For the love of colours

Every new web site, document template or just about any other type of production typically needs a set of matching colours. This can sometimes take too much time from the real work of finishing that prototype or document on time. Wouldn’t it be great if someone had already done the job.

To my joy I found out that someone already had. Or actually, 137,200 people have. They are all using the site www.colourlovers.com. Give it a try!

Colourlovers.com sample

Trackpad issue on Acer Aspire One under Ubuntu 8.4.1

I am holding out for the OneLinux distribution specifically targeted for the Acer Aspire One. Meanwhile I have installed Ubuntu 8.4.1 according to the instructions on the Ubuntu community forums. Everything works fine apart from the trackpad which just dies on me sometimes. And when it dies it will not come back. As a matter of fact it doesn’t even help to restart the computer. I have to boot Ubuntu 8.4.1 from the CD and the reboot from the internal HD to get the trackpad operational again.

First I thought I had managed to mess things up when I opened up the AAO to insert more memory but the more I studied it the more convinced I became that the issue is in fact software related.

The trackpad never stops working in the middle of something – only when the computer has been suspended (but not every time). When the system boots up OK I can see the following two lines in the output to dmesg:


[ 25.547798] Synaptics Touchpad, model: 1, fw: 7.2, id: 0x1c0b1, caps: 0xd04771/0xa40000
[ 25.601159] input: SynPS/2 Synaptics TouchPad as /devices/platform/i8042/serio2/input/input7

However, on occasions when the mouse is not operational after a reboot, these lines are absent and instead there is one line:


[ 24.997164] psmouse.c: Failed to reset mouse on isa0060/serio2

Clearly something is not working as it should. This is really annoying and I do hope that the 8.10 release will fix it. Meanwhile, if anyone is experiencing the same issue – please let me know.

Prevent ssh dictionary attacks

If you are like me you may be running a few Linux servers that are exposed to the Internet. To manage them you have probably enabled ssh login and opened up your firewall for such traffic. Maybe you have been thinking of the risk of being attacked and perhaps you have glanced at /var/log/auth.log. Chances are that you then realised that the Internet is not the friendly place it used to be.

Now, the risk of this may be minor. Naturally you are using complex passwords (who are not?) and of course you have disabled any logins by the root account. Naturally, you use certificates instead of passwords when logging in remotely. And while on the subject – may I add a feature request for openssh to restrict remote login using password on the basis of IP range?

So, I had done all that and still felt a little uneasy. Then I found the project Denyhosts. It is a Python based tool written by Phil Schwartz that tails the auth.log file, acting on multiple incorrect logins from the same host. Suspicious hosts are added to /etc/deny.hosts so that they can’t even connect to the ssh server.

I have been running the script on two computers for a couple of weeks. On average, one or two attackers are caught each day. Currently I am running both systems stand-alone but shortly I may join up with the large number of sites that aggregate attacker information to foil them before they even start attacking my machines.

Denyhosts is not new. In fact, the latest release is almost two years old. But it is small, can be configured in a jiffy and gets the job done. To install on a Ubuntu box, just type “sudo apt-get install denyhosts”.

Good job, Phil!

Install git on Mac OS X 10.4

The other day I wrote about how I compiled and installed support for git on Mac OS X 10.5. I also use a laptop with Mac OS X 10.4 and thought naïvely that the same would work on Tiger. I was sorely mistaken.

Apparently git has a few dependencies which must have been met on Leopard but caused errors on Tiger. The dependencies are to the packages expat and asciidoc. To compile support for those the following can be done prior to running the installation of git.


# Install expat
wget http://switch.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz
tar -xvzf expat-2.0.1.tar.gz
cd expat-2.0.1
./configure
make
sudo make install


# Install asciidoc
wget http://www.methods.co.nz/asciidoc/asciidoc-8.2.7.tar.gz2
tar -xvzf asciidoc-8.2.7.tar.gz2
cd asciidoc-8.2.7
sudo ./install.sh

Once this is done, the installation of git should go smoothly.

Exchange 2007 certificate problem with Symbian phones

Earlier this year we (or rather, myself) migrated to Exchange 2007 at work. We are not a big company but even so (or perhaps because of it) we have a rather heterogeneous set of client devices. People connect using Outlook 2003, Outlook 2007, Entourage 2008, Evolution, Apple Mail, Thunderbird and all kinds of mobile phones for both standard IMAP/SMTP (with encryption of course) or Microsoft licensed ActiveSync.

Before the migration we had a frontend Exchange server and three backend servers but after the switch we have just one Exchange 2007 server. Immediately after the switch, people started complaining that non-Microsoft mobile phones could not sync against the server using ActiveSync.

