Cynic's Soapbox

This post is another of those “this will help me more than you” ones, but you never know, it may help someone other than me!

Today marked the first time I had plugged the Bifferboard into the network and after finding the first wall socket wasn’t connected and moving to the one next to it, the network led showed life. All was good. Next step was to connect to it.

I knew it had DHCP but didn’t realise that they now set a hostname of ‘biffer’ so I went and looked at the DHCP table of our HomeHub to find the IP address. D’oh! All that was needed was

telnet biffer

Et voila, the response came back

=== IMPORTANT ============================
Use ‘passwd’ to set your login password
this will disable telnet and enable SSH
——————————————

BusyBox v1.17.2 (2011-02-06 12:53:15 GMT) built-in shell (ash)
Enter ‘help’ for a list of built-in commands.

_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| – || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Bifferboard port (forked from r23226) ————-
—————————————————

Things were looking up!
Hmm, so how much space do I have?

root@OpenWrt:/# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 6.9M 2.8M 4.2M 40% /

Things were looking up!

I’d like to run a small data collection on the box which is in python, so python is a requirement not presently available. Time to figure out opkg.

opkg update
opkg install python-mini

The install went OK and completed after installing zlib (a dependancy). Next, check if all is well

root@OpenWrt:/# python
Segmentation fault

D’oh! That wasn’t really what I wanted to see

Looking at dmesg didn’t show much of help. I’d already looked at Graham Jones blog posts about the bifferboard, so decided to follow his lead and build a new OpenWRT image. Of course as it’s a custom image I can specify what should be built and so hopefully avoid having to install additional packages. Thankfully the good people in the Bifferboard community have made it easy to do this.

https://sites.google.com/site/bifferboard/Home/openwrt-git

As you can imagine, my laptop has a full set of build tools already installed, so after following the instructions, selecting a few additional packages the build is wandering along. Having done this sort of build before the pace isn’t a surprise, but if you’ve not done one before it can seem glacial. Hopefully it’ll be done later tonight and I can try flashing it onto the box.

When setting up my current servers email system, I managed to get almost everything working via SQL tables that allowed me to use a web interface for the day to day administration. It also allowed users to control most aspects of their accounts, resulting in very low administrative load. The one thing that I never quite managed to get working was setting up more complex aliases – until today.

My configuration provides redirections and aliases as seperate concepts and entities. A redirection is simply redirecting mail from one email address to another with anything more complex being an alias. Users of the system can easily create redirections for addresses they control, but aliases are only created by administrators or those given permission. The distinction has worked well.

Getting the redirections working proved as simple as adding a mysql query to the virtual_alias_maps setting in the main.cf file for postfix. The mysql file looks like

user = ???
password = ???
dbname = ???
query = SELECT destination FROM mbox_redirection WHERE address='%s'
hosts = unix:/var/run/mysqld/mysqld.sock

However, getting the full aliases to work took a bit more effort. In essence I want to replicate the functionality of the /etc/aliases file using mysql. The initial problem is that with a pure virtual setup, as we have, the contents of /etc/aliases are meant to be used by the postfix local daemon, not the virtual daemon that we rely on for the majority of our requirements.

Adding entries to just the local maps will result in an unknown recipient error as they won’t appear in the virtual maps. This means we need to have 2 entries for each alias – one for the virtual map and one for the local map. Adding every entry twice seems like a lot of work, but there are ways round it when we think about how the maps get their data.

