To get the console of your Linux guests on a Xen machine, type “xm console
Category: Technology (Page 31 of 47)
This is a simple netconfig for a static IP address on a Debian machine. In /etc/network/interfaces, replace your eth0 (or whatever) with this:
auto eth0 iface eth0 inet static address 192.168.1.65 netmask 255.255.255.0 gateway 192.168.1.251
Edit: I removed the network and broadcast statements because they are superfluous.
The concept of Debian stable is kind of nice, since you don’t have to be affraid of upgrade breakages all the time, but it can also be annoying, because things like spamfilters and virusscanners are fast-moving and you often end up with old versions of those. That is why the Debian volatile project exists.
On new installs, the packages sources will already be in /etc/apt/sources.list, but the sources.list doesn’t seem to be upgraded on old systems, so you may need to add them by hand. These are the sources:
deb http://volatile.debian.org/debian-volatile lenny/volatile main deb-src http://volatile.debian.org/debian-volatile lenny/volatile main
It’s speaks for itself that you have to change lenny to whatever the release will be…
Ewald wants to be able to make video/photo montages of his life at la Boucoule. While there last month, I helped him along with Windows Movie Maker (WMM) a bit. WMM doesn’t like Quicktime video’s (as outputted by his camera), so I found a simple Windows program that wraps around ffmpeg to convert these movies to AVI format: Pazera Free MOV to AVI Converter 1.2.
To make the generated AVI work in WMM, a few settings need to be changed away from the default. For this purpose I added a custom profile. Here’s the INI file, “00 - Geschikt voor Windows Movie Maker.ini”:
[MAIN] AppName=Pazera Free MOV to AVI Converter AppVer=1.2 OutputFormat=AVI [AVI] VideoCodec=1 VideoBitrate=Auto VideoFPS=Auto Video2Pass=0 DoNotCopyVideo=0 [MPG] VideoFormat=0 MPEGVersion=0 VideoBitrate=Auto VideoFPS=Auto Video2Pass=0 DoNotCopyVideo=0 [AUDIO] AudioCodec=0 AudioBitrate=Auto AudioSampling=Auto AudioChannels=0 DoNotCopyAudio=0 Volume=100 [ADVANCED] Resolution=0 ResWidth=320 ResHeight=240 ForceVideoTag=0 VideoTag=XVID CropTop=0 CropBottom=0 CropLeft=0 CropRight=0 AdditionalParams=
Now, Ewald will only need to select the right profile if he wants to prepare his Quicktime movies for editing with Windows Movie Maker:
Yesterday night, after mucking around with my Subversion repo for this blog for way too long, I finally stopped annoying the designer of my new theme and uploaded it, one and a half year after the last major redesign. Anyway, while implementing the new design for the comment list , I decided it was time to have comment previews.
At some time, I had already installed (but not activated) the Live Comment Preview plugin, but that’s client-side only. I removed it because I want the comment to show as it would after being piped through all the hooks and filters that comments normally get piped through. Enter the AJAX Comment Preview plugin:
Other preview plugins don’t know what sort of changes WordPress will make to a visitor’s comment, but this plugin uses AJAX and other buzzwords to send each previewed comment through WordPress’ inner voodoo.
The result? With the click of a button, your site’s visitors can preview their comments exactly as they will appear when they submit them for realies.
You just gotta love their phrasing. 🙂 Enjoy the new preview feature.
A while ago we succeeded in upgrading the Debian server where I keep many of my SVN repositories. (The server was running on “testing”, but we hadn’t dared to upgrade it for a long time until it came time to make it “stable” again with Lenny.) On of the upgraded packages in Lenny is Subversion, now at 1.5.1, which means that I can finally start using subversions new merge tracking features.
To be able to use merge tracking for my existing repositories, I first have to upgrade these. From the svn 1.5 release notes:
The Subversion 1.5 server works with 1.4 and older repositories, and it will not upgrade such repositories to 1.5 unless specifically requested to via the svnadmin upgrade command. This means that some of the new 1.5 features will not become available simply by upgrading your server: you will also have to upgrade your repositories. (We decided not to auto-upgrade repositories because we didn’t want 1.5 to silently make repositories unusable by 1.4 — that step should be a conscious decision on the part of the repository admin.)
The only other machine I’m using these repos from is my laptop, which, running Gentoo, is already at Subversion 1.6.2. So, how do I upgrade?
First, I made a backup of all our SVN repos using a script that Halfgaar made to run from cron. After running that script, I initialized the upgrade procedure:
/var/svn svnadmin upgrade blog.bigsmoke.us svn-populate-node-origins-index blog.bigsmoke.us
The last command is unimportant, but may speed up the next few operations. The release notes again:
After running svnadmin upgrade, you may wish to also run the svn-populate-node-origins-index program on the repository. Subversion 1.5 maintains a node-origins index for each repository, and builds the index lazily as the information is needed. But for old repositories with lots of revisions, it’s better to create the index in one step, using the aforementioned tool, than to have live queries be slower until the index has built itself. See issue #3024 for details.
