In the end, this means that Google is pushing for an end to IE6's domination, but in a way that benefits their own interests. While I can't blame them, this is definitely a step towards evil.

In order for this to work, insert the following code somewhere in your system:

If everything works as advertised, you should see the video below:

                                                                                                                                            
[warning] /usr/bin/vuze: Unable to locate swt in /usr/share/java
file:/usr/lib/jni/ ; file:/usr/lib/java/ ; file:/usr/share/java/Azureus2.jar ; file:/usr/share/java/log4j-1.2-1.2.15.jar ; file:/usr/share/java/commons-cli-1.2.jar ; file:/super/workspace/
java.lang.reflect.InvocationTargetException                                                                                                                                                 
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                      
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)                                                                                                    
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                                            
        at java.lang.reflect.Method.invoke(Method.java:616)                                                                                                                                 
        at org.gudy.azureus2.ui.common.Main.directLaunch(Main.java:229)                                                                                                                     
        at org.gudy.azureus2.ui.common.Main.main(Main.java:132)                                                                                                                             
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                      
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)                                                                                                    
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                                            
        at java.lang.reflect.Method.invoke(Method.java:616)                                                                                                                                 
        at com.aelitis.azureus.launcher.MainExecutor$1.run(MainExecutor.java:37)                                                                                                            
        at java.lang.Thread.run(Thread.java:636)                                                                                                                                            
Caused by: java.lang.NoClassDefFoundError: org/eclipse/swt/widgets/Shell                                                                                                                    
        at org.gudy.azureus2.ui.swt.mainwindow.Initializer.(Initializer.java:111)                                                                                                     
        at org.gudy.azureus2.ui.swt.Main.(Main.java:88)                                                                                                                               
        at org.gudy.azureus2.ui.swt.Main.main(Main.java:255)                                                                                                                                
        ... 12 more                                                                                                                                                                         
Caused by: java.lang.ClassNotFoundException: org.eclipse.swt.widgets.Shell                                                                                                                  
        at java.net.URLClassLoader$1.run(URLClassLoader.java:217)                                                                                                                           
        at java.security.AccessController.doPrivileged(Native Method)                                                                                                                       
        at java.net.URLClassLoader.findClass(URLClassLoader.java:205)                                                                                                                       
        at java.lang.ClassLoader.loadClass(ClassLoader.java:321)                                                                                                                            
        at com.aelitis.azureus.launcher.classloading.PrimaryClassloader.loadClass(PrimaryClassloader.java:103)                                                                              
        at java.lang.ClassLoader.loadClass(ClassLoader.java:266)                                                                                                                            
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:334)                                                                                                                    
        ... 15 more                                                                                                                                                                         
Start fails:                                                                                                                                                                                
com.aelitis.azureus.core.AzureusCoreException: Azureus core already instantiated                                                                                                            
        at com.aelitis.azureus.core.impl.AzureusCoreImpl.create(AzureusCoreImpl.java:120)                                                                                                   
        at com.aelitis.azureus.core.AzureusCoreFactory.create(AzureusCoreFactory.java:46)                                                                                                   
        at org.gudy.azureus2.ui.common.Main.main(Main.java:160)                                                                                                                             
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                      
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)                                                                                                    
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                                            
        at java.lang.reflect.Method.invoke(Method.java:616)                                                                                                                                 
        at com.aelitis.azureus.launcher.MainExecutor$1.run(MainExecutor.java:37)                                                                                                            
        at java.lang.Thread.run(Thread.java:636)                                                                                                                                            

This property of git also has a potential downside when you are simply trying to access the latest version of a repository. In order to overcome this, git support a --depth parameter. This parameter will have the effect of preventing you from cloning it or fetching from it, and other repositories will be unable to push to you, and you won't be able to push to other repositories. These downsides ignored for a moment, having to work with only the recent history can be extremely desirable.

One concrete example of this would be the case where a user wants to compile wine. The official Wine Wiki has a git clone built right into the instructions. If you follow these instructions you will have the entire history, and it will take up around 200MB of disk space (this number will go up as time continues). By adding the depth parameter as follows, you can save more than half of this time by only checking out the most recent version of the repository.