The next poblem is that we need to bridge the divide between virtual and local map. This means we need some way of configuring a virtual address to point at a local address. The solution I settled upon was to use localhost for local addresses, so that blah@localhost would point to a ‘blah’ in the local map and would be accepted as a valid redirect internally. To accomplish this I needed to add localhost to the mydestination setting in main.cf,

mydestination = $myhostname, mail.$mydomain, localhost

Creating a table for the aliases in mysql resulted in something that looked like this

CREATE TABLE `mbox_alias` (
    `id` integer AUTO_INCREMENT NOT NULL PRIMARY KEY,
    `name` varchar(50) NOT NULL,
    `address` varchar(75) NOT NULL,
    `alias` varchar(1024) NOT NULL,
);

In the vitual_alias_maps I now need to map from an incoming address (address in the above table) to a local address that will then be mapped to the alias (called alias in the above table) I have provided. This I do by using the name field, using the mysql map file shown

user = ???
password = ???
dbname = ???
query = SELECT concat(name, '@localhost') as destination FROM
                             mbox_alias WHERE address='%s'
hosts = unix:/var/run/mysqld/mysqld.sock

This will map address to name@localhost, which will cause postfix to look for name@localhost in it’s local maps. To provide a valid mapping I added the following map file to alias_maps in main.cf

user = ???
password = ???
dbname = ???
query = SELECT alias as destination FROM mbox_alias WHERE name='%s'
hosts = unix:/var/run/mysqld/mysqld.sock

alias_maps = hash:/etc/aliases proxy:mysql:/etc/postfix/mysql/aliases.cf

As sometimes an example makes things simpler (my simple mind often needs one),

1. Create an entry for an address of myscript@example.com, with a name of myscript and an alias of |/home/me/scripts/hello
2. Email for myscript@example.com arrives
3. Virtual lookup resolves myscript@example.com into myscript@localhost
4. Local lookup for myscript find the alias |/home/me/scripts/hello
5. Local daemon pipes message to /home/me/scripts/hello

With this in place, I’m able to add aliases via the web interface and have them available immediately. If I need more complex redirections, then I can add a regex file with patterns and redirect those to @localhost addresses in the same way.

There are likely better ways of doing this, but this took me a while to figure out and so maybe this will help someone else.

Every month I have a different schedule. Not just a few days here or there, but a radically different work pattern. It’s something I’ve grown used to and something that’s second nature to me. It does, however, have it’s problems when it comes to arranging things with anyone who has more normal time constraints (i.e. the majority of the human race). The advent of online shared calendars has helped, but as work don’t provide my schedule as anything other than a text file I’ve had to be creative about getting things integrating

I moved away from running my own CalDev server a while ago and for the last year or so have been more than happy with Google Calendar. The ability to sync across all the devices that we need makes it a good choice and a few homegrown scripts allow me to parse the text file and generate entries. The Python GData library is good and makes it easy. Of course, not every service makes it that easy, as today has proven.

OAuth makes using websites easier and more secure, but it’s very much based around webpages and browsers. This is fine when it’s a webapp I’m working on, but when it’s a simple command line script it poses a few issues. After a period of trial and error – coupled with a liberal amount of abusing the search engine that’s a verb – I eventually solved my problem for TripIt. I’m not convinced it’s the right way to do it, but in case it helps anyone else in a similar situation I’ll outline it below.

Step 1
As usual, step 1 is to get an unauthorised token. This is done as usual with a call to the TripIt API. I used the OAuth Python library rather than the Python tripit.py.

Step 2
Use the TripIt APi to get the authorisation URL.

Step 3
We need the user to use a browser and visit the authorisation page, but as the script runs on Linux and people have choice, I use gnome-open to open the URL in the browser the user is using. The URL is composed of the token and a callback URL – in this case set to localhost and a specified port.

Step 4
Start a simple web server on the specified port on localhost to receive the response from TripIt when the user decides whether to grant access or not. The server is started to accept only a single request and blocks the progress until it has been received.

Step 5
Exchange the token received so far for an authorised token.

