Reuben Budiardja's Blog

pdfMergeOddEven: merging PDF files with Odd and Even pages

2010-02-06T14:23:52Z

Often I have to digitize document printed on double-sided paper. Unfortunately the scanner / copier automatic feeder I have can only read single side document. So in this case, I have to scan the odd pages first as PDF, then scan the even pages as PDF. Then comes the problem on how to combine them. So here's the solution: pdfMergeOddEven.

pdfMergeOddEven is a simple python script takes two input: the odd pages file and the even pages file, and output a file which is the result of merging the two input files with the odd pages taken from the first input, and even pages taken from the second input. On command-line, it simply takes the three files as argument:

pdfMergeOddEven.py oddFile.pdf evenFile.pdf output.pdf

pdfMergeOddEven is actually just a simple python script that uses the wonderful python library PyPdf to do PDF manipulation. You can download pdfMergeOddEven here.

Installing Google Earth on Fedora 12 64-bit

2010-01-24T23:48:28Z

I had a little bit of trouble trying to install and run Google Earth 5.1 on Fedora 12 64-bit (x86-64). After the install (by executing

GoogleEarthLinux.bin

), running Google Earth results in a crash with signal 11. It turns the cause is that Google Earth is a 32-bit application, and it needs 32-bit libraries, which by default are not installed for 64-bit Fedora 12 installation. So all I had to do is to install some more 32-bit libraries (in no particular order, since

yum

should figure out all the necessary dependencies) by doing the following:

yum install glibc.i686 libcanberra-gtk2.i686 freetype.i686 libXrender.i686 libXrandr.i686 mesa-libGL.i686 gtk2.i686

Also, in particular, since I am using proprietary nVidia driver from RPM Fusion, i also needs the 32-bit library of nVidia, and that is satisfied by:

yum install xorg-x11-drv-nvidia-libs.i686

Note that I already have some other 32-bit libraries installed in my system due to other things. If you find that you still have a crash after installing those, you may need other 32-bit libraries that I just missed listing it up there. So for completeness, here's all the 32-bit stuff installed on my system. You can try installing those. It won't do any harm to install all those with

yum

other than taking up more space.

Convert JVC .MOD files to DV and Import them to Kino for editing

2010-01-18T02:32:34Z

Recently I have the opportunity to deal with MOD files that comes from JVC Everio camcorder. The transfer from the camcorder to my linux machine is straightforward, since I can mount the comcorder as USB mass storage, and copy the files. The video clips comes as MOD files and each of the MOD file corresponds to every time one hits the Record and stop button on the camcorder

I want to be able to edit the video clips using Kino, and then export it as a single movie. There are a couple of problems: first, Kino only reads DV file. So we have to convert this MOD files to DV files first. The second problem is that there is no easy way to import a whole bunch of DV files at once. You can do it by importing one file at a time to the "storyboard", but if you have a lot of DV files this becomes really tedious. So in this post, I show how I dealt with these two problem.

First we have to convert this MOD files to DV since Kino deals natively with DV. It turns out the .MOD files are just
MPEG-2 files, so dealing with them is pretty straightforward. We can use FFmpeg to convert them. (I think Kino can actually import them, but here we deal with them separately so we can also tackle the second problem). We can do this just by doing something like the following for every file:

ffmpeg -threads 2 -i file.mod -s pal -r pal -aspect 4:3 -ac 2 -ar 48000 -y file.dv

Now to import all the DV files at once, we just have to create the XML file that Kino can read as its project file. Kino uses
SMIL, and to just add multiple DV files to it is pretty simple. We only need to know the duration of each clip (the DV file), and then just add each file inside the SMIL file. We can use mplayer to find out the duration of DV file, and do something like:

mplayer -identify file.dv -ao null -vo null -frames 0

So combining the those two steps, we can write a python script to do them at once to all of our .MOD files. The code below does just that:

