Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Sat, 27 Sep 2008


    /xLife/Vietnam: Taijiquan in Hanoi

    There is actually a quite a bit. But like everywhere else in the world, it seems, the vast majority is of the limp-wristed hobbyist, "is taiji a martial art?" variety.

    I might have found an interesting teacher in Hanoi. (Warning: my comments are informed by observing one class, I did not have time to do more.) His name is "Nguyen Hoang Quan", and I am told this Vietnamese-only website[1] belongs to his group.

    What they do is obviously mostly standard Yang-style Taijiquan, and I would call their approach to training a mix of contemporary and ultra-conservative / old school. There were 20-30 students divided into two groups, following an almost Japanese routine of everyone in each group doing the same thing together for the whole two hours. But not once did I see anyone doing anything resembling a form. The whole class was basically super-repetitive single practice. Very Old School.

    There was also no traditional push hands going on, but towards the end I saw pairs doing a variety of connect-and-strike drills, some of it using footwork faintly resembling that of Xingyiquan (without Xingyi structure, and without the follow-step, ie. very simplified). Strikes were often full speed and had some sauce to them. These guys are seeking to train real fighting skills. Not having followed their method, nor crossed-hands with anyone, I cannot testify to their efficacy. Looked interesting though.

    They are well worth having a look at if you are in town. Current location is behind the International School at 50 Lieu Giai in Ba Dinh District. This address is also at the bottom of their website, along with an e-mail address and phone numbers. Like the rest of Hanoi, a fair number of people in the class speak some English.

    [1] http://www.thaicucquyen.com/

    posted at: 08:59 | path: /xLife/Vietnam | permanent link to this entry

    Fri, 26 Sep 2008


    /Admin/LAN: Wondershaper: Give Interactive Users Priority

    Over Downloaders / Uploaders

    If you have a LAN where downloads / uploads that you have no direct control over are saturating your internet connection, "wondershaper"[5] is a relatively simple solution: cap total download and upload bandwidth so as not to saturate the connection, and give interactive users priority use of bandwidth. The tricky part is tuning, as wondershaper is invoked by:

    wondershaper eth0 1000 300

    where the first number is supposed to be maximum sustained download rate, and the second should be maximum sustained upload rate. Note that wondershaper must be run on your router, on the internet-facing ethernet interface (here, "eth0").

    Unfortunately, at least where I live (in Asia) available bandwidth can be highly variable with the day of the week and the time of the day. No bandwidth guarantees. Just be happy both the ISP network and the power are up today....

    I used various "speedtest" websites[1][2][3][4] to get some numbers. Note that the units of the wondershaper parameters are kilo BITS per second, *not* kilo BYTES per second, so the numbers will be quite a lot bigger then you might think. Docs emphasize experimenting to find the right numbers.

    In practice, I find myself keeping a terminal open on my wireless router, and tuning wondershaper sometimes several times a day. If interactive response (ie. surfing, etc.) is sluggish, I reduce the parameters. And sure enough, in my own download client, I will see an immediate reduction in bandwidth consumption. If I am going out or working "offline" for a while, I increase the parameters, or turn wondershaper off entirely.

    The nearest thing I can find to upstream for wondershaper is here[6]. Its a shame the author did not document his work in greater detail, because reading the source (a script) is not helpful either. The script is very compact, but I have no idea what it is doing without becoming an expert on "Linux Advanced Routing & Traffic Control"[7].

    [1] http://wwitv.com/speedtest/asia.htm
    [2] http://www.speedtest.jp/
    [3] http://www.sijiwae.net/speedtest/
    [4] http://www.numion.com/
    [5] http://packages.debian.org/unstable/net/wondershaper
    [6] http://lartc.org/wondershaper/
    [7] http://lartc.org/

    posted at: 09:41 | path: /Admin/LAN | permanent link to this entry


    /xLife/Vietnam: FPT Telecom Sucks!!!

    FPT Telecom[1] is my ADSL provider in Hanoi. There are fairly regular (several times per month?) hours-long service interruptions. Day-time bandwidth is usually quite slow, and sometimes (like today) glacially slow. When I say "glacially", I mean REALLY slow, as in it is really another hours-long (day long?) service interruption.

    Next time around in Hanoi I would be sorely tempted to try another provider. Because this one is really cutting into my productivity.