I’ve got a simple test class written and working using the BaseHTTPServer and the handle_request() function. As I only need to handle a single GET response I’ve added a simple class that overrides BaseHTTPServer.BaseHTTPRequestHandler to return a simple page that tells the user to close the page. The oauth_token returned is returned and can be checked in this function. Rather than paste all of my code, I’ve pasted the relevant bits below.

import BaseHTTPServer
...

class myTripitClass():
  ...
  class oauthHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    def do_GET(s):
      """Respond to a GET request."""
      ...
      s.send_response(200)
      s.end_headers()
      ...
      [ send a response telling the user to close the page... ]

  def startHttpServer(self):
    server_address = ('', 8123)
    httpd = BaseHTTPServer.HTTPServer(server_address, self.oauthHandler)
    httpd.handle_request()

I’ve omitted the code that’s not relevant. Filling in the blanks is left as an exercise for the reader

Presently I’m still developing so this is being run via a test script which looks as follows

from  subprocess import Popen

t = myTripitClass()
if t.oauthGetUnauthorisedRequestToken():
  url = t.oauthGetAuthorisationUrl()
  Popen(["/usr/bin/gnome-open", url])
  t.startHttpServer()
  if t.oauthExchangeRequestTokenForAccessToken():
    ...
    [ add code to do work here ]

Eventually this will be incorporated into the class (as you’d expect).

It works, but there may be better ways of doing it

Isn’t it amazing how short our collective memories are?

The weather problems that have hit the UK for the last 6 weeks are being talked about in terms of the “worst in living memory” by many media outlets, but the truth is far removed from this. Within the last 30 years there have been winters with more snow and lower temperatures which must surely count as living memory unless you live in the world of Logans Run. Houses built in the last 10 years seem to be suffering worse than those built 50 years ago, which goes against the convention that as technology improves problems diminish. Why?

I think the answer is that we, as a society, have forgotten what winter can be like. A succession of mild winters have led us to believe that houses don’t need as much protection, that snow won’t be an issue and the modern, cheaper alternatives will work better than their old counterparts. The collective memory loss is even ingrained in the industry standards, as evidenced by the NHBC specifications for gutter location.

Living in Scotland it really didn’t come as a surprise that we had snow, but the realisation that our house was built to the same standards as a house from the south coast and that we weren’t considered to be in “an area where snow is likely to accumulate on the roof” was a surprise. The ISO standards require different construction and gutter location for such areas, but those standards are contrary to NHBC. Confused? So were we.

The result was all too evident last year when around 50% of our guttering was damaged or simply ripped off by the snow from our roof. Once again we were told by the builder that our house was not in an area where snow was a consideration and Morley (the designers of the guttering) were adamant that they had not made any mistakes. The changes that were made have allowed us to weather the snow this year with far less damage, but guttering was the least of our problems when we had a pipe burst.

We’re not the only people to have suffered, but both the houses with bursts we’ve been involved in have shared a common issue – poor design. Designing a property to cope with extremes of temperature isn’t rocket science, but it’s an art that has faded away as the winters have been milder. 20 years ago public building in the area were designed with snow guards on their roofs and pipework that was carefully insulated and artificially warmed if there was any concern. Today no such protections are designed in as they increased the complexity and so the cost. The results are self evident with schools and hospitals suffering burst pipes and large snow piles blocking doors.

This winter isn’t over yet and so we don’t know if we’ll have more snow (likely) or more cold snaps, but with each year we are relearning lessons that 30 years ago were well understood. We are planning changes to overcome the design fault that caused our burst pipe and the guttering damage. We’re lucky to be in a position to make the changes.

Having just updated one of my servers to Ubuntu 10.04, I’ve had a couple of issues with the dovecot package.

The antispam plugin is for a previous version – though it’s happy enough to install which seems as though it’s a violation of the package dependancy protection. Converting from a previous installation meant I expected to be able to use the same settings – and largely I was able to – with one exception that took me a while to track down.

Basically the dovecot installation has moved to having a conf.d directory for user configuration. It’s a great idea and one that more and more apps are adopting, but sadly the deliver app doesn’t yet support using the seperate directory. This means that if you have used a file in the conf.d directory for your local configuration you need to specify it when calling deliver from the MTA (postfix in my case) using the -c option. Of course, the file needs to have enough information in to enable deliver to work – something that mine initially didn’t.