#!/usr/bin/python

import os
import glob
import sys
import commands

kinoFile = sys.argv[sys.argv.index('-f')+1]
fp = open(kinoFile, 'w')

xml = """\
<?xml version=\"1.0\"?>
  <smil xmlns=\"http://www.w3.org/2001/SMIL20/Language\">
    <body> 
"""
fp.write(xml)

modFiles = glob.glob('*.MOD')
modFiles.sort()

for file in modFiles:
  dvFile = file[:-4] + '.dv'

#-- convert MOD file to dv using ffmpeg
  cmd = 'ffmpeg -threads 2 -i '+ file + ' -s pal -r pal -aspect 4:3 '
  cmd += '-ac 2 -ar 48000 -y ' + dvFile
  print cmd
  os.system(cmd)

#-- interrogate file to find its duration using mplayer
  cmd  = 'mplayer -identify ' + dvFile + ' -ao null -vo null -frames 0'
  cmd += ' 2> /dev/null | grep ID_LENGTH'
  buffer = commands.getoutput(cmd)
  duration = float(buffer[len('ID_LENGTH='):])

#-- convert duration to hh:mm:ss.sss format for Kino SMIL file
  hours = int(duration) / 3600
  seconds = duration - (hours*3600)
  minutes = int(duration) / 60
  seconds = duration - (minutes*60)

#-- print string
  xml = ''
  xml += '      <seq>\n'
  xml += '        \n'
  xml += '      </seq>\n'
  fp.write(xml)

xml = """\
    <body>
  </smil>
"""
fp.write(xml)
fp.close()

(NOTE: if you copy the code above and paste it, for some reason you'll get "# " sign in front of every line. You need to remove this otherwise it'd just comment out the whole code. A better option is download it.)

To use it, you can download the code, go inside the directory where all the MOD files are, and run it as follow:

mod2kino.py -f myproject.kino

This convert all the MOD files as DV, then create the file

myproject.kino

with all the DV files referenced in it. Now you can just open

myproject.kino

from Kino, and start editing the storyboard.

What I Want To Have in Google Voice

2009-07-05T23:04:07Z

Google Voice is probably the first Google services I am really excited about. I heard about Grand Central (Google Voice predecessor) a while back when Google started to acquire it, and had been waiting for it to open up for new user. Most of other Google services were probably novel in their integration and use of AJAX and dynamic HTML, but none of them were novel idea in itself (the one I would use anyway). I don't need another email service like Gmail, because I have my own domain and server; I don't really need online calendar, I have my own, and it had been done before Google Calendar; I don't need blog service, I have my own blogging software on my server; I don't need online document storage like Google Document, because I can access file server from anywhere and get what I need. In that sense, Google Voice is really novel because it is something that I am sure even the most hardcore geek would find it really hard to have a similar service, and at any reasonable cost.

Another factor drives my excitement. My wife and I do not use that much cell phone to make it worth paying a monthly subscription fee for a family plan. Even using the smallest plan we still waste a lot of unused minutes every month, and we had never been able to get rid of them year after year. Plus we wanted to cut cost. Plus we have a landline that can receive phone call which we are not paying for. Plus I have an office phone in my office. So we use prepaid plan. So we only want to use the cellphones when necessary (i.e. no other phone that can ring to get us). So you can see how Google Voice is really a service that fulfill our need.

I got Google Voice invite this past week, and have been started setting it up and using it over the weekend. So far it has been great. It is living up to its hype. The settings is easy and intuitive just like other Google services. However, in trying it out for the last several days, there are few things that I wish Google Voice had. Here they are:

1. Finer Grain "Ring Schedule"
In Google Voice you can set a ring schedule for the phone, but right now you can only set it for Weekend and Weekdays, and Time for Weekends and Weekdays. It needs to have finer grain scheduling, at least a daily schedule, so that one can set different ring schedule on each day: M, T, W, TH, F, ST, SU. A more sophisticated one would be to integrate this with Google Calendar, so that one can have regular / repeat schedule, and custom schedule for sometime in the future as set in Google Calendar.

2. Finer grain scheduling for "Do Not Disturb"
This is similar to above, except for the "Do Not Disturb" settings, which turn off the ring to all phones and send phone call directly to voicemail. I suppose one can do this with (1) above, but this could be a handy global settings that override (1).

