Month: January 2014

Over the weekend I setup a Ubuntu 8.04 installation in my apartment.  The main purpose was to have a box to use to connect to my Tivo, but I am also going to use it to play with Java servlet and jsp development.

Of course none of this is any fun without Internet access.  So I started configuring my Linksys pci wireless adapter.  Turns out that the longstanding bug that affects the WPA2 passphrase store in Gnome Network Manager is still not fixed.

Continue reading

Just like a car’s VIN number, a cell phone has a number or two that contain interesting information about the device.

There’s the IMEI number, the SIM card number and the phone number itself.  Ever wonder what pieces of information are related to those numbers?  If you go to the International Numbering Plans website you can enter those numbers in and see what you get.

After several weeks on hiatus, Music Video Friday has returned.

This week we have a trio of videos featuring Yo-Yo Ma. Yo-Yo Ma is an award winning cellist. Known for his considerable virtuosity and wide-ranging repertoire, he has delighted audiences around the world in live performances and in motion picture soundtracks.

The first video is from the dvd “The Music Garden.” This particular clip is of the prelude from Bach’s Suit No. 1 for Unaccompanied Cello. This dvd is the first of a six-part series that was filmed by Kevin McMahon and Francois Girard. This dvd was released in 2000 by Sony Classical.

The second video features the performances of several songs from motion picture scores Italian composer Ennio Morricone. The songs featured in the video are: “Gabriel’s Oboe” from The Mission, “Playing Love” from The Legend of 1900, and a suite of music from the movies of Sergio Leone. This album, Yo-Yo Ma Play Ennio Morricone, was released in 2004 on the Sony Classical label.

The third video is a live performance of the song “Slumber My Darling” by Stephen Foster. This song was featured on the studio album Appalachian Journey, featuring Yo-Yo Ma (cello), Edgar Meyer (bass), and Mark O’Connor (violin). This particular track guest starred vocalist Alison Krauss. This album was released in 2000 on the Sony Classical label.

Continue reading

Lately there has been a lot of flack going on over the Early Termination Fee (ETF) system that the major cellular carriers use to encourage consumers to abide by the length of the contract that they have signed.

Apparently a lot of people are upset that the various cellular carriers are wanting to charge a fee to get out of the contract they signed. Now I can understand that they don’t like paying some extra fee to switch carriers, however, they signed the contract in the beginning stating that they would pay the extra fee if terminating the contract early.

I can understand that there may be instances where the ETF seems onerous due to a dissatisfaction with the services or a case where the ETF is conceivably improperly levied. In fact, I had to pay an AllTel ETF when my wife died solely because the cellphone was actually in my name and not hers. If the phone contract had been in her name then AllTel would have waived the fee and just canceled the contract.

What I don’t quite grasp is why the very consumers that signed the contract are so loathe to abide by the terms. If you have ever signed a lease on an apartment, house or car, I imagine that you have agreed to pay extra fees in order to break the lease. This is a common practice and everyone seems to accept that it is worthwhile, so why is it so bad to have the same clause in the contract on cellular service?

This is part one of a short series of articles detailing the process I went through to restore a friend’s table pc after her hard drive dies due to a head crash.

Background

My friend has a Gateway CX210X Convertible Notebook. This model uses a SATA internal drive. Her drive died sometime last Friday afternoon while working in Windows. You got the standard click of the drive arm against the platter that wouldn’t stop.

I tried some basic restoration techniques to see if I could at least see the drive:

Nothing worked. So I went out and bought a new hard drive for her from one of the local computer places in Valdosta, Belson’s pcXchange.

Installation Problems

At this point I thought I was going to be homefree, boy was I wrong. The first hurdle was getting the Windows install cd to even see the hard drive. Apparently the bios for the CX210X does not have a legacy option to allow the SATA controller to be seen as a standard IDE controller. No problem, I can just use a USB floppy drive to load the drivers before the install, right? Wrong.

Continue reading

In the process of rebuilding my MythTV box with Gentoo, I found a bug in the 2.6.19 kernel when it comes to using wireless and ndiswrapper for my Linksys WMP54G v.4 PCI card.

When you configure the kernel you normally have to only select CONFIG_NET_RADIO=y and CONFIG_NET_WIRELESS=y.

But with the 2.6.19 kernel I discovered via post on a board that you also need to select one of the wireless chipsets as a module, even if you don’t plan on using it. If you don’t do this then CONFIG_NET_RADIO will still be marked as “n” when the kernel is built even though that isn’t what you selected at config time.

To check the required values you can use the following command:

zgrep CONFIG_NET_RADIO /proc/config.gz
zgrep CONFIG_NET_WIRELESS /proc/config.gz

So, I hate developers. Wait, let me clarify: I hate developers who can’t think through the user experience.

When an uninstaller is written it really should remove all file associated with the application.

Case in point, recently I moved to a Windows Mobile-based smartphone, so I needed to cross-grade to Missing Sync for Windows Mobile from the PalmOS version.