    [1] http://www.fpt.vn/

    posted at: 03:46 | path: /xLife/Vietnam | permanent link to this entry

    Wed, 24 Sep 2008


    /Admin/backups/misc: Easy Linux Off-site Backups

    Probably the lowest-tech route is to use tar, gpg, and some free file storage service. For instance, at the root prompt (since we will be backing up some priveleged files) lets gather all the files up into one tar archive file, beginning with the /home directory:

    tar -cvf Backup20080901.tar /home
    Append the /etc directory:
    tar -rvf Backup20080901.tar /etc
    Now encrypt the result with gpg (you will be prompted for a password):
    gpg -c Backup20080901.tar
    Now upload the file to your favorite file storage service.

    Some storage options:

    1. Should you have access to an off-site server:

    scp Backup20080901.tar.gpg www.urltoserver.com:
    This may be a very big file and a very long transfer. If there is an interruption, don't start over again from scratch. We can use rsync to resume an interrupted scp transfer. Just replace "scp" in the last command with "rsync --partial --progress --rsh=ssh", ie.
    rsync --partial --progress --rsh=ssh Backup20080901.tar.gpg www.urltoserver.com:

    2. Exchange encrypted backups with a friend:

    Since both ends encrypt, trust is not even an issue. But how to exchange potentially very large files?

    If both of you have access to a UNIX environment where you can unblock / forward ports, sendfile[1] sounds REALLY cool.

    If one of you has root on a UNIX server, F*EX[2] also looks like an option.

    [1] http://fex.rus.uni-stuttgart.de/saft/sendfile.html
    [2] http://fex.rus.uni-stuttgart.de/

    posted at: 00:47 | path: /Admin/backups/misc | permanent link to this entry


    /Admin/backups/unison: Unison: Easy File Synchronization

    Any discussion of backup strategies would be remiss without mentioning unison[1]. Unison synchronizes the files in two different directories, on the same machine or on different machines, so that they are exactly the same. It will copy the most recent version of any file in either direction, and will prompt for user input if a file has been changed on both ends since the last sync (best to try to avoid this, obviously....) Unison also runs on almost anything: various flavors of *nix, Mac OSX, Windows....

    Unison can be run from the command-line or in a GTK GUI ("unison-gtk", on Debian Linux). One caveat though, if you frequently experience conflicts (files changed on both ends) you really need to have the GUI available at the machine where you are sitting. Resolving a lot of conflicts from the command-line is a PITA.

    After initial setup of a configuration file, this one for example to synchronize my desktop to my server for this blog:

    x24:~/.unison$ cat techblogISP.prf
    root = /home/user/public_html/techblog/
    root = ssh://user_techblog@ssh.phx.nearlyfreespeech.net//home/public
    ignore = Path {.unison}

    unison is very easy and fast to use (length of time depending, of course, on the number of MB to transfer and the network speed). Frequent ad-hoc backups become easy and normal.

    [1] http://www.cis.upenn.edu/~bcpierce/unison/

    posted at: 00:44 | path: /Admin/backups/unison | permanent link to this entry

    Tue, 23 Sep 2008


    /xLife/China: Nanning to Hanoi: Cheap and Easy

    Getting back and forth between China and Vietnam is cheap and easy. The bus ride between Hanoi and Nanning costs only 150 RMB (~US$20), and you can catch the first one around 0830 at either end, no advance ticket purchase necessary. You change buses at the border, and arrive at your destination in mid-afternoon.

    On the Nanning end, the Vietnamese embassy is in a quite obscure location, but service is good and you can get a same day six month business visa for US$200. Demonstrating typical bureaucratic efficiency, their website[1] does not appear to give an address. Here[2] we can find an address (but without Chinese):

    Consulate General of Vietnam in Nanning, China
    1ST floor, Touzi Dasha
    109 Minzu Avenue
    Nanning, CHINA
    City: Nanning
    Phone: (86-77) 1551 0562
    Fax: (86-77) 1 553 4738
    Email: tlsqvn@rediffmail.com

    The bus station in Nanning is also a very long ride out to the edge of town, 30 RMB by taxi from the train station.

    On the Hanoi end, the Chinese embassy[3] is easy to find, on the west side of Lenin Park. Per usual for Asian embassies, it would seem, the website seems to have no address and no information about hours of operation, not even in Chinese. Note that the front gate also has no English, all signs are in Chinese and Vietnamese. Address[4][5]:

    Embassy of China
    46 Hoang Dieu,
    Ba Đình, Hanoi
    Phone: (04) 845 3736
    Email: chinaemb_vn@mfa.gov.cn
    Hours: Mon-Fri, 0830-1100

    As of this writing (23 Sep 2008) you only need a photocopy of your passport front page and Vietnamese visa and entry stamp. No mention of return plane tickets, or hotel reservations. You will be turned away if you wear flip-flops (sandals with a heel-strap are accepted) or your shirt does not cover your shoulders (no kidding). Service is terrible, and glacially slow, as there are only two immigration agents working visas, and most customers seem to be travel agents with two dozen passports under their arm. I got there about nine and did not leave until after eleven. After being told at 1040 that I needed to rush out and get the photocopies mentioned above. People wearing flip-flops were being turned away at the front of the line after waiting for two hours, right in front of the guard who was turning them away. Welcome to China.