Understand what is open

Before you can harden anything, you need to understand how exposed your currently are. There are a few ways of doing this, and I recommend you try at least a couple. The first way is to use nmap to scan your IP address. You will need to do this from another computer, preferably in your local network. This scan will provide information about all of the ports your computer responded on. The second way I recommend you understand what your system is exposed to is to run the command netsat -atuv. This command will return a list of listening and active connections your computer has.

Review the open ports list

This step will require some knowledge of your system and of networking. Each port typically serves a standardized purpose. This means that you will need port 22 open, for example, if you want to allow incoming ssh connections. You will need port 25 open if you want to run a mail server. You will need port 80 or 443 open if you want to run a web server. Unless you want no remote access on your machine (a valid assumption for some people), you will need to be careful what you disable.

In my default install ports list, I have ssh, smtp, mdns, bootpc, and port 37319 open. You can tell a port is open from netstat, as it will look as follows:

In this output, the "*:ssh" means that SSH is listening on all network addresses, and that any computer that can connect to mine can open a connection with SSH. THe "localhost:ipp" means that my CUPS printer setup is NOT listening on any address, and that only programs local to my machine can open connections. Localhost servers are generally safe and won't expose your machine to malicious remote users, unless they break your user authentication, or already have a local user.

Secure smtp or Postfix (port 25)

Postfix by default listens to your network and trusts mail reporting that it is coming from your local network. This typically isn't needed, and you can secure postfix to only listen to the local machine for additional security. Open the file /etc/postfix/main.cf find a line containing "inet_interfaces = all", and change it to "inet_interfaces = localhost". You then restart postfix with sudo postfix stop and sudo postfix start. You should check netstat -atuv again to ensure this worked.

Secure mdns (port 5353)

After researching mdns briefly, it seems this is something I wish to keep. This allows computers on the local network to find other computers using friendly names. This means that your computer will auto resolve when using "hostname", rather than always having to rely on your router, or needing to use the IP directly. This is useful to me, and worth the security risk to leave open.

Secure bootpc (port 68)

Bootpc is a part of the standard DHCP system. How DHCP works is that you send out a multicast UDP packet to the network requesting information from any available server. This means that you must also have a process listening for responses. This is a standard part of linux networking. You could remove your DHCP capabilities, but the boopc listener shouldn't be a security risk.

Remember to use a firewall

One of the important things to remember is that you should always use a separate firewall between yourself and the internet, and only use port forwarding for the things you absolutely need to be able to forward. I recommend only forwarding SSH, as you can use SSH to tunnel any other sorts of traffic. I also recommend running SSH on a nonstandard port, as this will reduce the amount of "doorknocking" your computer receives. These security steps are primarily designed to protect you if someone else has gained access to your network, or if there is another compromised machine somewhere behind your firewall.

One of the downsides of gitosis is that all administrators have equal permissions to add/remove keys, and there is no mechanism for users to manage their own keys. In response to this I have begun building Gitosis Web, a PHP frontend to gitosis that adds some extra capabilities and ease of use.

Many people are comfortable with Gitosis, and that's great. This tool doesn't replace Gitosis or say there are any issues with Gitosis, but simply that some workflows could benefit from an additional frontend.

Check out Gitosis Web on github

Gitosis Web Readme

Gitosis Web

Gitosis Web is designed to is designed to be a layer on top of gitosis. Leveraging PHP and extra properties stored in the gitosis configuration to allow and administrator to control the entire file, and to allow individual users to manage their keys.

Install Instructions

To install, you will need working installations of git, gitosis, php, and mysql. This system has been tested under linux, but might work on windows too (Assuming you have git in your PATH). Once you have this, make sure your apache user (probably www-data) has a checked out copy of gitosis-admin, and that it has a key setup with the gitosis server you want to administrate. You should add a "name = x" row for your adiministrator to the [gitosis] section, and an "x = pass" section to specify the cleartext password.

Once you have it setup, you load the web interface, specify the path of the gitosis-admin working copy, and provide a username and password. From there you can make changes to the gitosis configuration, or add keys to already specified users. Each user should get a group looking like [group user-stephen].