When I run the uninstaller it removed a lot of stuff, but the following data was left behind:

• Missing Sync under the home library Application Support
• Palm Hotsync under the home library Application Support
• com.markspace.missingsync.ConduitManager.plist under the home library Preferences
• com.markspace.missingsync.palmos.plist under the home library Preferences
• com.markspace.MemoPad.plist under the home library Preferences
• Palm under the home Documents directory
• Palm Hotsync under the system library Application Support

Admittedly, some of these files/directories might be valuable if you want to re-install your software for some reason, but at the very least the installer should ask you if you want to remove it.

Also, in the Hotsync folder(s) there are sometimes conduits that are not part of the Missing Sync software, so it was actually nice that those were left behind.

Why is it that some of the essential tools that are used on a daily basis are missing from OS X?

Today I wanted to use wget and found that it was missing.

Fortunately, this is a very easy thing to fix. All you have to do is download the source code from the GNU page on the wget project, then follow the standard compile steps:

1. unpack the source
2. ./configure
3. make
4. sudo make install

Note: The compiled binary is placed in /usr/local/bin so you will need to add this to your path. This process varies depending on what shell you are using, but the default shell in 10.4.9 is bash.

Every now and then I will utter a saying that I grew hearing or using that makes my assistants wonder.

Today I happened to use the saying If wishes were horses, beggars would ride in reference to one of my assistants wish that the timesheet process here was all done electronically instead of the paper system that we have.

She wondered where I get these things from. I thought it was a pretty common saying, but I had never actually investigated where it originated, so I went googling.

The first reference I found was from Bartleby.com which listed the meaning behind the saying according to the New Dictionary of Cultural Literacy as:

If wishing could make things happen, then even the most destitute people would have everything they wanted.

While this was nice, I already knew what it meant, so I went googling some more for the origin of the phrase. It turns out that it is a line from a Mother Goose nursery rhyme, entitled If Wishes Were Horses:

If wishes were horses, beggars would ride. If turnips were watches, I would wear one by my side. And if “ifs” and “ands” Were pots and pans,

There’d be no work for tinkers!

While setting up the cronjob for auto archiving data on my Piwik installation, I found that the default editor for Dreamhost shell accounts is set to use joe (Joe’s Own Editor). While this is a nice editor for many users, it is not as familiar to me as using vim, the opensource vi clone.

Combing through the Dreamhost wiki, I found the line in the crontab wiki article talking about exporting the editor setting by adding an entry in the .bashrc file in the root of your account.  This information may have been accurate at one point, but now the shell accounts are configured to use .bashrc for the non-interactive logins and to use .bash_profile for the interactive logins.

So to update you editor on your shell account you need to add the following line to the .bash_profile file:

export editor="/usr/bin/vim"

or

export editor="/usr/bin/vi"

If you prefer to use emacs, you can change the line to be:

export editor="/usr/bin/emacs"

At work we are in the process of sorting through some old books, documents and equipment in the run-up to moving into a new building.

During this process I ran across an old Mac iBook.  The model I found was a stock configuration iBook G3/800, model number A1005.  After turning it on I discovered that it was running Mac OS X 10.2.8.  My manager suggested that we just discard it since it was not upgradeable to the latest OS level and since the hardware specs were so low.  Given my penchant for playing with old, sometimes admittedly obsolete hardware, I decided to see what I could do to resurrect the little guy with Linux.

After investigating the various options available, I settled on Linux MintPPC.  This particular distribution is a port of the Linux Mint LXDE project to Debian/PPC.  The reasons behind this choice were:

1. Use of lightweight X11 window manager, which is important given the paucity of memory and hardware resources in the iBook
2. This distro is based on the Linux Mint project and Debian/PPC Linux

Installation

The installation couldn’t be much easier.  I downloaded the latest Debian/PPC net install iso image, then started up the laptop from the CDROM.  At the boot prompt enter the following:

auto url=mintppc.org

After this it’s a simple matter of walking through the standard installation process for Debian then letting the network install complete on it’s own.  After approximately an hour, I had a fully functional Linux install working on the iBook!

Post-Install Niceties

Right Mouse Click

After the installation was completed and the laptop had rebooted I began a few post-installation configuration changes.  This model iBook didn’t have the multi-touch capabilities that Apple introduced in later models, so it was limited to left-button only operations unless you add in keyboard modifiers.  The default configuration for the left and middle button operation is to use the F11 and F12 keys to operate the buttons.  Since MintPPC includes the mouseemu daemon, I wanted to configure the system to use the Mac OS X configuration of control-click to operate the right mouse button since this was the mode I was used to.  Here’s how to accomplish that:

1. Open the terminal and become root
2. cd /etc/default
3. vi mouseemu (you did backup the original right?)
4. Add the following to the end of the file:

   RIGHT_CLICK="-right 29 272"

5. Restart the mouseemu daemon:

   kill -HUP `cat /var/run/mouseemu.pid`

6. Enjoy the new configuration!

Turn Off Login Ready Beep

By default the system is configured to beep when the system is ready for login.  Since I work in a cube farm, I wanted to observe better cube etiquette by disabling this.