    As for the bus station in Hanoi, it is also a little ways out of town, tucked in beside a hotel at the NE corner of "Phõ Đội Cấn" and "Giai Văn Cao" streets in Ba Đình district. (I will try to get an address...)

    [1] http://www.vietnamconsulate-nanning.org/en
    [2] http://www.embassiesabroad.com/embassies-of/Vietnam#8101
    [3] http://vn.china-embassy.org/
    [4] http://newhanoian.xemzi.com/en/venue/show/380/Embassy-of-China
    [5] http://www.mfa.gov.cn/eng/wjb/zwjg/2490/2491/t14390.htm

    posted at: 01:34 | path: /xLife/China | permanent link to this entry


    /xLife/Vietnam: Nanning to Hanoi: Cheap and Easy

    Getting back and forth between China and Vietnam is cheap and easy. The bus ride between Hanoi and Nanning costs only 150 RMB (~US$20), and you can catch the first one around 0830 at either end, no advance ticket purchase necessary. You change buses at the border, and arrive at your destination in mid-afternoon.

    On the Nanning end, the Vietnamese embassy is in a quite obscure location, but service is good and you can get a same day six month business visa for US$200. Demonstrating typical bureaucratic efficiency, their website[1] does not appear to give an address. Here[2] we can find an address (but without Chinese):

    Consulate General of Vietnam in Nanning, China
    1ST floor, Touzi Dasha
    109 Minzu Avenue
    Nanning, CHINA
    City: Nanning
    Phone: (86-77) 1551 0562
    Fax: (86-77) 1 553 4738
    Email: tlsqvn@rediffmail.com

    The bus station in Nanning is also a very long ride out to the edge of town, 30 RMB by taxi from the train station.

    On the Hanoi end, the Chinese embassy[3] is easy to find, on the west side of Lenin Park. Per usual for Asian embassies, it would seem, the website seems to have no address and no information about hours of operation, not even in Chinese. Note that the front gate also has no English, all signs are in Chinese and Vietnamese. Address[4][5]:

    Embassy of China
    46 Hoang Dieu,
    Ba Đình, Hanoi
    Phone: (04) 845 3736
    Email: chinaemb_vn@mfa.gov.cn
    Hours: Mon-Fri, 0830-1100

    As of this writing (23 Sep 2008) you only need a photocopy of your passport front page and Vietnamese visa and entry stamp. No mention of return plane tickets, or hotel reservations. You will be turned away if you wear flip-flops (sandals with a heel-strap are accepted) or your shirt does not cover your shoulders (no kidding). Service is terrible, and glacially slow, as there are only two immigration agents working visas, and most customers seem to be travel agents with two dozen passports under their arm. I got there about nine and did not leave until after eleven. After being told at 1040 that I needed to rush out and get the photocopies mentioned above. People wearing flip-flops were being turned away at the front of the line after waiting for two hours, right in front of the guard who was turning them away. Welcome to China.

    As for the bus station in Hanoi, it is also a little ways out of town, tucked in beside a hotel at the NE corner of "Phõ Đội Cấn" and "Giai Văn Cao" streets in Ba Đình district. (I will try to get an address...)

    [1] http://www.vietnamconsulate-nanning.org/en
    [2] http://www.embassiesabroad.com/embassies-of/Vietnam#8101
    [3] http://vn.china-embassy.org/
    [4] http://newhanoian.xemzi.com/en/venue/show/380/Embassy-of-China
    [5] http://www.mfa.gov.cn/eng/wjb/zwjg/2490/2491/t14390.htm

    posted at: 01:34 | path: /xLife/Vietnam | permanent link to this entry

    Mon, 22 Sep 2008


    /Admin/LAN: (Not Working) Use CBQ.init to Control / Limit Bandwidth Useage by IP

    Otherwise known as "bandwidth shaping".

    Next (in Debian) install the "shaper" package, which contains the CBQ.init[1] init script. Its not very well documented, but there is a little bit[2]. The best source for information in the installed package is the comments of the script itself: /etc/init.d/shaper.

