Computation

People on the interwebs are bitching about how the newest of the new MacBooks have this cool feature where you put two fingers on the touchpad and use the lone mouse button to simulate a right click, which apparently the 15" MacBook Pro doesn't do. People are enraged, ENRAGED, that the 15" MacBook Pro doesn't have that feature.

Interestingly, I just tried it on Tamara's iBook G4 and it works fine. Two fingers + click = right click, or ctrl + click = right click. The two fingers thing is pretty neat. Maybe it is a new feature in a recent update.

Anyway, I'm looking at getting a MacBook Pro to replace my aging desktop. I want something that I can play Halflife 2 on (even through I'm not really an enthusiastic gamer), have two EMACS frames open side by side (with a reasonable font size), lots of RAM for maintaining a Java project (stupid RAM hungry Tomcat), and enough CPU horsepower to run the occasional FDTD simulation. I also want don't want anything bigger than 15.4", to keep the weight down, since I will have to carry the thing to work occasionally. It turns out that finding a good 3D graphics card in a 15" laptop is pretty difficult, since most laptops with higher end graphics are 17" desktop replacement or workstation models. Add in a Core Duo T2500 (2.0 GHz) and a gig or two of RAM, and things get pricey fast.

Other options are the Acer Travelmate 8204WLMi and LG P1-200A9. Some people on notebook forums have have quality issues with the Acer, and I haven't been able to find any reviews of the LG at all, and I'm not sure that I want to go with an unknown quantity....

As if I need another, but oh well. I want to keep it small, hopefully not more than a couple of weekends of work (yeah right). It's a small, web based, cash basis accounting system for the lazy financial planner. Just enough to correlate expenses with a budget. The idea is to do as little data entry as possible, relying instead on automatic import of bank and credit card statements.

I could do this with a spreadsheet, but writing a program is more fun, and ultimatly less work once it is finished.

I've written before about using ssh tunnels to access servers behind a firewall, but recently I've been amazed again by the utility of ssh tunnels.

To access a web server behind a firewall, the ssh client running on the computer you are sitting at listens on a given port number, and the ssh server on the machine you connect to connects to a given host and port. Any connection made to the port on the local machine is captured by ssh and forwarded to the machine the ssh server has connected to. The -L switch accomplishes this, so for a command line like ssh -L 6789:192.168.3.134:80 remote.machine.com, the ssh client listens on port 6789, and the ssh server on remote.machine.com forwards connections to 192.168.3.134:80, which is some machine inside a private network. Now pointing your web browser at http://localhost:6789/ connects you to 192.168.3.134:80.

I recently had to help a friend with a problem they were having, and I wanted to ssh into thier machine so I could see what was going on. Unfortunatly, their machine is behind a firewall, and they didn't have the passwords to open a port. Tunnels to the rescue! I created an account for my friend on spacemonkeys.ca, so that they could ssh in. Thier machine was running an ssh server already, so they used this command to log in to spacemonkeys.ca: ssh -R 6789:localhost:22 spacemonkeys.ca. This opens port 6789 on spacemonkeys.ca, and forwards any connections to the ssh port on my friends firewalled computer. I could then ssh into thier machine from spacemonkeys.ca: ssh -p 6789 localhost.

Pretty spiffy!

A couple of the computers I am responsible for have been attacked in the last few months. The first one was my sister's computer. I enabled the ssh server, but didn't limit it to only my account, and left password authentication on instead of setting it to use keys only. My sister's password was very simple and easy to guess. That machine was running what appeared to be an IRC relay for a day or so until I caught it. I only caught it because they changed my sisters password and she couldn't log on any more, which was kind of suspicious. The auth logs showed what happened pretty clearly, and they made the amateur mistake of deleting .bash_history before logging off, not realizing that bash writes .bash_history after you log off. Since they logged in a couple of times, I only had part of the history, but enough to see what they did.

They other one was this very web server, which served as a spam relay for about 8 hours. The attackers exploited a bug in the web server or one of it's modules, likely PHP, possibly one of the PHP applications, like Drupal, Gallery, or Serendipity. The attackers didn't get root access, but managed to install an executable that ran on port 80 in the place of Apache. The executable received requests and forwarded the to my mail daemon, effectively hijacking it.

I installed the security updates for Apache and all the other stuff packaged by Debian, saved all the logs, archived the stuff that was installed, and rebooted the machine. Apache came back, just as it was. Whew. The log files showed that the attackers were somehow using wget to download stuff, so I removed wget and a bunch of other stuff (like GCC) that isn't needed or wanted on a web server.