3. Accessing "Contact" through the phone system
One can access Google Voice via its phone system. A feature that I wish it had is the ability to search through my Contact for a phone number. This is useful in situation where suppose I don't have access to internet / Google Voice web interface, and need to make a call to a person whose number I already stored in my Contact. I should be able to call Google Voice phone system, search for a Contact, and tell it to make the call for me. Google already has the technology to do something like this (search via phone system) in Goog411, so it should only be a matter of implementing the same thing in Google Voice.

I already sent these feature suggestion to Google via their web interface. I hope Google implements these in the near future. In the meantime, if you've gotten an invite and try it, what do you think of Google Voice ?

Science and Christianity: In Conflict or In Relationship ?

2009-04-17T03:08:33Z

This is a sermon note I wrote when we had a worship series on the theme: “Struggle and Triumph” at my church. As member of the worship committee, each of us share our own experience or story of struggle and triumph. Mine was on the subject of “Science and Religion”, as something that I have been interested in, and struggled with in the past to reconciles my worldviews.

In this writing, although I use the more general word “religion”, what I really mean is by religion in general is the traditional Judeo-Christian as religion. I do not take credit for all the thoughts and ideas here, as I have been influenced by many people through books and dialogue. Also, this writing could use a lot more editing to be much more coherent, nonetheless I decided to just put this out as it is (as editing it never seems to happen ).

My interest on the subject started when I was in my last year in middle school. I started to go to a catechism class in preparation for baptism. During one of the class periods, we had time to ask any kind of questions. Well, during the same year I started to learn about evolutionary biology in at School. So naturally, the question came up, Genesis versus Evolution, which one is correct? In our catechism class, we pretty much read Genesis (almost) literally. The pastor argued that science's definition is something that can be repeated in the laboratory. Since no evolution process had been repeated in laboratory, it's necessarily not science. Hence it's easier and more scientific for us to accept the account of creation as it's written in Genesis. Evolution is wrong, Genesis is correct. I will skip on explaining why this argument is incorrect on all accounts, however this illustrates one way to view the relationship between science and religion: they are in conflict. One side is right and one side is wrong; or in this case, “religion”, or more precisely “the literal interpretation of Genesis”, is correct, science is wrong. Of course this is just one example. There are other views / groups that take this position, for example: Creationism, the Young Earth Creationism, and Intelligent Design Theory. From the “scientific” side there are also many examples of scientists saying that religion and the Bible are totally wrong, and that we don't need them at all. It is pretty easy to find these examples. A recent example is the book called "The God Delusion" by Dawkins, which attacks Christianity and the believe of the existence of God.

Continue reading "Science and Christianity: In Conflict or In Relationship ?"

Primer on Code Development

2009-04-09T03:30:00Z

I was helping someone to debug his program, when I ended up explaining these practices to do code/software development more effectively. It turned out that I have mentioned these practices to more than one person. So that prompted me to write them done as a blog entry, in the interest to document them, and in the remote chance that these may help someone else.

As I primarily write in Fortran these days as part of our research efforts, some of these would be specific to that language, although some may apply more generally to software development.

Some of these requires the use of specific compiler flags, so when applicable, I will give specific flags for the several compilers that you can easily get: G95 (open source), GFortran(open source), and Intel Fortran Compiler (free for non-supported non-commercial license)

So here are what I think should be the basic primer of code development.

1. Generate Debug Symbol
Always generate debug symbol during compilation when you are doing development. Debug symbol puts the necessary information into your executable so you can see your original source code, variable names, and routines when you run the executable with a debugger. This is extremely helpful when trying to troubleshoot and debug your code. The drawback of this is that it can make your executable size larger. But the advantage so overwhelm the drawback it would be simply silly not to use this, especially during development phase. Of course when you compile the code for production, this is not necessary.

To generate the debug symbol, use the flag (all compilers):

-g

.

Continue reading "Primer on Code Development"

Dijkstra's Truth on Fortran ? He Got it Wrong

2009-04-02T02:25:35Z

Today while browsing I stumbled across this rather old writing by Edsger W. Dijkstra. Particularly, this quote, which he considered to be "the truth that hurt", is what intriguing to me:

FORTRAN --"the infantile disorder"--, by now nearly 20 years old, is hopelessly inadequate for whatever computer application you have in mind today: it is now too clumsy, too risky, and too expensive to use.