    I dropped the hammer on my bandwidth abuser by creating two files: /etc/shaper/cbq-20.101-internet:

    DEVICE=eth0,2Mbit,200Kbit
    RATE=30Kbit
    WEIGHT=3Kbit
    PRIO=5
    RULE=192.168.8.101,
    and /etc/shaper/cbq-20.internet-101:
    DEVICE=wlan0,2Mbit,200Kbit
    RATE=30Kbit
    WEIGHT=3Kbit
    PRIO=5
    RULE=192.168.8.101

    Note that this configuration has 192.168.8.101 on the wlan0 wireless network, and eth0 is the internet-facing interface.

    If you wish to watch the bandwidth in real-time, install the "nload" terminal utility. And of course, do not forget to restart shaper:

    /etc/init.d/shaper restart

    According to the docs, shaper can do a lot more complicated things, like limiting aggregrate traffic to a block of IPs, or limiting traffic to a specified port. It also would appear to be able to use priorities and the concept of aggregation to allow a lower priority user to borrow unused bandwidth from a higher priority user.

    Unfortunately, as of this writing, shaper / CBQ.init seems to be not working. It seems to make the network almost unusable for the user being capped, no matter how big the RATE setting. I have issued a bug report and will continue investigating.

    [1] http://sourceforge.net/projects/cbqinit/
    [2] http://www.faqs.org/docs/Linux-HOWTO/Bandwidth-Limiting-HOWTO.html#CBQ

    posted at: 08:23 | path: /Admin/LAN | permanent link to this entry


    /Admin/LAN: How to Monitor Bandwidth Useage on your LAN

    Suppose you have roomates who like downloading, and "someone" does not have the common-sense to limit their download rate, bringing your whole network to its knees so that no one else can get anything done. Suppose this goes on all day. Suppose you also just happen to be the one providing wireless to the whole house with your very own home-made Linux wireless router. That makes dealing with bandwidth hogs much easier.

    First step: collect date. Install apache and the bandwidthd package on your wireless router. Create a /var/www/bandwidth directory, and edit /etc/bandwidthd/bandwidthd.conf to tell it to put the graphs it generates in that directory (/var/www/bandwidth) and which network interface to monitor (wlan0):

    htdocs_dir "/var/www/bandwidth"
    dev "wlan0"

    Start bandwidthd, wait a couple of minutes, then point your web browser at

    http://192.168.1.1/bandwidth/

    where 192.168.1.1 is assumed to be the IP address of your wireless router. You will be presented with a graph of the bandwidth rate and total useage of every IP (computer) pushing traffic through the selected network interface (wlan0 in this example).

    It should soon become apparent who the culprit is.

    posted at: 08:18 | path: /Admin/LAN | permanent link to this entry


    /xLife/Vietnam: Vietnam Links

    Vietnamese-English on-line dictionary:
    http://vdict.com/

    Stardict: Free Multi-Lingual Dictionary for Download (note that software and dictionaries are downloaded separately):
    http://stardict.sourceforge.net/

    Vietnamese Input Methods: Telex, VNI, VIQR
    http://vietunicode.sourceforge.net/inputmethod.html

    Foreign Service Institute: free Vietnames language course for download:
    http://www.fsi-language-courses.com/Vietnamese.aspx

    Vietnam News: national English language daily
    Vietnam News

    posted at: 05:35 | path: /xLife/Vietnam | permanent link to this entry

    Fri, 19 Sep 2008


    /xLife/Vietnam: About Broadband / DSL Service in Vietnam

    Google turns up just about nothing on the subject, so I will describe my experience in Hanoi. (If you would like to contribute more information, please send to ckoeni@gmail.com and I would be happy to publish it.)

    The DSL was already installed in the house when I moved in, and is provided by FPT Telecom. There were some problems with the line and the landlord was completely useless, so I got the installation contract from him. On it are two very important pieces of information:

    These are what goes into the router to connect to the service. There is also a members web page, http://member.fpt.vn/, where you can see some information about account status:

    As far as I can tell, this line is on a plan called "DSL - MegaSTYLE - Volume" where we are being charged by bandwith (ie. by Gigabyte) up to a maximum of 357,500 Dong/month. We have hit this maximum several times and it seems quite consistent.

    As for bill payment, they have an odd system here where water, electricity, and telecom representives come around and try to collect the bill personally towards the end of the month. If they miss you, they leave the bill at the door and you have to go pay it in person at a local office. If you do not pay by the end of the month, your service will abruptly and without warning be disconnected at the beginning of the month.

    posted at: 09:46 | path: /xLife/Vietnam | permanent link to this entry


    /SW/website/blog/blosxom: Moving from Blosxom to pyBlosxom

    The most fundamental difference between the two is that Blosxom[1] is written in the Perl language, and pyBlosxom[2] is written in the Python language. Blosxom came first, then it was cloned to pyBlosxom, so the two are still exceedingly similar in look and feel and configuration.

