For the last decade, I have been having a problem with how I use Linux. Of course, it was a problem with Windows and Macs too, so I didn’t feel I had the right to bitch. Now, things have changed.

Computers are very useful tools. Most of us customize our machines - we have particular applications we like: backgrounds, disk layouts, encryption schemes, and so on. It takes awhile to turn a “vanilla” installation into something you feel is your own.

Not long after you setup your masterpiece, you’ll have to upgrade it. It doesn’t matter what OS you’re running. You’ll balance the new tools and enhancements vs. the time it takes to upgrade your machine until the time comes when it’s finally worth it to upgrade. This process is annoying and time consuming, and for the last few years I’ve been avoiding it for some good reasons:

• On my work machine, it takes forever to setup a development environment. It’s hard to justify spending a few days doing this when you’re very busy.
• On my personal machines, I generally have a lot of data to backup and re-organize. Not to mention some customizations that just take a long time to re-implement.

There are obvious reasons why this problem hasn’t been solved. It’s difficult to replace the core of a system when a user has done all sorts of neat tweaks and changes. Some versions of some programs might not be supported anymore. And a great many programs all work together and depend on each other. It’s a daunting task to figure out the upgrade paths.

On Friday, I wanted to upgrade my work machine from Ubuntu 7.10 to 8.04. There are some tweaks and fixes I wanted to try. This would normally involve the following:

• Backup everything I care about.
• Wipe the machine, install the new OS with the partition scheme I want.
• Install all the apps I had and restore data from backup. Re-import everything, and make life happy again.

That’s a pain. With Ubuntu, in the “Software Updates” screen, there was a button to upgrade to 8.04. I backed up my personal settings, and gave it a shot. After the program had downloaded all the files it needed; it installed them, resolved dependencies, and told me about things that changed. Any files that it needed to upgrade that I had changed, it let me choose what to do. And then it restarted.

It came up, perfectly. I can hear a few people applauding the success. Maybe one or two people shouting out in excitement.

That’s not too bad, though. I mean, I didn’t really have anything too crazy on that machine.

Yesterday, I tried the laptop. This machine was completely customized. With startup scripts that automatically decrypt partitions, custom applications, and all sorts of fun things. Not only that, it was sitting at Ubuntu 6.10.

I went from 6.10 to 7.04. Then from 7.04 to 7.10. And, finally, from 7.10 to 8.04. It was absolutely flawless.

After each upgrade, I could see all the new tools and functionality. During each upgrade, I could use the laptop and continue to play around - until it was time to reboot.

Today, I jumped on my server - I wanted to test out some web development fun. Everything was ridiculously out of date, and I couldn’t install the software. I needed to upgrade the OS, but it was running FC4. This means I’d need to spend some serious time to upgrade it. It was annoying. My expectations had been reset. What used to be normal, was now a pain in the ass.

I used to think the only real way to accomplish steady OS upgrades was to treat the OS as an image, with an exposed API for applications. Much like a firmware image. After thinking about this solution from Ubuntu, I now realise how wrong that was. This is a much more flexible and elegant solution. It thinks forward to solve a problem you have to deal with no matter what - how every application on a machine works together - which versions play well with others, and how to migrate them all.

This is a huge time saver. It’s a daunting task that’s been completely trivialized by Ubuntu. Congrats to the Ubuntu team for this major success - I can only hope the rest of the major OSes follow with such a well done implementation.

Coffee.

Already, I can picture some people wrinkling their faces in disgust, and others leaning forward in anticipation. This has to be done, though. I am convinced that there is a massive coffee conspiracy going on, preying on the ignorant consumers of coffee.

Until a few months ago, I was a very casual coffee drinker. I’m not a fan of the legendary Tim Horton’s brew (I’m sure some people audibly gasped at that,) nor am I particularly attached to Starbucks. I’ve only had a few cups of truly excellent coffee, and always in pretty random places: A Vietnamese restaurant in Ottawa, a little cafe in London, a market booth in Vancouver, a coffee roasting shop at the back of a bike store in Whitehorse. The goal, of course, is to have fantastic coffee all the time.