Well, guess what, he got it wrong, mostly.

Maybe I shouldn't be too harsh. Maybe he did got it right for the language FORTRAN as he knew it. But Fortran as a language, is still alive and kicking. It is still being used as one of the primary language for Astrophysicist and computational scientist alike. Code written in Fortran is supported and run on many clusters and supercomputer to do simulations, including on one of the faster supercomputer on this planet.

Using almost all of the language features of Fortran, combined with Object Oriented principles, our latest radiation magnetohydrodynamics code for astrophysics simulation, named GenASiS, is also written in Fortran.

Here's another quote from Dijkstra (he seemed to dislike FORTRAN):

The sooner we can forget that FORTRAN has ever existed, the better, for as a vehicle of thought it is no longer adequate: it wastes our brainpower, is too risky and therefore too expensive to use.

I do not think I will forget Fortran any time soon, nor do the people in this group, for example, to mention a few.

Where should Hubble look next ?

2009-01-30T01:16:10Z

As part of the International Year of Astronomy, the Hubble Space Telescope site has a poll for you to vote where the space telescope should look for its next discovery. There are six choices to pick, and anyone can cast a vote.

I personally voted for the Star-Forming Region: NGC 6634, a region where stars are born. Why ? Just because in my career as a graduate student I have been always involved with the investigating the death of a star, I though it would be refreshing to see where they are born.

So, cast your vote: http://youdecide.hubblesite.org/
and if you are lucky, you may also get the poster of the Hubble image too as a winning prize.

G95 Bug with Bound-checking

2008-12-03T15:07:58Z

I found that array assingment using array constructor to an allocatable array as member of a derived type gives out-of-bound error when bound checking is enabled. For example, the following does not work (trigger out-of-bound runtime error):

myArray%Data = (/3,4/)

while the following works:

myArray%Data(1) = 3 myArray%Data(2) = 4

Data is an allocatable rank 1 array with 2 elements.

Here are the test program (testArray.f90) and the the module file (ArrayModule.f90). I use the following flag to compile and run it:

g95 -c -fbounds-check ArrayModule.f90 g95 -fbounds-check testArray.f90 ArrayModule.o

I tried with earlier stable version of g95, and the latest snapshot I found on G95 website. The following are the version information:

$ g95 -v
Using built-in specs.
Target:
Configured with: ../configure
Thread model: posix
gcc version 4.0.3 (g95 0.92!) Oct 23 2008

$ /usr/src/g95-install/bin/x86_64-suse-linux-gnu-g95 -v
Using built-in specs.
Target:
Configured with: ../configure
Thread model: posix
gcc version 4.0.3 (g95 0.92!) Nov 14 2008

GFortran version 4.3 compiled (with the same flags) and run this test problem just fine. Portland Group compiler (PGI) (with its own bound-checking flag) can also compile and run the test program.

I reported this to the G95 developer.

Bug: "Save As" Dialog Box Should Not Start with /tmp by Default

2008-10-29T16:11:56Z

Here's a scenario that just happened to my wife that should not. This is on Fedora 8 with KDE.

Open a document from email attachment (with Kmail), that opens in OpenOffice.

"Save As" the document so that it can be edited.

OpenOffice "Save As" dialog open with the default directory "/tmp/kde-username" because that is where Kmail put its attachment.

Name the file something else, and save.

Edit the file, saving regularly, then shutdown the computer when finish.

Next time computer boot up, the document is gone, potentially loosing hours of work

I know all the arguments blaming the user. As a technical person, regrettably that was my first reaction also. On second thought, for regular user, who can tell what /tmp is ? Regular user does not know that /tmp are cleaned every reboot. Furthermore, in a hurry, if one just want to save quickly so that it can be used the next time computer boots up, it's understandable that user makes the mistake to save the document to whatever default directory is presented by the dialog box, thinking that she can always re-open it from "Recent Document" menu.