    I probably would have stuck with Blosxom out of inertia, but was unable to talk Blosxom into rendering Chinese characters, no matter what I tried. Chinese characters worked instantly with pyBlosxom[3].

    Moving from Blosxom to pyBlosxom was quite easy, as layout is done almost exactly the same using a handful of "flavor" template files (head.html, foot.html, story.html, etc.) and my CSS layout worked right out of the box. I just had to adapt to the differences in plugins and other minor behavior.

    I can immediately say that pyBlosxom does several things better, like moving configuration out of the cgi file and into a config.py file. The base url seems to be deployed more consistently, as my problems[4] with hard-coded menu links not working on my desktop have gone away. Website resources seem to be better organized, and generally the project seems to be more active then the Blosxom project

    [1] http://blosxom.sourceforge.net/
    [2] http://pyblosxom.sourceforge.net/
    [3] http://blog.langex.net/index.cgi/China/links.html
    [4] http://blog.langex.net/index.cgi/SW/blog/blosxom_desktop_and_server.html

    posted at: 09:39 | path: /SW/website/blog/blosxom | permanent link to this entry

    Fri, 12 Sep 2008


    /xLife/Vietnam: Hanoi Links

    Welcome to Hanoi, Vietnam! If you are new to Hanoi, there is really an awful lot of information out there. Here is some of the best:

    Community site: places, resources, events:
    http://newhanoian.xemzi.com/

    The Friends of Vietnam Heritage: Cultural Groups and Activities:
    http://fvheritage.googlepages.com/

    Hanoi Grapevine: Cultural Events:
    http://hanoigrapevine.wordpress.com/

    Megastar Cineplex: the only theater in Hanoi that shows recent English and Chinese movies with the original soundtrack (no dubbing, Vietnamese subtitles):
    http://www.megastarmedia.net/en/

    posted at: 02:21 | path: /xLife/Vietnam | permanent link to this entry

    Sun, 07 Sep 2008


    /SW/website/blog/blosxom: Running a Blosxom Site on Both Desktop and Server

    The goal, obviously, is to edit the site locally on my desktop where everything is very fast and convenient, and then periodically sync with the copy of my site on the server. This also has the advantage of automatically enforcing backups.

    Of course, one needs Apache installed on the desktop to see what is going on with the site as you edit. I started by installing the (Debian) libapache2-mod-fastcgi and libapache2-mod-perl2 modules. Then copied my whole blosxom site into a sub-directory of ~/public_html.

    Then, when I pointed my browser at the blosxom directory, all it would do would display the blosxom.cgi script without executing it. If I executed the script from the command line, ie "./blosxom.cgi", it would actually generate the home page html nicely. So there was clearly something wrong with the Apache configuration.

    As it turns out, Debian installs Apache with cgi scripts restricted to one system directory. Apache refuses to execute them anywhere else, like in /home, for instance. The Apache website[1] turned out to be the best source for a solution. I added the following code:

    <Directory /home/*/public_html>
         Options +ExecCGI
         AddHandler cgi-script .cgi
    </Directory>
    

    to /etc/apache2/sites-available/default, and it was fixed! Onto the next problem....

    The path to my blosxom site is different on my desktop and on my server, which gives me problems in a couple of different places.

    The easy one is the link to my CSS style sheet in head.html. I made this link absolute to the copy on my server, ie.

    <link rel="stylesheet" type="text/css"
    href="http://blog.langex.net/bloxsom/2c-lc-static-layout.css">
    

    So now both copies of the site pull the style sheet off the server.

    Slightly harder are the several paths hard-coded into blosxom.cgi. To work around this, I settled for two versions of the script. I use unison-gtk[2] to synchronize between desktop and server, so that after forking the two copies of the file I just tell unison to "ignore" the difference in the future (ie. it does not sync that file). Furthermore, to ensure the server copy gets backed up, I hard linked it to another file name, ie.

    ln blosxom.cgi blosxom.cgi.server

    which unison then dutifully keeps a copy of on my desktop.

    I have some hard-coded menu links in head.html that now just work on the server, not on the desktop, but I consider that to be a minor issue....

    [1] http://httpd.apache.org/docs/2.0/howto/cgi.html
    [2] http://www.cis.upenn.edu/~bcpierce/unison/

    posted at: 11:48 | path: /SW/website/blog/blosxom | permanent link to this entry


    /Linux/Debian: Running a Blosxom Site on Both Desktop and Server

    The goal, obviously, is to edit the site locally on my desktop where everything is very fast and convenient, and then periodically sync with the copy of my site on the server. This also has the advantage of automatically enforcing backups.