When I have a good cup of coffee, I don’t drink it for the caffeine: it just tastes fantastic. It’s the promise of these few and far between cups of liquid gold that keep me from giving up on the drink as a whole. A bad cup of coffee is like drinking hot, sour acid.

Let’s talk about coffee for a minute. Coffee isn’t that complicated. There’s a coffee plant. This plant has berries. When the berries are ripe, you pick them, and take out the seeds (most berries have 2 seeds.) These seeds are then fermented to get the coating off the seed, and then dried. Check out the wikipedia article for more information. What you’re left with are green beans.

The old, ignorant Brett would occasionally buy a pound of roasted coffee at a time, and grind it before use. It wasn’t stellar coffee, but it was pretty good. I didn’t write home about this coffee. A pound isn’t very much, but costs a fortune; something in the range of 15$. To me that’s just ridiculously expensive, but I had no alternative.

Generally, you can keep roasted beans for a week or two before they start to lose their flavour. I don’t drink enough coffee to make it through a full pound in 2 weeks - so I was spending that much money for coffee that I know wasn’t at it’s prime. What do you do? Throw away the coffee you already bought, even though it isn’t very good? Or use what you have, although since it’s not as good, you don’t really want the coffee at all?

Complicating all this is how dark the coffee roast is. Sometimes, you’ll want a nice dark roast. Or, sometimes you might want a lighter roast for more of a caffeine kick. It depends on what you like. When you buy from the store, each company has a different rating - depending on a type of bean, you might want a different roast. But you can’t really experiment with how much the beans are roasted - you just buy them from the store and hope it’s what you like.

That’s why I was an indifferent coffee drinker. And then an event happened which transformed the old Brett into the Brett you literally see before you. Har har.

Chuck offered to make me a cup of coffee from beans he roasted himself. It was fantastic. He mistakenly offered me as many cups as I’d like; I’m pretty sure I had some 20 cups of coffee that first week. The coffee was roasted only a few days before consumption. Smelling the beans alone is a treat. In fact, after the first week, I felt bad for drinking so much of Chucks coffee; for about 2 weeks, I just kept smelling the ground coffee instead of brewing a cup. I did it, knowing full well how ridiculous it was to walk over to Chuck’s desk, just to open up his jar of ground coffee and smell it.

It wasn’t long before I decided that I was going to get into this whole “roast your own beans” business. The coffee was just too good to pass up on, and it wasn’t fair to continually drink Chuck’s coffee. I am very happy that I decided to get into this, as it’s made my coffee drinking experience much more enjoyable.

I assumed this process was both elaborate and expensive, and that Chuck was being extremely generous. While it’s true that Chuck is generous, it turns out that roasting the coffee beans yourself isn’t costly. In fact, it’s ridiculously cheaper than buying the beans already roasted. If you drink coffee regularly, then it’s the most cost effective solution. That it’s the best coffee you’ll ever drink is just a nice plus. This is an easy example of how doing something yourself can save you money and yield better results.

Maybe price isn’t your only concern. I would completely agree that it’s not worth the effort if the coffee is as good or worse than what you have already. A couple of points to consider:

• Green coffee beans will last for years with no degradation in quality.
• Green beans cost about 2-5$ per pound. You can buy them in bulk. 30 pounds for 100$ of Fair Trade, Organic Columbian is a pretty decent deal.
• The cool factor is quite a bit higher when you can say you roast your own beans.
• If you roast your beans, you choose how dark/light you want them to be. It’s very easy to experiment with the roasting to figure out what you like best. Some people mix roasts together.
• Freshly roasted coffee tastes significantly better. If you’re going to have coffee, then you might as well have excellent coffee.
• Darker roasted coffee actually has a lower caffeine content than lighter roasted beans. Being a computer geek, sometimes I’ll push the boundaries on how much sleep I should be getting. Caffeine helps, and if I need a bit of a boost, I can change how much I get from my coffee.
• You can get decaffeinated green beans, if you just like the taste. (That just means that there is considerably less caffeine - not that there’s none.)
• Roasting takes between 5 and 10 minutes. This isn’t something that takes a lot of your time.
• You can roast as little or as much as you want at a time. You no longer have to worry about when you have to drink the beans by.
• You can bring this coffee to work. Just get a bodum, or a drip filter, or whatever. Roast and grind enough for a week at a time, and put it in a mason jar.
• It promotes a healthy ego, knowing you’re drinking such better coffee than those other idiots who are paying more.