This is not limited to Kmail or Openoffice, I just tried and it's the same with KPDF, Kghostview, etc. Firefox opening files in application also has similar problem.

What should be the general solutions for this ? Should this be the responsibility of the desktop environment project (ie. KDE, GNOME) from their "Save As" dialog rather than each individual apps ? I'm thinking of filling a bug report but then I'm not sure whom I should file this with.

I can think of some hacky band-aid solution to prevent document loss next time like a rotating backup of /tmp for the next two reboot or edit the boot up script to not delete /tmp, etc, but none of those is a good enough general solution.

Maybe it should be sometime like:

Default to $HOME directory for saving if file is opened from /tmp

Have a shortcut in the dialog to go to the directory where the document is opened from (ie. "/tmp/kde-username") for the case where one would actually
just want to save a temporary file there. Probably have a "warning" and a "don't warn me again" or "do this automatically next time" preference.

Do you have any thoughts ?

Update: A quick Google search yields that this is a general known problem that a lot of people has complained about. Unfortunately there is still no good once-for-all solution. Here are some references:
http://www.murrayc.com/blog/permalink/2006/10/31/tmp-does-not-belong-in-file-save-dialogs/
https://bugs.launchpad.net/openoffice/+bug/39854
http://www.kieransenior.co.uk/journal/2008/04/16/openoffice-writer-error-writing-file/
https://lists.ubuntu.com/archives/ubuntu-mozillateam-bugs/2007-August/020413.html

Managing Your Online Account

2008-07-20T23:32:32Z

With the proliferations of online services, multiple online accounts and identities can become hard to manage. Remembering multiple passwords is certainly not the solution, and using the same passwords for all your accounts is certainly insecure. To deal with that, I pick a middle-of-the-road approach, which is, -- as always --, a trade between security and convenience, but without sacrificing either one of them. I share how to do this in this post.

I categorize every online account into the following category: Secure account, Privacy account, Insecure account, and Throw-away account.

Secure account would be accounts you have on the site you trusted most that holds very valuable and private data. Examples of these are probably your bank online account, your credit card website, email/webmail, online stores that hold your credit card data, or any other financial related account. You know, or at least think, the companies that hold these accounts to be trust-worthy, and expect them to protect your account or identities. Transaction with these companies are done in secure manner, for example via SSL-encrypted website.

Privacy account would be a step less secure than the secure account. You mainly want to protect your privacy on these account, prevent unauthorized access and your online profile, but in the worst case scenario that these accounts get compromised, it won't be particularly devastating to you or incur financial damage, although it may cause some inconvenience. A lot of social networking site such as Facebook, Friendster, Linked-in, etc. would probably fall into this category. Transactions with sites for this type of account may not even be secure (i.e. not SSL-encrypted via HTTPS).

Insecure account is just that, an account which not need be secure. You just mainly need an account to identify who you are, a first and last defense to whatever data is "protected" by the account. You expect that compromise to this type of account is not a big deal, and can be fairly easily rectified. The sites holding this type of account does not necessarily protect the account in very secure manner, and mainly use the account for identification. The site may even tells you so. Example of these is mailing-list membership account, since most of them email your password information in plain-text, or any other online services that does not hold anything of big value or any privacy sensitive data.

A Throw-way account is obviously an account which you probably use only once or twice, or an anonymous-like account which you don't want to be easily linked back to you (i.e. you use fake real name, fake personal information, etc). I sometime need this to try out new interesting online service which I am not sure I want to use more permanently, or maybe to post question in some software-related forum that I only need it for that once, etc.

So, having defined all of those, I create at least 4 different passwords. At least two of them must be strong passwords, and it's best if the rest are also strong password, but it is less important. I use the strong passwords to protect the "Secure" and "Privacy" accounts, one for each category. So every account in the "Secure" category has the same password, and every account in the "Privacy" category has the same password. Yes, in this case, we assuming the level of security for each member of the account category are the same, but this is what we trade security for more convenience, and I think it is acceptable. This is the whole point of creating these account categories.