I finally took the plunge and ordered a new Lenovo X201 laptop a couple of weeks ago. It arrived yesterday after some fun and games with DHL around the delivery and HBOS around the payment.

I ordered the machine with 6Gb of RAM and a 500Gb HDD as I’m planning on dual booting the pre-installed Windows 7 with Ubuntu. As I travel a lot the large 9-cell battery was a must and doesn’t add too much to the weight. After doing some research I chose the wifi card that appeared to have the best Ubuntu compatibility and the built in webcam as carrying an external camera is something I’d rather not do.

After installing the battery and switching on for the first time I went through the usual Windows 7 install q&a. After starting a few updates were installed (as usual with new software) but far fewer than I had expected (and far, far less than our new iMac required).

Using the current laptop I downloaded the 64-bit Ubuntu 10.10 iso and then used the Ubuntu Startup Disk Creator to create a bootable USB drive. This was the first time I’d used this app and it worked exactly as advertised. (Given some of problems I’ve run into before I was anticipating some trouble creating the USB drive, so the ease with which it was done was very pleasant.)

I rebooted the laptop after inserting the USB drive and used the F12 button to choose the USB drive to boot from. To make sure that I wasn’t going to have any problems with Ubuntu I chose to run the Live version. After a few seconds of disk activity Ubuntu started without any problems. Supplying the wifi network got me online straight away validating my choice of wifi card.

Next step was to resize the Windows 7 partition making room for a new Ubuntu install. The drive arrived with the expected recovery and boot partitions meaning the Windows 7 NTFS partition was around 450Gb so I resized it to 235Gb giving me room for an 8Gb swap partition and the rest for my root ext4 partition to be created. After resizing the partition I rebooted into Windows 7 to check that Windows was happy following the change. chkdsk ran and the boot was normal.

Restarting again I used F12 to choose the USB drive and this time the Install option. I manually set the partitions and then started the installation – crossing my fingers as it started!

Things progressed at a good rate and then it was time to restart.

A couple of warning appeared but the boot continued and then the login screen appeared. I logged in and installed a few packages that I wanted before rebooting to see whether Grub 2 would work as advertised. The Grub menu brought up 2 options for Windows 7 so I chose the first and waited to see the outcome. When the login screen for windows appeared I relaxed. My work was done.

Last weekend we went to the RAF Leuchars airshow. As with many RAF bases, Leuchars isn’t located in an ideal location for getting 45,000 people to and from, resulting in traffic chaos (which was made worse this year by one of their “congestion busting” park and ride facilities being unavailable due to the heavy overnight rain). Not wanting our day to be spoiled by the inevitable hours of sitting in the car, we parked in Dundee and got the train. Buying our tickets was easy and a last minute change of platform meant we caught the train we had hoped to. To get to the train we had to pass our tickets through the electronic barriers. During the short journey to Leuchars (less than 15 minutes) we had our tickets checked by the conductor. On arrival at Leuchars we were slightly surprised to have our tickets checked again! When asked why the extra check, the response was “to make sure everyone has a ticket”.

On our return to the station at the end of the day, we joined a queue and after a few minutes boarded a train. A short journey to Dundee was followed by an easy departure from the platform with open barriers – apparently due to the number of people and the potential for crushing.

This week we were in London and used the Heathrow Express to get from Heathrow to Paddington. It’s a great service, but does seem to be very expensive. After buying our tickets we descended to the platform, boarded a train and were on our way – all without ever needing to show our tickets (this seems to be part of their business model as they advertise the ability to buy tickets on board). Our tickets were checked during the short journey but on arrival at Paddington we just walked straight off the platform without hindrance from the usual electronic barriers. Our return featured no ticket check, but then the train was virtually full and the conductor may simply have run our of time to get to our carriage.

So, basically, during our 4 journeys we only needed tickets on 2 of them!