1. Open up the Login Window preferences: Menu -> Preferences -> Login Window
2. Enter the admin password into the authentication dialog (this is root, not your sudo password!)
3. Click on the Accessibility tab
4. Uncheck the box next to Login screen ready

Openbox Configuration Tweaks

There are a number of configuration tweaks that can be made to the default Openbox setup to improve rendering performance on machines at the low-end of the spectrum.  Here are a few that I have made.

1. Menu -> Preferences -> Openbox Configuration Manager
2. Appearance
   1. Uncheck Animate iconify and restore
3. Move & Resize
   1. Uncheck Update the window contents while resizing
4. Desktops (very subjective change with negligible performance benefit)
   1. Set Number of desktops to 2

I am still working on the final configuration to fit the hardware footprint on the iBook G3, so there will be more updates along these lines soon.

For those of you that have children I am sure you have made hamburgers and tatertots at least once for lunch or dinner.  In my experience, unless your kids are really ravenous, you have had some of these leftover after the meal as well.  As with any leftovers, the decision then becomes: do I throw them away or save them for another meal?

Recently I was faced with this same question.  Of course, the answer was pretty easy for me, I saved the leftovers.  I know that many people would have just thrown the food away.  In fact, according to a 2004 study by Timothy Jones of the University of Arizona in Tucson, 40-50% of the food harvested in the United States never gets eaten[1].  This statistic is pretty unconscionable given that the UN Food and Agriculture Organization reported that in 2010 there were 925 million hungry people in the world.[2]

This morning, I got up and looked through the pantry and refrigerator for something to cook for breakfast.  I realized that I had a plastic container half full of leftover tatertots as well as two leftover hamburger patties that needed to be eaten.  So I made some hash.

Ingredients

• two hamburger patties
• leftover tatertots
• 2 tbsp. olive oil
• salt and pepper
• garlic powder
• 3/4 cup of water

Process

1. Put two tablespoons of olive oil in a skillet to heat
2. Chop the tatertots into small pieces
3. Cube the hamburger patties
4. Add the minced tatertots into the oil and begin re-browning them
5. Add the cubed hamburger patties
6. Add salt, pepper and garlic powder to taste
7. As the mixture heats and browns add water slowly to add moisture back to the food that was lost during refrigeration
8. Once thoroughly heated, remove from skillet and enjoy!

If you have some onions or peppers, you could add them as well for even more flavor.  Also, for a Southwestern flair you could add leftover corn, tomatoes and chili peppers.

References

Image Credit: Ohio State University

Yesterday in my post on Solaris 10 Password Policy Enforcement, I outlined the steps necessary to implement the password requirements that have been decided upon in my system environment.  This post will outline the same process on the RHEL5 systems that I admin.  While the policy requirements are the same, the implementation is vastly different.

Desired Policy

To re-cap, here is the policy that is to be applied to normal users:

• at least 8 characters in length
• no more than 20 characters in length
• contain at least on letter
• contain at least one number
• forced to change at least every 180 days
• 15 minute lockout after 5 unsuccessful attempts

Implementation Differences with Solaris 10

While there were a couple of pieces of the desired password policy that I was unable to implement on Solaris 10, the ease of which the others were configured wins the game hands down.  The PAM module setup on Solaris makes it dead simple to update the policy.  All you have to do is to change the various tunable settings.  And they are all listed in fairly understandable verbiage, no complex or arcane settings.

On the RHEL5 systems I had to delve into the vagaries of PAM module attributes and ordering.  As always, it is important to make backups of any files to protect yourself and allow for disaster recovery. To implement the requirements, I had to edit two files on the system:

1. /etc/login.defs
2. /etc/pam.d/system-auth

Implementation Process

It is important during this process to recognize that if you set the PAM requirements incorrectly you can get burned to the point that the root user will be unable to login, forcing you to boot into single-user mode to recover or to boot the system from a live cd and revert the authentication files.

Setting the password expiration requirement and length setting

Before we get into this please note the warning notice from the login.defs file manpage on a RHEL5 system

Much of the functionality that used to be provided by the shadow password suite is now handled by PAM. Thus, /etc/login.defs is no longer used by programs such as: login(1), passwd(1), su(1). Pleaserefer to the corresponding PAM configuration files instead.

It is still important to configure the password length in the login.defs file so that we can account for legacy codebases.

1. Open /etc/login.defs in your favorite editor
2. Set the attribute of PASS_MAX_DAYS to be 180
3. Set the attribute of PAS_MIN_LEN to be 9

Setting the password complexity requirements

Now here is where the going gets real interesting.  Before we look at /etc/pam.d/system-auth a strong caution

Backup up the file before you alter it and open a backup terminal session as the root user before continuing.  If you put the wrong attributes in place or put the PAM directives in the wrong order you will lock yourself, root user and all, out of the system.  At that point you have two options: single user mode recovery from the console or use a live cd to boot the machine and revert to the backup after mounting the filesystem.  Oh, and it is wise to give yourself a delay with either GRUB or LILO because without the delay you won’t be able to change the boot option to allow the single user mode recovery option.