I haven't rebuilt either machine yet, contrary to conventional wisdom. I really should. I ran a port scan on my sisters computer from my home computer, and I'm satisfied that there are no stealth processes running there (although they could listen only between 3 and 4 am or something sneaky like that). In fact there, are no processes there at all, since I disabled ssh. I can just drive over to my sisters place now if there is anything that needs fixing.

Meet Meebo, a handy web based (AJAX) multiprotocol chat client for when you are working on a computer that you don't want to or aren't allowed to install a proper chat client.

I've been using Rhythmbox for a while now, but it sort of seemed to stall a bit, and it is missing critical features. Such as ID3 tag editing. I decided to try out Banshee, which is a newer music player with a similar (iTunes inspired) interface. Problem is, it is written in C# and requires mono. I had to install a bunch of stuff from the experimental branch, and compile Banshee itself from source, which was not really a lot of fun.

Verdict on Banshee? Slower than Rhythmbox. Searching seems fast (it uses sqlite3, so it should be), but clearing the search box freezes the interface for a long time. Things I like about Banshee are the fact that you can actually edit ID3 tags in it, and that it tries to use path and filename information to fill out missing ID3 information in the interface. It apparently has good support for iPods and Nomad mp3 players, but I didn't test that. Creating playlists and other things seem similar to Rhythmbox. The version I tried didn't honour the "shuffle" button on start up. It would remember that shuffle was turned on and show the button in the right state, but the player itself never shuffled unless shuffle was clicked off and back on again. That is kind of annoying.

Since I was installing stuff from experimental anyway, I decided to try out Rhythmbox 0.9.2, which has some spiffy new features. One thing I really wanted was to be able to read the iTunes (mt-daapd) share off of our MythTV box. Thanks to Avahi, a service discovery system that works with what Apple calls 'Rendezvous', 'Bonjour' and sometimes 'ZeroConf'. And it works! It seems to scan the entire iTunes share, which takes a long time and makes the interface slow, but it does work quite nicely. Once the list has been loaded I can flip back a forth between local and remote music sources very quickly.

Unlike Banshee, searching and unsearching is quick. Initial searches are maybe slightly slower than Banshee, but clearing the search box is just as fast as searching in the first place. Another problem I had with Banshee was that it crashed trying to look at a .tar.gz file I had in my music tree. It should ignore files it doesn't know about, instead of crashing. Rhythmbox also has a habit of crashing when indexing files, but usually because of encoding problems or corrupt files, and it seems to be improving in this area.

Rhythmbox 0.9.2 also includes support for podcasts. I tried out Dave's Lounge, one of Tamara's favorites, and it worked beautifully. I haven't used podcasts enough to know if any of the features power users might want are there, but it sure seems to work well.

I also tried CJSW's feed in Rhythmbox's internet radio section, but it didn't work. Furthermore, it pretended to play it, but played the last item I had been listening too instead. That part needs some work. On a whim I tried editing an ID3 tag with Rhythmbox 0.9.2, and I was kind of shocked when it worked! Another point for Rhythmbox!

Banshee looks kind of interesting, but Rhythmbox's iTunes integration, ID3 tag editing, and podcasting support (and the fact that it is packaged by Debian) makes it the Gnome player to stick with for now.

Westgrid just acquired a couple of new IBM pSeries 595 compute nodes, and a pSeries 500 head node. Even though my thesis is coming down to the wire, I just had to try Phred out on these machines. Unfortunately, IBM's VisualAge C++ compiler still doesn't get along with boost, so I had to build it with GCC. I think it may be possible to build everything except the Python parts with VisualAge, and the Python parts with GCC.

Not that I've ever really had the need to include math in my web pages before, but the jsMath library makes it easy to do just that. jsMath is an implementation of the math typesetting engine orginally written for TeX. It uses native fonts to convert TeX markup into rendered equations, but the output is just ordinary text glyphs and a bunch of span tags.

Now I can do stuff like this:

Cool!

UNIX is cool for so many reasons, but pipes are just awesome. I think their potential is under-utilized, probably because it's kind of esoteric and unfamiliar to most people, even those that have been using UNIX for a longish time (say 5 years).

I had to add a copyright notice to a bunch of files, but I'm far too lazy to do it by hand. After all, changing a bunch of things in the same way is what computers are good at right? So, here's a script to do it, where it edits the file given as the first command line argument:

#!/bin/bash
echo -n "Editing $1... "
ed -s $1 <<EOF
1i
// Some cool project
// Copyright (C) 2003-2005 Matt Hughes 

.
w
q
EOF
echo "done."

ed is a program which can do scripted editing. The commands are generally the same as vi, so 1i goes to the first line and enters insert mode, the next three lines are the text to insert, and the line with the '.' tells ed to exit insert mode and return to command mode. w writes the file, and q quits. The <<EOF syntax is shell script for "interpret everything on the following lines until you see EOF as if it were coming from standard input". This is also known as here document syntax. The choice of EOF is arbitrary.