With my data safe and the repo upgraded, it’s time to actually test the new merge tracking features:
~/blog.bigsmoke.us # Enter working copy (on the same server) # I'm now in the lichtgekruid branch. svn switch file:///var/svn/blog.bigsmoke.us/trunk svn add wp-content/plugins/openid svn ci -m "I was convinced this was a change which didn't belong to my feature branch" wp-content/plugins/openid svn switch file:///var/svn/blog.bigsmoke.us/branches/lichtgekruid svn merge file:///var/svn/blog.bigsmoke.us/trunk # The last command was a real kicker, not having to find and specify the correct range of revision numbers. svn ci -m "Merged changes from trunk to 'lichtgekruid' branch." svn switch file:///var/svn/blog.bigsmoke.us/trunk svn merge file:///var/svn/blog.bigsmoke.us/branches/lichtgekruid # (Another spontaneous orgasm.) svn ci -m "Merged 'lichtgekruid' branch back into trunk."
Ok, I know I could have simply changed all these projects to use Git, and I like Git. I love its simplicity and flexibility. But, call me old-fashioned; I have an SVN fetish, and so far I find its merge tracking quite convincing.
Besides all the gotchas and pointers in the 1.5 release notes, there’s a lot more info about merge tracking in the SVN redbook.
Because Arnold Pilon is migrating his workplace to Apple, I could get his old PC and peripherals for free. Among its peripherals was an old HP LaserJet 6P, still perfectly working.
My sister didn’t have a printer yet. I was surprised that installing it on her Ubuntu machine was simply a matter of selecting the printer type from a list. I wonder: is this thanks to CUPS? Can I expect this to work in all distros that include CUPS these days?
Anyway, the printer works and the scanner too (of which I forgot to jot down the type). The scanner was supported by Xane without requiring any configuration. When it comes to hardware configuration, open source operating systems often beat those from Redmond.
Basically, there are two types of VPN’s: IP route and ethernet bridge. I configured an IP route VPN, based on this document.
First you need to generate certicifcates. The example scripts for that are located in “/usr/share/doc/openvpn/examples/easy-rsa/2.0”. I copied these to /etc/openvpn/easy-rsa for convenience.
Cd to /etc/openvpn/easy-rsa and edit vars to enter the data that is going to be included in your certifcates. You can also set the expiration time and key size here. Then do:
source ./vars ./clean-all ./build-ca ./build-key-server server ./build-key client1 ./build-key client2 ./build-key client3 (repeat as necessary. You can also name the keys properly, of course) ./build-dh
Then I’d copy the keys dir to /etc/openvpn.
You need to copy the ca.crt file to each client, as well as the clientx.crt and clientx.key, but then per client.
The server conf is this:
port 1194 proto udp dev tun0 ca keys/ca.crt cert keys/server.crt key keys/server.key # This file should be kept secret dh dh2048.pem server 10.66.0.0 255.255.0.0 ifconfig-pool-persist ipp.txt client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 # Redirect all traffic through VPN by setting 'almost default' gateway push 'redirect-gateway def1' # Replace DNS config with a server you specify, which can be access on the VPN. push "dhcp-option DNS 10.66.0.1"
Then on the server, you need to configure SNAT (I don’t know if you also need to put “net.ipv4.ip_forward = 0” in /etc/sysctl.conf). If I understand correctly, you need to have such a rule per eth device you have. If you have a machine that has both a WAN and LAN and you want them to allow access on both the local net and internet, you need a rule like this for both ports.
iptables -t nat -A POSTROUTING -s 10.66.0.0/24 -o lan-eth-device -j MASQUERADE --match comment --comment "Allow VPN users to connect to things on this LAN."
Then on the client:
client dev tun0 proto udp remote <serveraddress> 1194 resolv-retry infinite nobind persist-key persist-tun ca keys/ca.crt cert keys/client.crt key keys/client.key comp-lzo verb 3
You should then be able to connect. Remember to allow IPtables access on all the machines. Configuring a proper firewall can be tricky. You can’t just use simple connection tracking; you must allow certain forward rules on the server (and client as well, I believe). On the client, you must allow everything on the input with UDP source port 1194. On the server, you must open incoming UDP target port 1194 as well, of course
It depends on the distro you’re using how to include the config into the boot procedure. Debian starts all config files per default (which can be configured in /etc/default/openvpn), Gentoo needs a specially named symlink in /etc/init.d.
in /etc/MailScanner/filename.rules.conf:
allow \.docx$ - - allow \.xlsx$ - - allow \.x(ml)?\d{0,}\.rel$ - -
I’ve read that the separators should be tabs, so beware.
I wanted to mark this notable event:
Recent Comments