So, the file involved in this process is /etc/pam.d/system-auth and before I go into some of the nitty gritty, here’s the configuration I ended up using:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        required      pam_tally2.so deny=6 unlock_time=900
auth        sufficient    pam_unix.so nullok try_first_pass nodelay
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so
account     required      pam_tally2.so per_user

password    required      pam_passwdqc.so min=disabled,disabled,12,9,9 max=20 similar=deny enforce=users retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

The retries requirement is implemented using the following line

auth        required      pam_tally2.so deny=6 unlock_time=900

The complexity and length requirements are implements using the following line

password    required      pam_passwdqc.so min=disabled,disabled,12,9,9 max=20 similar=deny enforce=users retry=3

The following line is set to ensure that the retries count is maintained even if the counter for the pam_tally2 module is corrupted

account     required      pam_tally2.so per_user

References

Rather than go into the details of each individual attribute and how they interact, here are the resources used to develop this ruleset.  They contain an large amount of valuable information.

Image Credit: Ohio State University

I was recently handed a baseline policy that was to implemented for all users on the Solaris 10 systems that I support.  After a small amount of research I was able to find the various pieces that needed to be altered.

Desired Policy

After discussion between the security officer and the other management level staff, the following policy was decided upon:

Normal User Password Requirements

• at least 8 characters in length
• no more than 20 characters in length
• contain at least on letter
• contain at least one number
• forced to change at least every 180 days
• 15 minute lockout after 5 unsuccessful attempts

Most of the restrictions were fairly basic and could be easily accomplished.  The only one that I could find no mechanism for control of in Solaris 10 is the automatic unlock of an account after the specified 15 minute lockout.  While it is possible to determine when an account has been locked by looking at the timestamp in the syslog, there is no automated method for unlocking the account after a certain amount of time has elapsed.  I suppose it would be possible to write a script to check the entries in the shadow file then grep the syslog then do some math on the timestamp, but honestly I am not worried about it.

Implementation

The implementation process involves editing two files that are key to the functionality of user login security.  As always when altering system files it is a good idea to make backups of the originals in case things go wrong.  The files involved are:

1. /etc/default/login
2. /etc/default/passwd

Setting the account lockout (aka Three Strikes)

Generally the default on a Solaris 10 system is to set the account lockout to three password retries before an account is locked.  We decided to relax this a little and allow for five retries.

1. Open /etc/default/login in your favorite editor
2. Search for the line reading RETRIES=3
3. Change the line to read RETRIES=5

Configuring the complexity rules

The password complexity ruleset for Solaris 10 is fairly understandable.  The rules are defined in /etc/default/passwd and the values to be tweaked are:

• MINDIFF
• MINALPHA
• MINNONALPHA
• MINUPPER
• MINLOWER
• MAXREPEATS
• MINSPECIAL
• MINDIGIT
• WHITESPACE

The desired policy decided upon was to require at least one number and one letter.  There was some discussion about special characters, but it was decided to not require any special characters for normal user accounts.  Given these requirements the following process is used to implement the complexity ruleset:

1. Open the file /etc/default/passwd in your favorite editor
2. Set the password complexity tunables to look as follows

MINDIFF=3
MINALPHA=1
#MINNONALPHA=1
#MINUPPER=1
#MINLOWER=1
MAXREPEATS=0
#MINSPECIAL=0
MINDIGIT=1
WHITESPACE=YES

Setting the password expiration and length rules

Configuring account lockouts and password complexity is a great start, however it is not the complete picture.  While reasonable complexity rules will allow users to set passwords that they can readily remember, and a flexible lockout value will give some room for fumble fingers, if users are not required to change their passwords every so often then the security of the system can suffer as well.

You also should consider password length.  A shorter password, regardless of complexity, is going to be easier to crack from an algorithmic standpoint.  This is simply due to the mathematical requirements.  The problem is that user’s tend to not like long passwords.  As you increase the password length, you increase the likelihood the passwords will use dictionary words (we can account for that as well).

The agreed upon setting for normal users on our systems was 180 days.  Unfortunately Solaris 10 uses a setting measured in weeks and not days.  What this means is that the setting will have to be slightly longer.  The password length was decided to be at least 8 characters and no longer than 20 characters.  Also, Solaris 10 has no setting to enable a maximum password length.

1. Open /etc/default/passwd in your favorite editor
2. Set the value for MAXWEEKS to be the value of number of days divided by 7, rounding up
3. Set the value for PASSLENGTH to be the value of the minimum number of characters

Important Notes and Considerations

Password Length

The default algorithm used for passwords under Solaris 10 is crypt_unix.  This algorithm is not considered sufficiently secure, even by Oracle.  You should investigate using a different algorithm such as MD5 or Blowfish instead.  The default will not allow for passwords that are longer than 8 characters.  You can set the password to be longer, but all characters after the eighth position will be discarded during the authentication check process.

Retroactive Usage

Changes to the password expiration policy is not immediately retroactive.  For the expiration requirements to take effect on existing accounts you will need to initiate a manual password change for the shadow file entry to be updated.

Dictionary Words

When Solaris 10 was introduced one of the changes made to PAM was the ability to use a comma-delimited list of dictionary files to avoid usage of common words during password selection.  This can be configured with the DICTIONLIST variable in the /etc/default/passwd file.