    Of course, one needs Apache installed on the desktop to see what is going on with the site as you edit. I started by installing the (Debian) libapache2-mod-fastcgi and libapache2-mod-perl2 modules. Then copied my whole blosxom site into a sub-directory of ~/public_html.

    Then, when I pointed my browser at the blosxom directory, all it would do would display the blosxom.cgi script without executing it. If I executed the script from the command line, ie "./blosxom.cgi", it would actually generate the home page html nicely. So there was clearly something wrong with the Apache configuration.

    As it turns out, Debian installs Apache with cgi scripts restricted to one system directory. Apache refuses to execute them anywhere else, like in /home, for instance. The Apache website[1] turned out to be the best source for a solution. I added the following code:

    <Directory /home/*/public_html>
         Options +ExecCGI
         AddHandler cgi-script .cgi
    </Directory>
    

    to /etc/apache2/sites-available/default, and it was fixed! Onto the next problem....

    The path to my blosxom site is different on my desktop and on my server, which gives me problems in a couple of different places.

    The easy one is the link to my CSS style sheet in head.html. I made this link absolute to the copy on my server, ie.

    <link rel="stylesheet" type="text/css"
    href="http://blog.langex.net/bloxsom/2c-lc-static-layout.css">
    

    So now both copies of the site pull the style sheet off the server.

    Slightly harder are the several paths hard-coded into blosxom.cgi. To work around this, I settled for two versions of the script. I use unison-gtk[2] to synchronize between desktop and server, so that after forking the two copies of the file I just tell unison to "ignore" the difference in the future (ie. it does not sync that file). Furthermore, to ensure the server copy gets backed up, I hard linked it to another file name, ie.

    ln blosxom.cgi blosxom.cgi.server

    which unison then dutifully keeps a copy of on my desktop.

    I have some hard-coded menu links in head.html that now just work on the server, not on the desktop, but I consider that to be a minor issue....

    [1] http://httpd.apache.org/docs/2.0/howto/cgi.html
    [2] http://www.cis.upenn.edu/~bcpierce/unison/

    posted at: 11:48 | path: /Linux/Debian | permanent link to this entry


    /Admin/backups/misc: Review / Comparison of rdiff-backup[1] & backuppc[2]

    I have used both. backuppc has some clear advantages:

    In a word, backuppc is truly an enterprise-class piece of software, highly recommended for big complex backup situations.

    However, there is a price to pay for all that automation and all those features:

    I like both of them very much, but they are suited for quite different situations. If you are backing up several machines or more, and you have one machine with a lot of disk space that you can devote largely if not entirely to backuppc, backuppc is probably the way to go. Any lesser requirements are probably best met with rdiff-backup.

    [1] http://rdiff-backup.nongnu.org/
    [2] http://backuppc.sourceforge.net/

    posted at: 03:20 | path: /Admin/backups/misc | permanent link to this entry

    Sat, 06 Sep 2008


    /SW/website/blog/rss2email: rss2email: RSS to E-mail: How to Read Blogs & News Via E-mail

    http://rss2email.infogami.com/

    I must admit I am generally too lazy and absent-minded to regularly troll blogs and websites that I find interesting. The trolling method just is not "easy" if one is busy, with lots of other claims on both time and attention. RSS Feed Aggregators [1 & 2] are software that is supposed to pull all this stuff into one place and, again, make it "easy". Sorry, not enough. I have tried them, and I am too lazy/busy to even start the RSS Agregator up.

    How about sucking those RSS feeds into e-mail? I, for one, do pay attention to e-mail, at least long enough to take a quick peek at it and decide whether it merits an immediate read. My e-mail client is already set up and heavily used so I know exactly how to integrate those new bits of e-mail that come from RSS feeds.

    And rss2email[3] is dead easy to setup, and once setup, I never have to touch it again except to add or remove feeds. New blog posts or news content just show up in my inbox.

    Actually, in Debian Linux[4], my preferred operating system, installation and setup is absolutely trivial. You Micro$oft users will have to work just a little bit harder to get setup.[5] (I suspect the Micro$oft installation instructions will work for a Mac as well, but am not sure.....)

    And if you will allow me a little further bragging, because (more or less) all Linux systems have a running e-mail server, rss2email can deliver these e-mails directly to the e-mail server sitting right on my desk, ie. the e-mails never actually leave the room. Windows users will probably have to forward the e-mails to their Gmail, Yahoo Mail, whatever account, and then download them again when they next check their e-mail.