I’ve glossed over something. To roast your own coffee, you need a roaster. This device is just a glorified hot-air popcorn machine. It’s going to run you about 150$. I highly recommend this one. Is it worth it? Oh, my stars, yes. If you’re saving 10$ a pound on coffee, it really only takes you some 15 pounds to pay for the roaster. Then you’re saving a considerable amount of money. You’ll also want a grinder. While expensive burr grinders are apparently pretty sweet, I have an ancient thing handed down to me from my parents which I’ve had for years, and it works fine. I’ve used a stone mortar and pestle and it worked, too. Hell, I’m sure a sledge hammer would work.

Once you have the roaster, you just need some beans. I grab mine from the Green Beanery. It’s an non-profit company, based in Toronto. Their earnings go to charities to support sustainable development. Can’t go wrong with that, I say. I highly recommend the Columbian, Fair Trade, Organic beans. They taste just fantastic.

When you’re paying around 3$ a pound for absolutely fantastic coffee, all of a sudden you can just start giving it away to friends, family, and even complete strangers. You become a Robin Hood of Coffee. Spread the joy.

I have a server that I maintain.  I give accounts to various friends when they need a server to use.  You know, for whatever people do with server accounts.

Anyway, I know a bit about security, so I like to think I look after these machines.  But realistically, I don’t pay that much attention to them.  I mean, they’re automatically updated, and really don’t do much.  The biggest hole is someone on my server not setting up an adequate password.  What are the odds someone would choose a weak password?!

It took me about a week to realize that my server was compromised.  A friend of mine had a very weak password.  You know, something like “12345″ … if the account name was “12345″. 

Someone figured that out, and ran some malicious software on the server.  Did I catch it?  Nay!  But, my ISP did, when some people my machine decided to attack complained.  So, they shut down my account, and let me know about why they would do such a thing.  Of course, I’ve switched phones since I hooked up with them, so they had the wrong number, and so it took a day for me to call and bitch at them, but after that, we were all good.

Anyway, I’ve cleaned off the server and it should be happy again.  I’ve changed the offending users password, then disabled the account ’cause I was mad at it.  ”Stupid account!  Go lay down!”  Obviously I’ll pay very close attention to it, until I get bored and once again ignore it.  Maybe I’ll get around to writing a learning program to tell me when things change that I might care about.  Probably not, but hey, it’s a good idea.

Jeff was good enough to pass along this little firewall change to keep these nasty little buggers at bay.  Here it is, for those of you with servers - I think it’s a great addition!

iptables -N SSH_CHECK
iptables -A INPUT -p tcp –dport 22 -m state –state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent –set –name SSH
iptables -A SSH_CHECK -m recent –update –seconds 60 –hitcount 4 –name SSH -j DROP

This will block anyone trying to connect to 22 more than 3 times a minute.  Thanks, Jeff!

And so, here’s a friendly reminder to make sure you don’t use weak passwords.  Eventually the script kiddies will hit your account.  Might as well close that door.

I recently picked up a new lens. This lens, to be precise. Why would I do such a thing?! I will endeavour to explain through a series of stunning examples and undeniable logic. But, in the end I really got it ’cause I was doing some home renovations and wanted to procrastinate working, and somehow managed to convince myself that a new lens would not only speed up the renovations, but help me document my progress in stunning clarity.

I’ve come to realise that a high quality lens makes as much of a difference to the pictures you take as the camera itself. I’m not really going to focus on comparing lens quality here, but it’s worth mentioning ’cause it’s the real motivation in getting a lens that doesn’t zoom.

As I just mentioned, this lens doesn’t zoom - what I mean by that is you can’t adjust how close or far things look. It’s a 50mm lens, so everything looks about 1.5 times closer than it does with your eyes. Well, my eyes, too. The real reason I wanted this lens is it has a wicked F# range, going down to F1.8. The F number really means two things to me - the lower the number, the less light needed to take a picture (at the same shutter speed and ISO setting), and the lower the F number, the shallower depth of field we can shoot.