Applying lockout to the root user

While this is not the default, you can apply the lockout rule to the root user account by editing the /etc/user_attr file and changing the lock_after_retries value for this user to yes.  Be warned this is not recommended since a locked account can only be unlocked by the root user.  If your root level account becomes locked then you will need to have an account that allows sudo access or you will end up going to some extreme lengths to re-enable access to the system.

References

Of course, none of this information is really unique.  Here is the list of resources I used to put all of this together:

For more commentary on password length, complexity, etc., see a few of these sites:

During the 2010 Tour de France in July, the Lance Armstrong Foundation and Nike worked together to print inspirational messages on the road along the route.  This was done using the Livestrong/Nike Chalkbot.

The messages were printed each morning before the stage was to start and they were washed off the road after the stage was completed.  The messages were printed using a soy-based material, which was very environmentally friendly.

In the early stages of the race I submitted a small message through the Livestrong website.  I imagine that there was a huge response and I have to wonder how many people thought their messages were going to be printed.

On August 10, 2010, 16 days after the race was over I received an e-mail from Nike stating that my message had indeed been printed during the race.  The GPS coordinates for my message are: 0.067164,42.950947 and it was printed on July 19, 2010.  According to Find Latitude and Longitude website, this is Bageneres-de-Bigorre, France.  This would have during stage 15 which ran from Pamiers to Bagnères-de-Luchon.

Here is a recipe that I got from my Aunt Cindy.

Ingredients

• 1 3/4 pounds of carrots, peeled & chopped
• 1 cup white sugar
• 1 1/2 teaspoons baking powder
• 1 1/2 teaspoons vanilla extract
• 2 tablespoons all-purpose flour
• 3 eggs, beaten
• 2 teaspoons confectioners’ sugar
• 1 stick butter

Directions

1. Preheat oven to 350 degrees.
2. In a large pot of boiling water, cook carrots until very tender.  Drain and transfer to a large mixing bowl.
3. While carrots are warm, use an electric mixer to beat with sugar, baking powder, and vanilla extract until smooth.  Mix in the flour, eggs, and butter.  Transfer to a 2-quart baking dish.
4. Bake 1 hour in the preheated oven, or until top is golden brown.
5. Sprinkle lightly with confectioners sugar before serving.

Images

The ingredients

Everything mixed in the bowl

The finished product

Notes

• The confectioner’s sugar is optional, I personally think that it is sweet enough without the sugar coating.
• When incorporating the butter into the mix, it works best to blend it in using small chunks instead of adding the entire stick at once.  I use quarter-stick chunks.
• If you are going to be refrigerating this, use plastic wrap and press the wrap down into the casserole dish to contact the top of the food.  This will help keep the moisture in the dish as well as prevent a skin from forming.
• When cooking this, resist the temptation to check it.  Soufflés can deflate or fall when they are disturbed during cooking.  As Alton would say Just set it and walk away.

The first time I made this I followed the instructions to a T, but this time I was making it with an eye towards someone who has a gluten allergy.  In researching the flour substitution, I did find that some people take the time to mill their own gluten free flour, but this was beyond my particular skill set.  What I ended up using was a gluten-free all purpose baking mix from Arrowhead Mills.

Like many people, I went out into the great choas known as Black Friday after a deal.

In my case I was focused on obtaining an Olevia 237T 37″ LCD television being sold at Target for the low, low price of $549.00.

After getting it home and plugging it all into my MythTV system, I ran into problems. First of all, since the tv had a vga input, I used the vga output of my video card instead of the svideo output. Initially I got no video, but then I realized I needed to undo some of my xorg.conf changes since I had changed the output.

After fixing the xorg.conf problem to not use the svideo port (thank you SSH!), I ran into other small problems.

Getting the resolution output right

The 237T has a native resolution of 1366×768, which according to an article at CNET.com is the most common resolution, yielding an output of 768p.

It turns out that I needed a particular video modeline in order to make the tv work properly. This required a great deal of research since manually calculating a modeline is not something that I really wanted to undertake. After finding a few online calculators, I found that I could not use them since the Dot Clock Frequency was not something that was included in the manual for the tv. So I diligently searched on the Internet to see if I could run across someone else who had this model tv (or the slightly improved 537 series) that had solved the problem. On the MythTV wiki, I ran across two entries for the 537h. I tried them both, but unfortunately the source display on the tv still reported a resolution of 1024×768. After trolling the xorg.conf logs, this turned out to be due to a failure of either modeline to be validated.

Digging ever deeper into the realms of HDTV screen resolutions and the xorg.conf options, I found that the binary, proprietary Nvidia drivers give you something that can help out a lot here, Appendix J. Programming Modes. This enables one to specify a series of validated modes and the driver will automatically validate them and use the correct output settings for the first mode that is found to be valid.

Here is what I ended up using in my xorg.conf file:

Section “Screen” Identifier “Screen0” Device     “Videocard0” Monitor    “OleviaHDTV” DefaultDepth     24 SubSection “Display” Viewport   0 0 Depth     24 Modes     “1360x768_60” “1280x720_60” EndSubSection

EndSection

Getting the right TV output

The next hurdle was to make sure that I got the right output of each of the MythTV applications.