Future Plans

At some point in the future, I hope to add the ability to manage users without tweaking the gitosis.conf file, or allow users to manage their own keys. Allowing project owners might be a cool idea, but might make the interface too complex.

Making it Secure

Before you do any of these steps, make sure you add the following to your .htaccess, and that URL Rewriting is working in your apache setup.

Without doing this, anyone will have read-access to all of your code, and your entire source history.

Use git

This guide assumes a lot of knowledge about source control, management, and is not a guide to git. This guide assumes you can figure those parts out, but that you want to know more about one specific workflow that works very well in my opinion.

The main idea behind this workflow is that you will have a central repository, a development version of the software, and a published version of the software.

Convert something else to git

If you want to keep any history, the first step is going to be to convert the source control history to git. If you are using cvs, you will need to convert to SVN, and then to git. If you use SVN, simply use git to do a git svn clone of the repository somewhere on your local system. From there I recommend you move the .git folder to the remote production server, and make a copy in the development folder. If you go into each of these folders and type git status, you will see any differences that have not yet been committed to the repository, but you will be ready to make and receive changes.

Now that you are setup, time to develop

From there, things are relatively simple. Simply make any changes you want in your development environment. When you are finished with your changes, and they have been tested to your satisfaction, commit the changes, and push them to the repository. You can then enter your production server, and pull the changes from the repository. You can also simply pull directly from the development server, but organizations I have worked with tend to like a 3rd copy of the source, somewhere separated from the hosting environment.

If you want to, you can make emergency or urgent changes directly on the production, following any existing workflow you have for ensuring something is not broken. When these changes are complete to your satisfaction, simply commit and push them, and do a pull from the development environment.]]> http://mortalpowers.com/news/error-plasma-desktop-has-no-installation-candidate Wed, 17 Feb 2010 00:00:00 -0600 An error I received after trying to update one of my Kubuntu Karmic Koala installations to the latest KDE 4.4 was plasma desktop has no installation candidate.

The solution was to recheck all of the repositories listed in /etc/apt/sources.list and the files in /etc/apt/soruces.list. I previously had a kubuntu beta repository. I exchanged this for the correct stable repository, updated, ran an upgrade. Additionally, I needed to run sudo apt-get install kubuntu-desktop for the appropriate packages containing "plasma-desktop" were installed.

You can actually start plasma-desktop from Kwin by pressing Alt+F2 and typing "plasma-desktop", or it can be automatically be restarted by switching to one of the virtual consoles and typing restart kdm, but beware this will kill any gui applications you have running.

How to get it back

For me, finding out how to get it back was a frustrating experience. My first problem was that I didn't know KDE called it the "Menubar", when I looked in the keyboard shortcuts, or when I googled online, I couldn't find anything relating to the dolphin file menu. The second usability problem I see is that right clicking on the title bar, or any of the toolbars (which take the place of the menubar at the top of the screen after it is removed don't give you the option to bring it back.

It was finally after I had practically given up looking for the menubar that I right clicked in the MAIN pane of the screen. This context menu then provided me with both the appropriate keyboard shortcut, as well as a button to bring the menu bar back.

The confusing thing is that everything Google Buzz does is already possible on a plethora of other sites. It will be interesting how it differentiates itself, or if it simply complicates and confuses the wide landscape of social tools already in use by the masses.

The solution I believe was to install qt4-config, run qtconfig, change the font size up to 9, and then back down to the default of 8. When you launch the program again, all of the fonts and text should be fixed and legible. Have fun using this awesome program!

This talk will be at the Penguins Unbound Linux users group in Falcon Heights, Minnesota on the last Saturday of the month. I will post additional details and documents closer tot he date.

How to install video thumbnails

The first step is to install the mplayer thumbnails package. My research indicates that this has been in the standard repos since Jaunty.

This will change dolphin so that that when you click on a video, it will be previewed in the preview panel. To make thumbnails show up in the icon view, you need to do a little more configuration. Go into Settings->Configure Dolphin. Click on the "General" section from the list of sections on the left, select the "Previews" tab, and check the box next to "Video Files (MPlayerThumbs)".