Let me explain that last bit, as it took me awhile to understand. When you have a shallow depth of field, what that means is that things get out of focus very quickly away from what you’re focused on. Think of a line between the centre of the lens, going through the subject you’re focused on, and continuing off for awhile. A shallow depth of field means that the distance you can travel away from the subject (in either direction) before things appear blurred is very short. Conversely, a large depth of field means that more things are in focus. An image taken with a small depth of field makes the subject look much sharper than a larger depth of field. That F number is something you can control when taking pictures.

For those of you that are still with me - the new lens lets me take pictures in low lighting without worrying too much about camera shake. In general, it means sharper images. It also gives me greater control of how I want the subject to be focused.

The lens that I picked up with my camera is a very good lens and its lowest F number is 3.5 to 4.5, depending on the zoom. It’s best for any of my outdoor shots, because I generally don’t want a shallow depth of field when I’m shooting outdoors, and I usually have quite a bit of light. It’s great to shoot with, but it’s amazing how much fun I can have with a lower F number.

And now for some fun. I took some shots with my camera on a tripod, with all the camera settings the same except the F number. The picture on the left is the F1.8 lens, and the picture on the right is my kit lens with F4.5:

You can click on the images to see bigger versions, if you’re so inclined. You can see a difference in how bright the images are, and the depth of field. Another bonus to the lens is that there is little to no distortion in the image on the corners, which is fairly common in the zoom lenses (especially in low light).

So, by playing with the F number, the more depth of field effects you can create. It’s really easy to do this - all you have to do is set your camera to the Aperture Priority mode (most camera’s mark this as an A on your function wheel), and select the F number you want. In that mode, your camera will adjust your shutter speed for you, so you can focus on the subject and alter the F number until you get the desired effect.

You can control the depth of field in the shot while you’re shooting, and you can control your shutter speed pretty easily - getting a lens like this means that in pretty much whatever situation you’re in, you can take nice sharp images with whatever depth of field you want, and not have to worry about camera shake, or using the flash (which pisses off your subjects). Actually, an unexpected benefit I’ve noticed with this lens is that it’s very light, and very small. For some reason, when you’re taking pics with this lens, people seem to enjoy it more than the huge kit lens. It certainly makes the camera less imposing, anyway.

A great lens really makes a difference in the shots you can take, and I saw that right off the bat. Especially in portrait shots. In fact, this was the first picture I took with the lens. I’ve taken some pictures with this lens that I just wouldn’t have been able to do with my old lens. It’s small (so I don’t smash it on things), lightweight (it’s teensy), and relatively inexpensive ($150).

Now you know. And knowing is half the battle.

Here is a little tip you may or may not have known. The PHP parser on the command line will give more descriptive error messages than the browser will.

Here is a good example:

Right now, I am working on dynamic PNG creation using PHP and GD. I am creating a blog and we want the titles to be in a specific font, but we aren’t willing to go to all of the work to create the titles in Photoshop. I’ve used this technique before, if you are interested in the actual code, post a comment, and I will send it to you.

So, I go to run my PHP just to test it out…I get this back from the browser:

The image “http://localhost/blog/brent.php?text=hello&r=17&g=17&b=17”
cannot be displayed, because it contains errors.

Oh, I see. Yes, of course. It contains errors. That totally makes sense. Now, I could go and turn on the super-duper error reporting in php.ini, but then it would show every error and warning known to man, and I don’t want that. I don’t want to write some crazy error checking code for such a small simple thing either. I just want this to work, and I know it can, and I also know I am just doing something stupid. What to do? To the command line!

brent@office:~/public_html/blog$ php -f brent.php
Warning: imagettftext(): Could not find/open font in
/home/public_html/blog/brent.php on line 51
?PNG

Now that’s more like it! There is something wrong with reading or opening the .ttf! Man, I guess I could have caught that if I had gone through the code line by line, in an ultra-tedious manner. But even that won’t catch some errors. As it turns out, the real problem was the permissions on the .ttf file. Who knew? Command line php, that’s who!