There are few more things that can be done to increase security. If you own a domain name, you probably can easily create multiple or unlimited email accounts for that domain name. A lot of accounts use your email address as the username. In this case you can create a specific username (i.e email address) for that site, probably something in the form of account_name@yourdomain.com. This adds complexity to your account and also probably reduce the amount of spam you have.

Another way to increase security is to use a an automatically generated password for each account. A program called SuperGenPass can help you with that. SuperGenPass generates password based on the website domain name that you log in into, and your password seed. So you can use the password you have created as the seed of the SuperGenPass password generator for each different account. This protects you that if one of your more secure account gets compromised, it's not necessarily that all your secure accounts are compromised; at least it adds another layer of security.

Still you probably manage to have more than four passwords. You can use password manager software to help you manage theses. For example, Mozilla Firefox has one built in to the browser. If you do use this, it's a good idea to set a master password for it with strong password. That way, in the case that your computer gets compromised, at least there is another layer of defense protecting your password, which may gives you the chance to do some damage control.

fileDupFindr: Program to Find File Duplicates

2007-12-27T04:25:42Z

Download fileDupFindr

fileDupFindr is a small program to find file duplicates, as the name implies, that I wrote over the holiday. It is written in C, and has been tested mainly in Linux, but should work with any Unix-based OS, Mac, and even Windows since it is such a simple C program. fileDupFindr recursively traverse the given directory path and calculate the hash value (sha1sum message digest) of the file. At the end it compares these values to find the files that are duplicates.

I wrote this as a chance for me to get familiar with SQLite C API, as it uses SQLite to store data in memory. I am really happy with SQLite. It is fast, lean and mean SQL database, and the API also quite pleasant and easy to use. The biggest advantage is that since it is a SQL engine, and I am quite familiar with SQL, I don't need to think about creating my own data structure. Once I got the data into the SQL table, I can manipulate the data anyway I want to. SQL was designed especially for that kind of data manipulation, so it is quite nice to use. I already have in mind several of other projects that I am going to use SQLite for and get rid of my "proprietary" data format.

I also use OpenSSLcrypto library to calculate the sha1sum of the file. This is done using OpenSSL's EVP library, which is quite nice to use. To read the file, I specify fixed buffer size to read the file per that chunk size, otherwise reading a big file would be a problem if your system does not have enough memory to hold the size of the big file at once. EVP library has a nice API to read this chunk-size data and then just update the data until all the content of the big file is read. One peculiarity I noticed is that, at first I thought that increasing the buffer size (or chunk size) would speed up the program if you have a lot of big files, since it would take less iteration to read one file. As it turns out, there is a turn-around point where specifying larger buffer size does not speed up the program, and in fact slows down the program. I am not quite sure if the problem is in the reading the file content itself or with the EVP library, and have not had a chance to look at this further. I will give update when I do.

So that's it, consider it a small Christmas present from me if you find this program useful .

Merry Christmas to all, let there be peace on this earth which badly needs it.

Using Private Proxy for Better Web-Browsing Security

2007-12-09T22:49:24Z

Sometimes we are using a publicly available Wifi hot spots and would like a better privacy when browsing the internet. Although our credit-card or bank account website are probably using secure connection, other websites are not and we simply would like to have more privacy. One way to do it is by setting up your own proxy server and using it as a private proxy.

However using our own proxy server still does not increase the privacy / security of our connection over the exposed wireless link, unless we use encryption. Encryption in this case is easily accomplished by using SSH tunneling. The benefits of this is two prongs. First, we have SSL level encryption, second, we keep our proxy server private by off-loading the authentication burden to the SSH server. In this entry I explain how to do it.

I assume that we are using a fairly modern linux distribution for our web proxy and SSH server. I also assume that we have SSH access to our machine set up securely. Most major linux distribution include Apache 2 web server and its proxy module in the distribution. It's better to use that than compiling Apache yourself, unless you know what you are doing. Assuming all that, then it is really easy to set up our proxy server.