    [1] http://en.wikipedia.org/wiki/Aggregator
    [2] http://en.wikipedia.org/wiki/List_of_feed_aggregators
    [3] http://rss2email.infogami.com/
    [4] http://www.debian.org/
    [5] http://rss2email.infogami.com/getstarted

    posted at: 03:08 | path: /SW/website/blog/rss2email | permanent link to this entry


    /SW/website/blog/blosxom: Blosxom Layout: Headers, Footers, and Multiple Columns with CSS

    This is my second Blosxom[1][2][3] site in as many weeks. This was the first:

    http://www.doesharleysuck.com/blosxom.cgi/site-news/#bloxsom

    I used to use Typo3[1] for my notes. Typo3 is a real HEAVY, truly an enterprise piece of software. A little tricky to setup the first time, but a real pleasure to work with after setup. BUT. Typo3 is a PHP app that needs MySQL on the backend, ie. it depends on Apache/PHP and MySQL, with some quite substantial memory requirements as well. Not a light-weight app. And all your data is tied up in a MySQL database, which is great if the amount of data involved is truly huge.

    I think Blosxom is a much more appropriate solution for this kind of site. Fast and simple. The only tricky part is the CSS, if you want a multi-column website and you are not familiar with the CSS way of site layout.

    For reference, here is the CSS style sheet that lays out this site:

    /* Layout Stylesheet */ 
    
    body{
     margin: 0px;
     padding:0;
     background: #ffffff;
     color: #333333;
     /* http://www.sitepoint.com/article/anatomy-web-fonts */
     font-family: verdana, "trebuchet MS", helvetica, sans-serif; 
     }
    
    #head-box{
     height: 45px;
     border: 2px solid #000000;
     background: #000000;
     color: #ffffff;
     padding: 5px;
     }
    
    #lh-col{
     float: left;
     width: 200px;
     border: 2px solid #000000;
     background: #c0c0c0;
     color: #333333;
     margin: 0px;
     padding: 10px;
     font-size: 10pt;
     }
    
    #rh-col{
     margin: 20px 20px 20px 240px;
     background: #ffffff;
     color: #000000;
     padding: 20px;
     }
    

    "head-box" defines the black banner at the very top of the page. "lh-col" defines the vertical menu column with the bluish-gray background on the left side. "rh-col" defines the content column on the right, where you are reading this.

    To use these CSS definitions, you must import them into the page header (see "head.html" below) and tag the HTML associated with each area (banner, menu, content) with div tags, for example:

    
    <!-- left column -->
    <div id="lh-col">
    
         /* left column HTML content here */
    
    </div>
    <!-- end of left column -->
    

    To be more concrete, blosxom uses several template files to define layout. One of these is "head.html". Here is mine for this site:

    
    <html>
    <head>
     <title>$blog_description</title>
    
    <!-- this is where the CSS style sheet above is imported -->
    <link rel="stylesheet" type="text/css"
    href="/blog/bloxsom/2c-lc-static-layout.css">
    
    </head>
    
    <body bgcolor="#ffffcc">
    
    <!-- header -->
    <div id="head-box">
    <strong><font size="6"><div align="right">$blog_title</div></font></strong>
    </div>
    <!-- end of header -->
    <p>
    
    <!-- left column -->
    <div id="lh-col"><br>
    
    <h4><a href="/blog/blosxom.cgi">Home</a></h4>
    <h4><a href="/blog/blosxom.cgi/contact-us/">Contact</a></h4>
    <h4><a href="/blog/blosxom.cgi/links/">Links</a></h4>
    
    Search this site:
    /* Google search box code here */
    
    <h3>Categories:</h3>
    $categorylist::display
    
    <h3>Archives:</h3>
    $archives::archives
    
    <h4><a href="/blosxom.cgi/index.atom">Subscribe Atom Feed</a><br>
    <a href="/blosxom.cgi/index.rss">Subscribe RSS Feed</a></h4>
    
    <center>
    <a href="http://www.blosxom.com/"><img src="http://www.blosxom.com/images/pb_blo
    sxom.gif" border="0"></center>
    <p>
    
    </div>
    <!-- end of left column -->
    <!-- right column -->
    <div id="rh-col">
    
    <div style="padding: 10px; float: right;">
    /* Google vertical banner code goes here */
    </div>
    
    $breadcrumbs::breadcrumbs
    

    Its not as scary as it looks. Just start with the simple bare-bones template files from the installation guide[5]. Link my CSS file into head.html. Tag the appropriate areas of the template files with the desired CSS area definitions (header, left column, right column). Adjust the CSS bit by bit, checking every step in your browser until you have the layout you want. Add content to the template files, piece by piece, again checking every step in your browser. No sweat

    If anyone tries to use this and finds it to confusing, let me know and I will try to make it more simple and specific. Right now I am just throwing my own configuration files at you, ie. the lazy expedient approach to documentation. :-)

    [1] http://blosxom.sourceforge.net/
    [2] http://www.blosxom.com/
    [3] http://blosxom.ookee.com/
    [4] http://typo3.org/
    [5] http://blosxom.sourceforge.net/documentation/users/flavour.html

    posted at: 03:08 | path: /SW/website/blog/blosxom | permanent link to this entry


    /Linux/fonts: Install the Microsoft True Type Core Fonts for the Web

    If you are a Linux user. Really. It makes a big difference.