How can this be easily applied to a whole bunch of files? With this command:

find . -name "*.java" | xargs -n 1 sh /tmp/edit.sh

The above script is saved in /tmp/edit.sh of course. The xargs command is super-handy. Since find prints its results to standard out, but our script needs those file names on the command line, we can use xargs to re-arrange things.

xargs -n 1 sh /tmp/edit.sh means read from standard in, and for each line, execute sh /tmp/edit.sh $LINE. The -n M switch tells it to use M lines per call.

Another handy way to use xargs is to grep only the .cc and .hh files in a source tree. Since Subversion stores a bunch of extra files, Emacs writes ~ files, and so on, its helpful to limit the files being searched vs. using grep directly, i.e. grep -nr "pattern" . You could do grep -nr "pattern" .cc *.hh, but then it wouldn't recurse because none of the directory names are matched. Using find and xargs:

find . -name "*.cc" -or -name "*.hh" | xargs grep -n "pattern"

It's pretty handy. Of course, I hear those fancy IDE's can do this sort of stuff too... the grepping of only relevant source files anyway.

More info about batch editing is in O'Reilly's UNIX Power tools, or on google...

Things are heating up here in thesis land. Results are starting to come in, show-stopper bugs are getting fixed, and outlines have been written.

That aside, I managed to find some time to track down a ssh agent for Mac OS X today. Ssh'ing is a breeze from my Linux machine, since I start ssh agent when I log in, which allows my to get into any server where my public key is in the authorized_keys2 file. On OS X, it's been a pain because I have to type my password where ever I go.

No longer: SSH Agent to the rescue. No more typing passwords for me!

I also tried out iTerm, but I found it lacking because I was unable to turn off the menu accelerator keys. Meta-b is supposed to move the cursor back a word, and meta-q is supposed to copy a region to the clipboard in Emacs, not quit the application. I guess I'll have to stick with xterm for the time being.

Up until recently Tamara and I have been using Nitro on Mac OS X for all our instant message needs. Nitro is a Jabber only client, so we've been using a MSN gateway to talk to people using MSN. Both jabber.org and the MSN gateway have been increasingly flaky lately, so it was time for a change. A client which could take Jabber, AIM, MSN, etc was required.

I tried out Adium a while ago, and found it kind of over done... too much stuff. I also tried Gush, but it uses a flash interface (I think) and it's too big and slow on our little iBook. Psi is another one. It runs on OS X, Linux, and Windows. I never liked the look or feel of it though.

Enter Fire. I have never seen it on Jabber.org's client list before, but it's been around since 2000, almost five years. It handles all the required networks and seems to work very well so far. It packs a lot of functionality and configurability, but the interface seems well thought out and it is entirely usable. Recommended, if you need a Jabber client that can also talk to MSN, ICQ, etc. with a pleasant functional interface.

OpenSSH tunnels are so cool. I have a database/web app server I have to take care of in Calgary. Since the machine is behind a firewall and only ssh connections are allowed through, I can't connect directly to the web sever to use the web based management interface or for testing. I used to either open a graphical browser over the X11 connection ssh automatically sets up or use a text mode web browser.

It turns out that creating an ssh tunnel is a much better way to do things. I never really figured out what all the fuss was about with ssh tunneling, but I realized today why it's cool.

ssh -L 8300:localhost:80 mch@adams

That command allows me to log into the remote machine (adams is an entry in my /etc/hosts file) while setting up a tunnel. The -L switch tells ssh to listen on port 8300 on my desktop, and when it receives a connection, ssh connects to port 80 on localhost from the point of view of adams (i.e. itself).

This is really nice, since some programs only listen on 127.0.0.1 and not on an external interface, so they are practically firewalled.

Installation and testing of new versions of the web app is so much easier when I can use the browser on my desktop to do it!

AMAZING!

I helped Jamie get his wireless card working on his laptop today. He's bravely switching everything over to Linux, and he's got Debian on this laptop. It's a Satellite 2450 with a Linksys WPC54G card. That card has a Broadcom BCM4306 rev 02 chip in it, and it appears on the PCI bus at 14E4:4320.

There's a bunch of different cards built around this chip, and it seems like any one of them may work with ndiswrapper. It would be better if there were actual Linux drivers available, but what can you do. There are all kinds listed on this page, just search of BCM4306. I think is the driver that ended up working.

This trick, which is mentioned in one post on that page, is to change RadioState|1 to RadioState|0 in the /etc/ndiswrapper/*/*.conf files. Apparently 1 means off and 0 means on.

I recently decided to give building Phred with Python support on a Westgrid SGI machine today. This turned out to be more difficult than I really wanted it to be...