That's it, enjoy your video thumbnails in dolphin on KDE

As an example, if we look at mortalpowers.com we will see that Google Chrome accounts for around 30% of the traffic. What is odd is that over the past 3 weeks, 100% of adsense revenue has come from Chrome. This strange pattern is again repeated for Linux. Linux makes up around 40-50% of traffic, but ends up providing nearly 100% of adsense revenue.

Keep in mind that for this site, sample sizes are very small. From this type of data and with a larger sample size, it is clear that these new features are going to help those seeking to monetize their web presence and content greatly.

Lucid Lynx - Ubuntu Alpha 2

So far, Lucid Lynx has been extremely stable. For the entire release cycles of Jaunty and Karmic, as well as alpha 1 of Lucid Lynx, the Live CD wouldn't work on my system. It wouldn't boot at all, regardless of using the alternative installer, or the live CD with a plethora of boot flags attempted. Lucid Lynx went so far as to work in my system without the Kernel flag acpi=off which I have needed for my entire life with Ubuntu.

The installer was nice, easy to use, and although my Nvidia drivers weren't installed properly by the Jockey (KDE) GUI, they were very easy to install with sudo apt-get install nvidia-current

In addition to this, Kubuntu installed ALSA without PulseAudio by default, which in the past hasn't worked with my microphone, but this install seemed to fix everything I have been fighting with for the past few years. Once again we will see how long it lasts, and I had almost gotten used to the per-application controls of pavucontrol. Who knows, maybe I will install PulseAudio a year from now and everything will just work with ALSA + PulseAudio in perfect harmony. I'm not holding my breath.

KDE 4.4

A couple of the features I was waiting for with KDE have finally landed. The first which I wanted, but I had no idea why I wanted it is a feature that is most easily described as "Windows 7 Snap". This means that I can drag windows to the left or right edges of my screens, and they will "snap" into place at 100% height and 50% width. You can also drag windows to the top of the screen and they will maximize. This hurts my workflow a little bit in that it isn't instant to drag and drop maximized windows between monitors, but I believe I will get used to it. This also works for multiple monitors, which is surprising because as of a week ago (before I ran some package updates) wasn't working for the middle bar between the monitors.

Another improvement that I wasn't expecting is that they remade (or finished) the Add Widget menu. Now when you add a widget, whether to the desktop or a panel, a very nice bar pops out that is easily navigable, and uses drag-and-drop for placement.

The final thing I didn't expect was that moving files and deleting files is much smoother. In Karmic and before, when I deleted a set of files in Dolphin (or sent them to the trash), they would remain on the screen for a few moments while KDE worked in the background. Now these types of processes are instant, as they should be. The notifications for file transfers and activities have also been much improved. Now the useful data is presented first, with the option to expand the notification to show the rest of the information. Biggest of all about the notifications, they actually seem accurate now.

Hopefully I will be able to write more about any new features of KDE I discover as I continue this dangerous journey through the Ubuntu 10.04 alphas.

In response to this inevitability, I propose people that write about or involve themselves in the Linux, or even in the general power user populous, stop supporting all versions of Internet Explorer immediately. I will admit that my website still has around 20-30% usage of Internet Explorer, but I am coming more and more to the opinion that those who continue to use it, probably wouldn't understand anything I'm writing about. This leads me to believe that this traffic ends up being people that are confused, as well as web spyders disguising themselves as a normal user, artificially inflating the numbers for IE.

Benefits of abandoning IE

By abandoning IE, it makes web development and testing easier. Development can focus on the standard DOM, and on leveraging some of the more advanced functionality of the web, such as new request types, as well as little things like rounded corners, or every-other CSS selectors.

Abandoning IE as a web developer or publisher is going to send a message to Microsoft and indirectly to uninformed users about their computing choices. When a percentage of the websites a person visits in a day stop working, they are going to ask why. If the answer is that their browser is broken (which it truly is), they will be much more likely to make a switch. The message it sends to Microsoft is that shipping a broken browser that is out of touch with the modern internet is going to hurt their users. This would also tell them that if they want to ship a working browser (which is what Apple and the open source community had to do in the past), they are going to have to adopt the features and usability of the other browsers, which in this case would be primarily based on standards and extensibility.