Recently, I procured a laptop from my place of business. It’s a wonderful piece of high-tech awesomeness.

I have the laptop so that I can code when I’m not at work. I’m supposed to know things about security, so I decided to encrypt the file-systems that would have confidential data on them. Plus, I didn’t really know how to do it, so this was a good excuse learn.

I decided to encrypt 2 partitions: /home and /filesystem. After making the partitions, it was pretty easy to encrypt them. For example, if I had a partition on /dev/sda7 and wanted to make that an encrypted partition on /filesystem, I would do this:

mkdir /filesystem
modprobe loop
modprobe cryptoloop
losetup -e blowfish /dev/loop0 /dev/sda7
enter a cool password
mkfs -t ext3 /dev/loop0
mount /dev/loop0 /filesystem

You’ll have to have a password ready for when you build the encrypted system.

Normally, you would change the boot scripts to ask the user for a password when the system’s booting up. But I don’t like that idea (and I couldn’t figure out how to get Ubuntu’s start up script to actually ask a question), so I decided to put the password on a USB key. I wouldn’t want the password to be sitting on the key in plain text, so I made an encrypted file system on a USB key and put the passwords on there. The password for the USB key, I just threw on the root partition of my hard drive - unencrypted. Let’s review: During bootup, a script will take the password it knows, unencrypt the USB key if it’s there, read in some passwords, and decrypt the local filesystems.

Now to boot up the machine with the encrypted partitions, you just need the USB key. So, then I just added a new rc script that will run during boot to do the work. I actually copy the contents of the key into memory so that I can unmount and remove the USB key after boot. That script is here. You’ll note that it passes file descriptors around - that’s because that was the only way I could figure out how to pass the losetup program a password - it didn’t want to accept a filename, or pipes.  The passwords are stored in files on the root partition, and on the USB key - and have to be input in the init script.
It’s pretty easy to setup a linux system to run that script during boot - just copy it into the rc.sysinit directory and make symlinks as you see fit, into the right runlevels. Make sure you run it before any service that needs the filesystems that you’re mounting.

If anyone does manage to steal the laptop, then at least they won’t be able to read any code or docs. I can also store my own stuff on there, and not really worry about it. I’ve had this running for about a month now, and I haven’t noticed a huge hit in performance. I run eclipse with the workspace in the encrypted filesystem, and it runs faster than my desktop machine. Now you know, and knowing is half the battle.

Brent clued me into 2 wicked things today:

Calgary was blessed with a new radio station!   Check out their site.  They’re playing some great music - Indie, alternative, punk … just some great music.  Very nice to have another station to listen to.  We all know Calgary’s radio selection isn’t exactly … varied.  They’ve got an online stream if you want to check it out, whilst you work.
Then, as if that wasn’t enough, he found a camera tutorial!   What’s great about it, is that it’s a great tutorial.  I highly recommend checking it out, if you’re into the photography scene.  And here’s the link!

By popular demand, I’ll finally write up this trick. I’ve been using this for a while now to upgrade one Fedora install to another.

Basically, I hate CDs. Especially burning them for an install. You can use this trick to install Fedora with absolutely no disk. It does, however, require a previous Linux install and grub. I’m sure you can do this with Lilo, or whatever, too. This will work for any Red-Hat based distro (CentOS, RHEL, etc…), and the basic idea probably applies to others.

Note - I’m assuming you know what you are doing already. This isn’t really a ‘how-to’; it’s just a quick reference.

Basic idea:
There is a boot disk .iso on the first CD. You can copy the kernel & ramdisk from the boot disk to your hard disk, and tell grub to temporarily boot that instead. This basically amounts to booting from the boot disk. From there you can do an NFS install, HDD install, or whatever.

