Expat-IT Tech Bits




Search this site:


/ (289)
  Admin/ (123)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (7)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (31)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)


  • 2019/06
  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Wed, 26 Nov 2008

    /Linux/router-bridge: Easy Connection Sharing with a Network Bridge

    Suppose you have two computers and only one network cable coming into the room, and you want to save a few bucks and a bit of clutter and not buy a switch....

    One could set up one of the computers as a router per [1], creating a sub-network within the room. But what if you do *not* want to create a sub-network, ie. you want both computers on the same network?

    The solution is to create a transparent network bridge between two ethernet interfaces on one of the computers. On Debian, I use the bridge-utils[2][3] package.

    The bridge-utils-interfaces[4] manpage is a bit general, the best reference I have found is here[5].

    Setup is really quite simple in principle. Create the following stanza in /etc/network/interfaces:

    auto br0 iface br0 inet dhcp bridge_ports eth0 auto eth2 iface eth2 inet manual up ifconfig $IFACE up post-up brctl addif br0 eth2

    Here eth0 is attached to the outside network, and added to the bridge br0 immediately. The br0 dhcp gets its IP through eth0, and the local computer networks through br0-eth0. (This should work irrespective of whatever might be going on with eth2.) eth2 is added to the bridge, but it is not configured locally with an IP because it does not need an IP. The only part eth2 plays in the network is to relay traffic between the br0 bridge and any computer attached to it. Any computer connecting to eth2 must take care of its own IP, through DHCP, for example, which the bridge would just relay to the DHCP server in the outside network.

    At this point I have my firehol firewall turned *off*, which is non-ideal. Once I figure out how to incorporate a firewall into bridging, I will post.

    [2] http://linuxfoundation.org/en/Net:Bridge
    [3] http://manpages.debian.net/cgi-bin/man.cgi?query=brctl&apropos=0&sektion=0&manpath=Debian+Sid&format=html&locale=en
    [4] http://manpages.debian.net/cgi-bin/man.cgi?query=bridge-utils-interfaces&apropos=0&sektion=0&manpath=Debian+Sid&format=html&locale=en
    [5] http://wiki.openzaurus.org/HowTos/Bridging_with_Ubuntu

    posted at: 03:04 | path: /Linux/router-bridge | permanent link to this entry

    Sun, 23 Nov 2008

    /Admin/backups/misc: What Works on a Slower Machine

    I have this thing about keeping older machines usable for as long as possible. In other words, I resist bloat-ware that just assumes any computer more then two years old should be placed in a dumpster. So I currently own about a half a dozen laptops, and none of them are faster then a late-model Pentium III. And this works fine for me, as long as I make judicious choices about what software should run on what machine, and when.

    Getting backups done painlessly has caused just such a "judicious choice"....

    As it turns out, Spideroak[1] has a lot going for it, but fast it is not. Unsurprisingly, Spideroak is a Python app, and Python is also a language that "has a lot going for it, but fast it is not". Its not just that Spideroak is just slow, but like its Python sibling, Miro[4], it tends to bog down my whole system and reduce responsiveness. For the moment, I will resist the urge to add Spideroak to my list[2] of open source resource hogs, as I have not yet experimented with running it "niced".

    This brings backuppc[3] back into favor for me. And I have found a partial fix for the fact that backuppc also bogs down the server it is running on: put this is the root cron:

    1 * * * * /usr/bin/renice 15 -u backuppc > /dev/null 2>&1

    backuppc starts backups right on the hour. This cron job reduces the priority of all running backuppc processes one minute after every hour. Much better. And no operator intervention required, unless I am watching a really CPU-intensive video on that box and need to stop backuppc entirely.

    [1] http://blog.langex.net/index.cgi/Admin/backups/spideroak.html
    [2] http://blog.langex.net/index.cgi/Linux/memory-hogs.html
    [3] http://blog.langex.net/index.cgi/Admin/backups/backuppc/
    [4] http://www.getmiro.com/

    posted at: 09:51 | path: /Admin/backups/misc | permanent link to this entry

    Fri, 14 Nov 2008

    /Linux/encryption: Truecrypt For the Truly Paranoid

    Several days later I am still very pleased with the operation of my enrypted directory. So far zero inconvenience, and no noticable overhead / slowing of system response. I am sure there may be unintended consequences, like file availability for my external backuppc server or during SSH sessions, but I have not yet investigated.....

    I just bumped into another encryption solution called Truecrypt[1], where they provide the rather astonishing capability of having a hidden operating system whose existence cannot be proved. Apparently this works by installing a decoy operating system and an "outer" truecrypt-encrypted volume. Then within this outer volume, installing an "inner" truecrypt-encrypted volume, which because it is inside the outer one, will always appear as just random data (until decrypted). And they have set it up so there is no way for the existence of the inner volume and its operating system to be detected. Really, really clever.