Xine

In the configuration of the DVD player or the Video player, make sure that you launch xine with the following command:

xine -pfhq -D -r anamorphic

In theory xine should automatically display the video output exactly as is on the media, but using the command above will ensure that your get a fullscreen display. (Thanks to a posting in the Freevo-users list by John Molohan for this)

Mplayer

In the DVD or Video playback configuration you can use the following command to launch mplayer to use the correct aspect ratio (Thanks to Jarod Wilson for this tip):

mplayer -fs -zoom -quiet -monitoraspect 16:9 -vo xv %s

You can also set these same configuration options in your mplayer configuration file (~/.mplayer/config):

## Audio Output ao=”alsa”

ac=”hwac3,”

## Verbosity
really-quiet=”1″ ## Scaling fs=”yes” zoom=”yes” monitoraspect=”4:3″

double=”yes”

Internal DVD player

The MythTV built-in dvd player should display the video correctly by default.

Live TV output

When watching live television, you have a few options:

1. Leave the aspect ratio alone
2. Change the aspect ratio to be 4:3 or 16:9
3. To set the aspect ration to be Fill
4. To set the aspect ratio to be 4:3 with zoom or 16:9 with zoom

Each of these has it’s own drawbacks, but I have gotten the best results using 16:9. This setting is in the Playback options of the TV section of the MythTV setup.

References

In the application selection process for 10.5, the X11 maintainers elected not to include Xnest.

While most users will probably not need this, since you can export X11 application through a SSH connection, sometimes it is quite handy to have the entire gui session available from a remote server.

I use this when managing some of my Solaris servers. With X11 on 10.4 this was readily available, but after installing 10.5 I found that it had not been included. Initially I just copied the binary from my 10.4 install into the expected location and tried to use it. However, as I expected, the results were not particularly satisfactory, given that the binary was built against a different X11 source tree.

After posting some of my compile issues to the X11-Users mailing list (archives are here), the code maintainer released a patch to the xorg code that fixed the symbol issues that had reared their ugly heads.
For those who are interested in making it work here’s what you need to do:

1. Follow the first seven lines under the section Source installation on the XDarwin wiki page
2. Change the configure instruction line to be as follows: ./configure –prefix=/usr/X11 –enable-xnest=yes –with-mesa-source=`pwd`/../Mesa-6.5.2
3. Continue with the rest of the source instructions as posted in the wiki page
4. After copying the new Xquartz binary over, copy the Xnest binary as well: sudo cp hw/xnest/Xnest /usr/X11/bin/
5. Don’t forget the manpage: sudo cp hw/xnest/Xnest.1 /usr/share/man/man1/

Now you have a nicely patched install of the latest fixes for Xquartz as well as the Xnest binary.

If only compiling Xpehyr was working now…sigh.

Resources:

• Applications supplied with the default X11 install on 10.5

How heavy is your laptop bag?  According to my passenger airbag sensors my latptop bag is at least as heavy as a small child.

The way I understand the system is that if the passenger is below a certain combination of height and weight, then the airbag is turned off and the seatbelt light is not triggered, but if you are a little heavier and/or taller then the seatbelt light is triggered.

The point of this is apparently to prevent injuries to small or under-weight passengers by a deploying airbag.

Awful nice of my truck to want my laptop to be secured by a seatbelt but not injured by the airbag.

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

If you are a graphic designer or developer, or you just have a need to edit images, a mainstay of your Linux toolbox is likely to be the Gimp.

If you are coming from the Mac or Windows world, it is probable that you have used Adobe’s Photoshop program to achieve your image editing needs in the past.  Having used Photoshop and Gimp extensively over the past decade, I can tell you that one of the features I liked about the Photoshop environment on Windows has been the unified window.  All the palettes, toolbars and editing windows exist inside a single, unified window.

I always missed this when using Gimp on Linux (or the other OS as well, since Gimp is available for all three ).  One of the main feature draws for me to the latest Gimp release, version 2.8, was this single line in the release notes:

GIMP 2.8 introduces an optional single-window mode.

Awesome! Of course, Gimp 2.8 is not in the current Ubuntu 12.04 repository (Note: Ubuntu 12.10 has version 2.8 listed in the repository!) :

$ apt-cache policy gimp
gimp:
 Installed: (none)
 Candidate: 2.6.12-1ubuntu1
 Version table:
 2.6.12-1ubuntu1 0
 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

Not to fear! Using the following set of commands you can successfully obtain the Gimp 2.8 software as well as a compatible version of the plugin registry:

sudo add-apt-repository ppa:otto-kesselgulasch/gimp
sudo apt-get update

As you see from a policy check, after adding the repository and updating the cache, you will now be receiving the Gimp package and the updated plugin-registry from the new PPA:

$ apt-cache policy gimp
gimp:
 Installed: (none)
 Candidate: 2.8.0-1ubuntu0ppa6~precise
 Version table:
 2.8.0-1ubuntu0ppa6~precise 0
 500 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu/ precise/main amd64 Packages
 2.6.12-1ubuntu1 0
 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

$ apt-cache policy gimp-plugin-registry
gimp-plugin-registry:
 Installed: (none)
 Candidate: 5.20120523-2ubuntu0ppa9~precise
 Version table:
 5.20120523-2ubuntu0ppa9~precise 0
 500 http://ppa.launchpad.net/otto-kesselgulasch/gimp/ubuntu/ precise/main amd64 Packages
 3.5.4-1 0
 500 http://us.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages

To install it now enter the following:

sudo apt-get install gimp gimp-plugin-registry

Now you have the most recent release!