Step-by-step:
1 - Put the .iso’s on a publicly shared NFS server
2 - ‘mount -o loop disk1.iso mount_point‘
3 - ‘mount -o loop mount_point/images/boot.iso mount_point2‘
4 - cp mount_point2/isolinux/vmlinuz /boot
5 - cp mount_point2/isolinux/initrd.img /boot
(note - make sure you aren’t wiping out something important in those steps)
6 - reboot
7 - when you get to grub, edit one of the definitions, and boot from /vmlinuz with an initrd of /initrd.img, rather than your usual kernel & ramdisk.
8 - This will boot you into anaconda, which will let you load from the NFS server you set up

I decided to pick up a tablet input device to help me in my quest to master graphics programs. Well, that’s what I told myself, but really, they’re damn cool, and the mouse just isn’t … natural. So, I picked up the Wacom Graphire 4, from my friendly neighbourhood retailer - I picked the 6×8 size. In silver, no less.

I have 2 computers, the first being a linux workhorse, the second a windows gaming machine. At the time of tablet purchase, I was upgrading the windows box, I had it booted into Knoppix to diagnose some partition problems. Don’t worry, that fact will become most important as this article progresses.

I tried the tablet on my FC5 box, and it worked in the sense that X saw the device and loaded the drivers - and in that I could right click and scroll. But I couldn’t get the pen or the mouse to move very well. And by very well, I mean that the cursor basically didn’t move. So, for fun, I threw it over to the machine running Knoppix, which noticed the tablet right away and both pen and mouse worked like magic. But why?! Well, after a bit of research, I found out that FC5 is running Xorg and Knoppix is running the old XFree server.

That was the start of what would turn out to be a good 5 hours of debugging to get this thing working, so I thought I’d share the final solution with you. Basically, the best resource is the wacomlinux project - and their docs are pretty good. Also remember your good friend google - check your Xorg.log.0 (or similar) log file for the relevant error, copy and paste it into google, and VOILA! Solutions.

In short, all I had to do was edit my /etc/X11/xorg.conf file and add 4 sections for the tablet (here’s my current config file) … and then it worked! The problem was the docs saying to use /dev/input/event0 - which really should have been written to say it’s the device that the computer things the tablet is hooked up to - so eventX, where X is the one that corresponds to the wacom, or in my case, just /dev/input/wacom. Easy to check which device with the wacdump program (ie wacdump /dev/input/event{0,1,2…} until you get the right one) - when it’s the right one, the wacdump will show you all sorts of great information about the tablet - the other inputs won’t show you anything (look specifically at the vendor info). I know that sounds a bit whack, but you’ll see what I mean when you start playing with it.

After restarting X, it all worked perfectly. So, I hope that saves you some time, should you go that route - and for the record, I totally love this thing, I think it was worth every penny.

No, I am serious. Tetris is a great game because it is NEVER over. You can always go faster, you can always make more lines. I also like Tetris because it has been ported to run on just about every device known to man, including my cellphone.

So, when I am bored, or waiting for an appointment, I simply whip out my cellphone and I am stacking blocks in seconds. But, having recently picked the game back up, I have discovered some new techniques…or theories about how to play the game.

The name of the game is efficiency. You want to be able to create as many lines as possible with as few pieces as possible. This not only creates the lines you need to move to the next level, but it keeps the screen clear so that when stuff really starts moving fast, you will be able to keep up.

The tetris game on my cellphone keeps track of your efficiency. It gives you a percentage, usually I am somewhere between 20% - 25% which means I can make a line every 4 blocks or so, which I think is pretty good.

So, here are some tips for keep your efficiency as high as possible:

1. We all know the basic 7 pieces. When it is coming down and you are flipping and positioning the piece, ALWAYS try to lay it with its longest side DOWN. This is the essence of efficiency. We are creating horizontal lines, not vertical. Placing pieces horizontally whenever possible will decrease the number of blocks you will need to create a line. It’s just a fact of math.

2. Do not get yourself into a situation where you are waiting for the long skinny piece to come and save you. You know exactly what I am talking about….you build up this huge block, already to be made into lines if only a long skinny piece will come up. But you are not in control of what is next, so don’t set yourself up in that way.

3. Always watch for the ‘next piece’. Do not think too far ahead, though. That will only lead to the situation described in point #2. By knowing what is coming, you will be able to best place the piece you are playing, and sometimes a placement that looks foolish will suddenly be genius to your audience.

One thing I would like to calculate is what the maximum possible efficiency is, given the randonmness and the 7 different pieces available. I personally have not had over 29%.