    In Debian:

    apt-get install msttcorefonts

    msttcorefonts suggests you install the ttf-liberation package which contains "free variants", but in my experience, they do not work.

    After installing msttcorefonts, with a website specifying the defaults:

    body{
    /* http://www.sitepoint.com/article/anatomy-web-fonts */
    font-family: verdana, "trebuchet MS", helvetica, sans-serif;
    }

    suddenly the displayed fonts look a lot better in both Firefox and Opera.

    posted at: 03:08 | path: /Linux/fonts | permanent link to this entry


    /Admin/email/postfix: Impeding Spammers: Cap the SMTP E-mail Send Rate

    One name: postfix-policyd[1]. Awesome. And I am only using just one of its features to-date.

    I am not sure what the performance hit will be, because policyd is quite data intensive, and therefore is in fairly constant communication with MySQL. But this is an unavoidable nature of the beast.

    The feature I am using is "Sender-based Throttling", wherein I can restrict *anyone* (not just my own users) who connects to my SMTP server to sending no more then a specified number of messages into my server over a specified period of time (message rate - say max 10 msgs/hr, for instance) addressed to no more then a specific number of addressees per period (say max 100 addressees per hour, for instance). The same feature is also supposed to restrict message size, and bandwidth used (ie. MB per hour, for instance, per user) but I have not yet gotten this working.

    One caveat: webmail clients running on the same server do not use SMTP to send mail, they just use sendmail. So this method of restriction does not apply to webmail users (who are a *much* smaller spam problem...)

    One gotcha, that wasted several of my hours: I finally figured out that when I used StartTLS / SASL to send a message through SMTP, it was not being counted. This was caused by an order-of-parameters problem in /etc/postfix/main.cf. The postfix website[2] says main.cf should be configured as follows:

    
     5 /etc/postfix/main.cf:
     6     smtpd_recipient_restrictions =
     7         ... 
     8         reject_unauth_destination 
     9         check_policy_service unix:private/policy 
    
    
    which implied that check_policy_service should be the last item on the list. My current smtpd_recipient_restrictions list looks like this:
    
    smtpd_recipient_restrictions = 
       check_policy_service inet:127.0.0.1:10031
       permit_sasl_authenticated
       reject_unauth_destination
       reject_unlisted_recipient
    
    
    My problem was that before, permit_sasl_authenticated was at the top of the list, which meant that SASL authenticated e-mails were immediately accepted and NEVER PASSED to policyd. Move permit_sasl_authenticated below the check_policy_service and policyd gets to make its decision first.

    [1] http://www.policyd.org/
    [2] http://www.postfix.org/SMTPD_POLICY_README.html

    posted at: 03:08 | path: /Admin/email/postfix | permanent link to this entry


    /Admin: Don't Use Resolvconf on Your Server

    I seriously shot myself in the foot this week by installing the resolvconf package on my vpslink.com VPS (Virtual Private Server). Doing so was pretty much a reflex, as it is installed on all my other machines. And it is a useful package on a machine with variable network configurations. Not useful on a server with a static network configuration.

    Anyway, a few days later, I rebooted the VPS. And spent the whole rest of the day trying to figure why outgoing DNS reolution no longer worked (meaning, I could SSH into the server, I could ping any IP, but I could not ping URLs).

    As it turns out, any time resolvconf is run (boot is one of those times) if it has not been spoon-fed any information about nameservers, it blanks the /etc/resolv.conf file. And wipes out any nameservers my VPS provider may have put there. At least on Debian, blank /etc/resolv.conf = no DNS resolution.

    I think I might have been able to fix it by uninstalling resolvconf and rebooting, but just in case, some kind soul on the #vpslink IRC channel gave me a couple vpslink.com DNS servers:

    nameserver 64.79.200.111
    nameserver 64.79.200.113

    And they go into /etc/resolv.conf just like that. Don't forget the "nameserver" prefix, if it is missing DNS resolution will continue to silently fail and won't complain about the bad syntax. That also cost me some time.

    There is also a list of public DNS servers that might come in handy some day:

    http://www.tech-faq.com/public-dns-servers.shtml

    posted at: 03:08 | path: /Admin | permanent link to this entry