Let me preface this post by saying that satellite radio is a great service.  You get access to a whole lot of content that you might not otherwise be able to access.  When I got my new 2012 Ford F150 XLT SuperCrew, I got a trial subscription for the first six (6) months to a subset of the SiriusXM stations.  I thoroughly enjoyed listening to the selections on the Electronic and Dance stations, the BBC content, stations from Canada, and a wide variety of news outlets, not too mention the comedy channels.

On September 3rd, my trial subscription expired.  I knew that it was going to expire.  In fact, I put a reminder in my personal calendar to warn me that the trial expiration date was arriving.  I liked the service enough that I was going to subscribe so that I could continue enjoying the service.

However when the renewal date approached, I determined that it was not financially smart to sign myself up for yet one more monthly payment at this time.  No big deal, I would just use Pandora, Spotify, Google Music and standard terrestrial radio until I was where I could pay for the subscription.

That’s where it all gets painful.  When the SiriusXM customer service representative called me to make sure that I knew my trial expiration was coming up I explained that I was not currently interested in signing up to pay for it.  When he helpfully (at least in his mind it was helpful) informed me that the monthly payment was only $16 a month, I ensured him that I had actually read the mailing they sent out and knew what the prices were and I just didn’t want to continue.

Now despite the belligerent tone of voice he continued to use to try and bully me into a subscription, I finally managed to get off the call without losing my temper (which was a major feat, let me tell you).  In a logical universe, they would mark my account as having declined service and to try again in a few months (but hopefully never since I did mention that I didn’t want them to call me again) and that would end the matter.

This is where SiriusXM has failed to gain a customer.  Almost every day so far this month I have received at least one call from the SiriusXM folks (866-903-7474) trying to suck me back into the fold.  This constant bombardment is a real pain in the rear.  I can understand one or two attempts, but at some point you have to realize that continued calls are not going to get the customer.

So here’s the email I sent to the SiriusXM Customer Service folks today after yet one more call:

I realize that my trial subscription has expired. In fact I even talked to your customer representatives at least once concerning this prior to the expiration.

I happily informed the customer service representative that I knew my subscription was going to expire and that I was not interested in converting my trial at that time due to the cost, and yes that I knew it wasn’t a lot each month if I subscribed for a year. After he kept trying to get me to convert, rather insistently to the point of belligerence, I finally was able to get him to hang up.

Recently I have been receiving calls from your company (866-903-7474) at least once a day (sometimes twice).

I realize that you would like to retain customers and to gain new ones, however when a current/former customer informs you that they no longer wish to continue the subscription, it doesn’t engender good customer relations to bombard them on a daily basis with calls.

For this reason it is unlikely that I or anyone in my household will ever subscribe to your services at any point in the future. I appreciate that you have made it even easier for me to embrace the free and/or ad-supported streaming services like Pandora Radio, Spotify, Live365, Google Music, and Amazon Music.

Thanks,
Andy Fore

So instead of caring about subscribing to SiriusXM, I will just use my mobile data plan to get the most out of Internet-based streaming services that I can.  I would rather give my money to my mobile provider for data usage than to SiriusXM, since Verizon doesn’t deem it necessary to spam me with phone calls about their services.

Today while working on the AASU Blackboard VISTA custom login page, I ran into an issue loading Java applets.

Apparently, Google Chrome checks your browser plug-ins to determine if they are out of date when you attempt to load content requiring them.  Here’s a snippet from the Google Support Site about the bug feature:

To make sure you’re protected, whenever Google Chrome detects that a common plug-in on a page is out of date with a security vulnerability, a message will appear beneath the address bar notifying you that the plug-in has been blocked.

While this is a great feature, since it is an attempt to protect your computer from nefarious code, there are times that it just doesn’t work properly.

The situation I ran into is described on a chromium issue report.  Basically, the Linux version of Oracle Java 7 is being seen as out-of-date, even though it is the most recent version available.  When going into the Google Chrome plug-in preferences you may see the Java plug-in marked as disabled and showing the version number in red as well as a link to java.com to download a security update.

While Chrome does give you ability to run the plug-in each time it is used, this can rapidly become a pain in the rear.  The checkbox labeled Always Allow also doesn’t seem to work.

So what to do?  Well, you can either painstakingly click the Run this time button or you can run Google Chrome with a command line switch that turns off the plugin checking mechanism.

