the box. I installed wicd, but I couldn't connect to any wireless networks until I uninstalled network-manager:
sudo aptitude remove network-manager
aptitude complained that ubuntu-desktop recommends network-manager-gnome, but you can do it anyway and everything works fine.

Trackpad:

gsynaptics and gpointing-device-settings both work for configuring the trackpad, but all the settings are lost on reboot. The New Hotness for storing configuration settings is udev, so and I have a synaptics config file at /lib/udev/rules.d/66-xorg-synaptics.rules, but I either screwed up writing the configs or applying them, so I just added calls to synclient(1) to my ~/.xsession.

xscreensaver instead of gnome-screensaver:

I prefer xscreensaver, so I start it in my ~/.xsession. ion3 knows it's my preferred screensaver, so I can lock the screen just fine. I removed gnome-screensaver entirely to prevent it from being started, ever. Seems to work.

Gnome sounds

There are some sounds when I click buttons in gtk applications. Turning sounds off in a gnome session doesn't help. Just remove the directory in /usr/share/sounds?

Monday, February 22, 2010

Thursday, February 4, 2010

omg new blogz0r

So this is how easy it has become. I remember writing my own blogging app in Perl (which, to be fair, was totally unnecessary), which required me to edit a text file if I ever wanted to delete a comment.

THE FUTURE IS NOW

This doesn't mean I'll start blogging again -- I just wanted to snag halting-problem.blogspot.com :)