    In other words, if someone is trying to extort your passwords, you need merely give them the passwords for your decoy OS and outer volume. The only headache / overhead I can really see (aside from needing to remember two passwords, for decoy and hidden OS) is that one actually needs to use the decoy OS a fair bit, in order to plausibly claim that it is your *only* OS and not lead a clever interrogator think that maybe there is more then meets the eye on your hard drive.

    Really, really clever. But I am not seeing any packages in the Debian archive, apparently there are licence issues....

    [1] http://www.truecrypt.org/docs/?s=hidden-operating-system

    posted at: 01:47 | path: /Linux/encryption | permanent link to this entry

    Mon, 10 Nov 2008

    /xLife/China/Beijing: What To See If You Are Visiting Beijing

    I am a Canadian who has lived in Beijing for four years now, and I walk a lot. Some locals tell me that I know Beijing better then they do. So perhaps my opinion of Beijing's various tourist traps(!), er, sights, might be of interest to others.

    Let me dispose of shopping first. I am not a shopper, so I do not intend to say much, except buyer beware! Counterfeit goods are plentiful and often difficult to distinquish from originals. If the price is unbelievably low, then you have a fake in your hands. The cheapest goods are often of very low quality, and might break the first day you use them. Foreigners are charged very high prices. Starting prices for foreigners wandering around in markets are generally *at least* double or triple what a local would pay, so bargain hard, or take along a local who knows the terrain. That said, if you walk into a big shiny new mall, goods are legitimate, and prices will be not much different then wherever you just came from (maybe more, because of luxury taxes....)

    High-Priority Sites:

    Beijing's parks: Tiantan 天坛, Ditan 地坛, Ritan 日坛, Yuetan 月坛 parks (Heaven, Earth, Sun, Moon) found at the four cardinal points just outside the 2nd Ring Road. The Old Summer Palace 圆明园 in the Northwest just north of Beijing University. The Summer Palace 颐和园 further to the Northwest, just at the edge of the city. Xiangshan Park 香山公园 and the Beijing Botanical Garden 北京植物园 at the extreme Northwest edge of the city. Beijing's parks are beautiful, peaceful, and sprinkled with old temples and architecture that in some cases goes back millennia. Special mentions are the massive temple complex in Tiantan, the Buddhist Temple Wofosi 卧佛寺 in the Botanical Garden, and the thousands of martial artists training every morning in Tiantan.

    The Hutongs 胡同: Beijing's traditional courtyard / narrow lane neighborhoods. These are shrinking rapidly because of development, or in some cases being renovated into something that does not much resemble the original. Old neighborhoods still exist in many places. From Ditan Park, head south across the 2nd Ring Road and then hang a left just after you pass Yonghegong Temple. Or head straight south from Tiananmen Square and you will find more. Walk around Houhai Lake just inside the Northwest 2nd Ring Road and there are many examples of old, and highly renovated, courtyards, as well as shops and restaurants.

    Tiananmen 天安门 Square: its big, free, and surrounded by a lot of imposing architecture.

    Simatai Great Wall: The Great Wall passes very close to Beijing, there are many areas that are highly accessible from Beijing, and they are therefore absolutely over-run by tourists. And in some cases renovated so as to look like they were build just last year. Traffic is horrible, crowds can be so dense as to render one as unable to move.... Simatai is far enough out (three hours drive) that very few people go there. I have been there twice (three times?) and seen just a handful of people each time. Renovations are minimal. It is possible to spend the night in local guest houses.

    Eat a lot. Do not be afraid of street food, hygiene levels are quite reasonably high. You can eat very well and very cheaply, or very well and very expensively (though the former is more difficult without Chinese skills).

    Medium Priority:

    Any part of the Great Wall except Simatai, unless it is the dead of winter, which has a way of reducing the crowds.

    The Forbidden City. It is definitely worth seeing once, but it was completely stripped of anything that could be carried away during the Revolution, so it seems, at least to me, to be kind of.... empty. There is a garden in the north end with very old trees, and another one just outside the complex on the East side, which I thought still retained some feeling.

    The campuses of Beijing University and Tsinghua University (adjacent to one another at the Northwest 4th Ring Road) are big and beautiful.

    Low Priority:

    Shopping, for reasons enumerated at the top. Unless you want something very specific, like jade or Chinese artwork. Then be prepared to bargain.

    Most Temples. Most of them feel like tourist traps manned by fake monks. There are some exceptions, but I generally feel regret after paying the door charge at these government-run institutions.

    posted at: 00:50 | path: /xLife/China/Beijing | permanent link to this entry