Being an intrepid sort that likes to live on the edge and dance where angels fear to tread, I chose to run with the checking mechanism turned off.  To update the Ubuntu application launcher to make this easier, I edited the following file:

/usr/share/applications/google-chrome.desktop

sudo vi /usr/share/applications/google-chrome.desktop

Look for the first instance of a line starting with Exec and alter it to read as follows:

Exec=/opt/google/chrome/google-chrome --allow-outdated-plugins %U

After saving the file and restarting Google Chrome you will no longer be bothered by the annoying Java plug-in error warning.  To verify this is working, you can enter the following on the command line:

ps ux | grep -v grep | grep allow-outdated-plugins

You should get back at least one result.

As a bonus, you can ensure that you are running the most recent version of Java (1.7.0_05 as of this writing) by doing the following on a command line:

java -version
javac -version

You should see something like the following:

foreandy@foreandy-iMac:~$ java -version
java version "1.7.0_05"
Java(TM) SE Runtime Environment (build 1.7.0_05-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.1-b03, mixed mode)
foreandy@foreandy-iMac:~$ javac -version
javac 1.7.0_05

Editor’s Note: This article is part of the Tales of A Linux Switcher series.

As part of my on-going switch to Ubuntu 12.04 from Mac OS X, I ran into an issue where my cdrom device was not being mapped properly in the OS.

Everything works as desired except for one little thing: the eject key on the Apple Aluminum USB keyboard was not triggering the eject sequence of the built-in slot loading SuperDrive.

I assumed that there would be a device mapped to the actual drive using a link to /dev/cdrom.  This didn’t turn out to be the case.  When using the eject command from a terminal I received the following:

$ eject
eject: unable to find or open device for: `cdrom'

When I did a directory list to find any applicable cdrom device entries in the udev root (/dev) I got the following:

$ udevadm info --root
/dev
root@foreandy-iMac:~# ls -l /dev/*cd*
ls: cannot access /dev/*cd*: No such file or directory

In order to determine exactly which device was being used for the optical drive, I looked at the output from system’s cdrom device entry:

$ cat /proc/sys/dev/cdrom/info
CD-ROM information, Id: cdrom.c 3.20 2003/12/17

drive name: sr0
drive speed: 24
drive # of slots: 1
Can close tray: 1
Can open tray: 1
Can lock tray: 1
Can change speed: 1
Can select disk: 0
Can read multisession: 1
Can read MCN: 1
Reports media changed: 1
Can play audio: 1
Can write CD-R: 1
Can write CD-RW: 1
Can read DVD: 1
Can write DVD-R: 1
Can write DVD-RAM: 0
Can read MRW: 0
Can write MRW: 0
Can write RAM: 1

The next step was to create the symbolic link in the device root to map cdrom to the appropriate device as listed in the above output:

$ sudo ln -s /dev/sr0 /dev/cdrom
$ ls -l /dev/*cd*
lrwxrwxrwx 1 root root 8 Jul 30 09:58 /dev/cdrom -> /dev/sr0

Now I can use both command line utilities to work with the optical drive as well as the built-in eject key on my keyboard.

If you want a lot more detail on this issue check out this bug comment.  While not specifically dealing with a Mac, the issues and solution are the same.

Recently I ran into an issue with several websites and their functionality, or lack thereof, on Mobile Safari in iOS 4.3.3 on the iPad.

Mobile Safari doesn’t give you much in the way of native debug tools.  There is a debug console, which will display, at least in theory, any CSS, HTML or Javascript errors.

The only problem is that it won’t actually display all HTML errors.  For instance the problem I ran into was an HTML tag mismatch between an opening H2 and a closing H3.  Mobile Safari on iOS 5.1 displayed the page as designed, however on iOS 4.3.3 the bad closing tag was omitted which meant that all the children of that H2 had the CSS style “hidden” applied to them due to a class assignment.

You would think that this might trigger an error code in the debug console, however no such error occurred, and using the Safari iOS 4.3.3 – iPad user agent in desktop Safari on Mac OS X did not exhibit the error.

In searching for a tool to assist with debugging this problem natively on the iPad I ran across a great bookmarklet by Mark Perkins, called Snoopy.

This bookmarklet gives you all kinds of nifty information about the page you are looking at, including a view of the generated source.  Thanks to this tool I was able to find out exactly what was breaking the display on the iPad.

One of the touted features of the unibody design MacBook Pro line was the introduction of two different graphics processing units [1].  Initially they shared two Nvidia GeForce chipsets. Beginning with the Core i5 and Core i7 models, this was changed to use an Intel HD Graphics chipset and either an Nvidia chipset or an AMD chipset (depending on the model and year of introduction).

This was put forth as a great power savings feature, but as many users have seen it has had unintended consequences. [2, 3, 4]

I have had no real issues involving this until I fired up Photoshop CS5 last night and found that the canvas window was missing! Now to be fair this doesn’t appear to be a problem on Snow Leopard, but nonetheless it was passing strange.  After some diligent searching, I discovered that the solution appears to be turning off the automatic graphics switching and rebooting the laptop. (Hint: it’s in the Energy Saver system preference pane)

After doing this all was once again well with Photoshop.  So if you encounter some odd graphics issues with your unibody MacBook Pro and Lion, try it and see if it helps.

References