Since we are rather literate when it comes to computers we had set up an internal public-key infrastructure with a root certificate authority under SSL. The Windows domain included a certificate authority running as a subordinate authority which, in turn, had signed the SSL certificate for the Exchange 2007 server. All was done according to step-by-step guides from Microsoft. When accessing the web mail or using ActiveSync from Microsoft based mobile phones it worked. But it just wouldn’t work from Symbian phones – despite the fact that they had licensed the ActiveSync technology from Microsoft.

We tried all kind of settings before we eventually found the problem. It turns out that Exchange 2007 uses a relatively new (but still quite old) feature in SSL certificates called “Subject Alternative Name”. It is a feature that allows the certificate to be used for multiple host names and not just a single Common Name. The combination of Exchange 2007 and the subordinate Windows certification authority caused this extension to be set as “Critical” in the certificate which makes the certification check fail for any client that does not understand the Subject Alternative Name – which is exactly the case for Symbian phones.

The solution was simply to create a certificate by using OpenSSL alone and flag the extension as non-critical. The common name used in the certificate is still the only name used by ActiveSync clients so they have no problem with this change. The new host names in the certificate are to my understanding only used by Outlook 2007.

Making a movie out of a set of images

Images captured at a certain interval (e.g. from a network camera in your home) can easily be converted into a movie. The simplest way to do this is to use the Linux package mencoder available as a package for most standard distributions.

For Ubuntu 8.04, mencoder can be installed just by typing

sudo apt-get install mencoder

Some tutorials on mencoder are based on an old version of the software and following them will not work. Instead the errors from mencoder will appear to indicate that some codecs are missing on the system. Installing them may solve the issue (it didn’t in my case) but will probably just waste your time.

The correct command to convert all JPEG images in a folder into a movie is

mencoder "mf://*.jpg" -mf fps=30 -o output.avi

Adjust the frame rate according to the frequency the images were taken or to make the movie go faster or slower. It is also possible to use the -speed parameter.

Rails boilerplate project

After doing a couple of Rails projects I found myself doing the same setup for each project. On top of the template project I wanted user authentication support with mail activation. Whenever it was time to implement a new project I didn’t quite remember the exact process and ended up spending too much time searching for how-to-articles. This article is a summary of the steps required to create a project with support for user authentication based on restful_authentication.

To be able to implement this you will need to have a sufficiently new installation of Rails. I am using 2.1.1 but it may work on later or earlier versions. In addition, you will need to have support for git since the restful_authentication plugin has moved to a git repository.

The name “myproject” should be replaced with whatever project name you want to use.

Create project folder

$ rails myproject
$ cd myproject

Continue reading Rails boilerplate project

Install git on Mac OS X 10.5

Git is the version control system initially developed for the Linux kernel. Nowadays it is used in many other areas and recently the Rails community has migrated from svn to git. This means that a working git client is required to install many plugins when developing a Rails application.

Git install screenshot

The best way to install git on Mac OS X is to build it from sources. The script below makes this process effortless. This script has been verified on Mac OS X 10.5.4 (Leopard) but may work on other OS X versions as well. Your mileage may vary.

Download script

Finally, an update to EOS 5D

Today Canon released the upgrade to the 5D model. Finally! And after all the rumours regarding the name it was as unrevolutionary as ever – EOS 5D Mk II. Who would have guessed?

Canon EOS 5D Mk II pre-release photo

So is it any good? Actually, my first reaction was – so so. The resolution is a great step forward sure – but who really needs 21 MP? What I do like is the increased sensitivity and I hope that it is as good as they say. Another nice thing I found in the specification is the support for micro adjustments of the AF – a problem I have had with my 20D which focuses slightly behind the subject.

One thing I could do without is the live view and the video option. Sounds like a nice-to-have feature that I would use very seldom, if ever. With the 12 minute limit on recorded video (which sounds like it comes from the 4GB limitation on FAT32) I will still carry along my Canon HV10 if I want to record video.

What I would like to have seen is:

  • Built-in GPS. I mean, come on Canon, GPS chipsets are dirt cheap and take no place at all these days.
  • Built-in WiFi to be able to trickle-sync the Images to my Aperture library without the need to physically connect the camera.
  • Bluetooth remote control compatible with any standard phone or computer.

The real problem is that with the image quality at this level I find it difficult to understand why I would upgrade again in the foreseeable future. A resolution of 21 MP craves good glass and until I have filled my bag with even more L optics I don’t think I can justify another camera. Due to that the lack of GPS and WiFi is really troubling because I know that I will have to live without it for quite some time.

So will I buy the 5D Mk II? Yeah, probably.