First, we need to enable the web server to be a proxy server. The relevant configuration in

httpd.conf

file is as follow

LoadModule proxy_module modules/mod_proxy.so
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#

ProxyRequests On
#

Order deny,allow
Deny from all
Allow from 127.0.0.1

# End of proxy directives.

The first line loads the proxy module to the web server. Proxy directives allow you specify by IP address the request that it will serve. In this case, we deny all request except request from

127.0.0.1

, which is

localhost

. This is how we keep your proxy server private, i.e. not an open proxy.

Now to use our proxy server from a different machine, -- let's call this is the laptop with wireless access --, we first have to connect to the server via SSH tunneling. This is both the encryption and authentication part. The simple proxy server cannot authenticate us, and hence only allows connection from

127.0.0.1

. The authentication part comes from the fact that we have to connect via SSH first to the proxy machine before we can use the proxy forwarding. To have SSH tunnel, simply do

$> ssh -L 3000:localhost:80 myproxyserver.myisp.net

This means, port 3000 in my laptop actually listen to port 80 on the proxy server via SSH tunneling, i.e. it is an encrypted tunnel. The port 3000 is random. We can use any port number that is unused in the laptop. Port 80 is the port where the web server binds to in the proxy server machine (of course one can set up the Apache to binds to different port in

httpd.conf

).

Now that we have tunneling set up to our proxy server, all we need to do is to configure web browser to use this. This differs slightly for different web browsers, but as an example, in Firefox 2, this is done via

Preference --> General tab --> Connection Settings

. Here we set

Pick "Manual Proxy Configuration:"
HTTP Proxy: localhost
Port: 3000
Use this proxy for all protocols: check

Now we can start browsing securely via this SSL encrypted tunnel to our proxy server. If we check the web server log in our proxy server machine, we should see that our request from the laptop's web browser is being forwarded by the proxy server. Also noticed that from the web server point of view, our request comes from

127.0.0.1

Sendmail Smarthost relay with Authentication on Submission Port (Port 587)

2007-11-17T20:25:51Z

I have been using Sendmail as a personal mail server on my own domain. To send email, I use Sendmail's Smarthost to relay the mails through my ISP SMTP server. This is to avoid being flagged as "spam" by some spam filter since I am on dynamic IP.

Recently, my SMTP blocks port 25, which is the default port uses to relay mails, and require us to use Submission port 587. Some people thing this is a good thing (?) and has becoming standard with ISPs. (Whether you agree or not is beside the point of this post).

So anyway, I have to change my Sendmail configuration to do this. This post is a documentation / recipes on what I did. To change the smarthost relaying to use port 587, have the following in your sendmail.mc:

define(`SMART_HOST',`smtp.myisp.net')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
FEATURE(`authinfo',`Hash -o /etc/mail/authinfo.db')dnl

The last line is to have sendmail authenticate as client to your ISP SMTP server. You also need to create your credential file, in this case

/etc/mail/authinfo.db

. First create

/etc/mail/authinfo

; in that file I have:

AuthInfo:ispdomain.net "U:my_username" "P:my_password" "M:PLAIN"
AuthInfo: "U:my_username" "P:my_password" "M:PLAIN"

In this case, I use the authentication mechanism

PLAIN

. You may need different authentication mechanism, depending on your ISP. Now generate the

authinfo.db

file by doing:

chmod 600 /etc/mail/authinfo
makemap hash /etc/mail/authinfo < /etc/mail/authinfo

The first line is to have your plain text authinfo file more secure by making it readable to root only. As usual, rebuild

sendmail.cf

and restart sendmail.

Installing Fonts On Fedora

2007-09-28T04:58:43Z

I have a collection of TrueType fonts that I would like to add to my Fedora 7 installation. Installing (TrueType) fonts on recent version of Fedora turns out to be quite easy. To install the font system wide, all you need to do is put it in the fonts in a directory. To be consistent, create a new directory under "/usr/share/fonts". For example, I created directory:

mkdir /usr/share/fonts/handwritten

to store a collection of handwritten-like font. To make sure that the fonts is accessible to the world, do

chmod 775 -R /usr/share/fonts/handwritten

Then all needs to be done is run "fc-cache" command on that directory, e.g

cd /usr/share/fonts
fc-cache handwritten

And voila! the new fonts appear on all applications such as Gimp, openoffice, koffice, etc.