The UK railway system is a real mess, with differing standards and policies applying across the country. It’s expensive and at peak times overcrowded. Often the carriages are untidy and rubbish facilities are too small and poorly signed resulting in an accumulation of debris. It’s hard not to feel that the great legacy of UK railway development and engineering is being let down by the current state of affairs.

After being named as the most expensive in europe several companies reaffirmed their commitment to “crack down on those travelling without tickets”. Given our recent experiences they seem to have a long way to go and the lack of consistency will probably mean that progress is slow and uneven. Maybe when more people have tickets they will be able to reduce prices – though I suspect this won’t be the case

At this moment in time we were supposed to be nearing Gatwick en route a few days in Barbados. I’d arranged the trip to coincide with Rosies birthday and we’d both been really looking forward to a few days in the sun.

We were woken by the alarm at 4:20am and quickly got ready to head for the first flight of the day, the 06:25 Edinburgh to Gatwick that was the start of our journey. I was just getting ready to put the bags in the car when I had a final check of my passport – but where was it? The bottom of my stomach fell…

Given how much I travel for work the passport is something I take great care over. It has “its place” in my bag and never leaves except to be given to immigration officials. When I travel without my usual bag the passport is replaced in “its place” as soon as I return home. It’s never out of my possession – so where was it? Even odder, where was the old, defunct passport (with the still valid visas) that wasn’t even removed on our last trip?

After ransacking every concievable place it could be, in the house, the car and all the bags from our last trip, it was nowhere to be found. Phone calls to every airport we last visited and the companies that flew us have turned up no sightings.

As a result of my carelessness we’ve missed the holiday. There is a dark mood of depression filling the house and Rosies eyes that will take a long time to clear. Even worse, I know I’m to blame

I’ve tried everything, phoned everyone I can think of and am sitting desperately hoping for a solution that deep down I know will not come. Knowing what happened to my passports would help in some small way, but I know nothing can make this right.

I think you’d be hard pressed to find voters in the UK who disagree that political reform is needed. Finding voters who had clear ideas and workable suggestions on how to do it would be harder, but that’s where sites such as 38 Degrees come in – or at least it used to.
Campaigning for political change is a delicate tightrope as a very high degree of impartiality is needed for it to be effective. I was initially impressed by the way that the 38 Degrees team had handled it, but their recent posts and offerings have led me to have doubts.
We all know the media reporting is biased, but launching a campaign targetting only one political leaning isn’t impartial, especially given the stated reason is that “over 90% of us want to stop the scaremongering about a hung parliament“. All the papers I’ve seen have carried such stories, so singling out one subset fails the impartiality test at the first hurdle.
It may have been a “knee jerk reaction” to events, but it’s one that should have been stopped by those running the site.

By default fuppes advertises it as ‘FUPPES xxx’ which isn’t especially friendly. Adding this to the config for the default device will allow you to give a more meaningful and friendly name.

      <description_values>
        <friendly_name>Friendly Server Name Here</friendly_name>
      </description_values>

The BBS2 has a large store of music, pictures and will eventually also have some video on it. There are plenty of ways of accessing it via a computer, but I wanted a solution that would allow other devices to also access it. Given the huge amount of media coverage and use in advertising I figured that using a uPnP server would be the easiest way.

Finding a uPnP server to install wasn’t hard, but finding one that worked with the various clients and devices proved harder.

uShare
This installed easily and was very lightweight. It provided easy access, but quite a few clients didn’t work with it. Coupled with the fact that the project seems dead I decided it wasn’t worth too much effort.

MediaTomb
This seemed more promising and seemed to work better at first, but once again several clients had issues with it. After using it for a while I decided that it wasn’t for me.

fuppes
I looked at fuppes quite early on in my serach, but it appeared to be a dead project. Then I stumbled across this thread which gave me pause and encouraged me to try it. Following the instructions and some extra details on the original wiki it didn’t take long to build and install and once configured worked straight away.

The project is similar to a lot of open source projects, but the directions that the current active developers intend to take it seem like good ones and as it already works I’m using it for serving the media at home.

For more on the new development there’s a blog