Problems with abandoning IE

By abandoning IE, you may make your website unusable for users that don't know, or can't upgrade (some corporate offices still require everyone to run IE6). This could also decrease your traffic. There is also a chance that Microsoft will just ignore any sites that do this, which is a definite probability based on their past behavior.

Summary and Philosophy

In theory by abandoning IE you will be able to focus on innovating for your best users, rather than hacking and making workarounds for your worst.

The step to remove existing firefox installations may or may not be necessary for you. On the machine I tried it on, I had to remove "firefox" before the new required packages for firefox-3.6 would install properly. Don't worry, as installing/uninstalling software should never affect your user preferences.

What's awesome in Firefox 3.6?

One of the best things about Firefox 3.6 is their new concept of "personas". Rather than a full theme, personas are more similar to a desktop background. This means the persona is going to affect the color and images used in the browser, but not much else. The best thing about personas is that they can be previewed live in the browser simply by hovering over each of the themes, and apparently there are already 30,000 themes, most of which are pretty cool looking. Check out getpersonas.com to browse the entire catalog.

The second most interesting thing is that Mozilla has continued improving the speed of the browser overall, and apparently it's 20% faster than Firefox 3.5, which is great for a browser that most people love, but has been receiving a lot of flak for being slower than Chrome.

There is a trick that is possible still using media detection that selectively applies the styles based on the screen width. The following code is an example of two stylesheets. The first should be applied on desktop computers, and the second should be applied on Android and iPhone.

Find additional information and tips at http://www.rkblog.rk.edu.pl/w/p/optimizing-websites-iphone-and-android/

In the default settings in Ubuntu, valid users are only allowed 10 failed valid-username attempts over a period of 5 days, or 5 failed invalid-usernames over the same period.. This may seem like plenty, but occasionally when travelling you will repeatedly use the wrong password or the wrong username, you can get your entire IP blocked. At this point you have to use another machine (or another IP) to connect to the server to fix the problem.

How to unban yourself in DenyHosts

The easiest way to temporarily unban yourself is to delete the entry containing your IP in /etc/hosts.deny. This will work for a few seconds, before DenyHosts regenerates the file. It should be enough to connect and fix the issue from your main host. You will also want to do this in combination with the next step.

How to fix the problem permanently

In my opinion, the problem with DenyHosts in a default Ubuntu install is that successful connections don't reset any of the failure counts. This means that if you attempt to connect each day, and fail twice, and succeed on the third attempt, by the 3rd day of this, you could be banned from your own server.

The fix involves editing your /etc/denyhosts.conf. Open this file as root in your preferred editor, and locate the configuration option RESET_ON_SUCCESS and make the line read as follows:

After making this change, and restarting denyhosts with /etc/init.d/denyhosts restart, you will want to unban your IP, and connect again successfully so that your fail counts are reset. Hopefully from there, you won't be banned by your own innocent login failures.

Chromium includes a super-fast webkit rendering engine, their own v8 javascript engine, and process-separated tabs. Chromium also includes support for HTML5 tags, including the video tag, supporting both Ogg Theora/Vorbis, as well as the controversial .h264 / mp4.

How to install Chromium on Ubuntu

The easiest way to install it is to add the PPA to your repositories. You can follow the instructions on the PPA directly, or follow the instructions below, assuming you are running Karmic or later.

How to Get Started

Either run chromium-browser directly, or choose it from your menu. Chromium supports extensions, as well as bookmark sync that uses your existing google account. Find these things in the preferences menu, which can be opened by clicking on the wrench icon in the upper right hand corner.

Youtube HTML5 Videos

Until youtube offers full support for HTML5 rather than Flash for videos, you can install the following extensions which swaps out the page components for you: YouTube HTML5-ifier which is in development by Mark Renouf and myself.

Page titles and Page Descriptions

Using the Google Webmaster tools, I have systematically been following all reports of duplicate page titles and duplicate page descriptions. I started with Page Titles, ensuring that each of the article and content pages included a title related to the article. I also went through some of the more generic navigation pages and added a title that would indicate where the user is. In theory this will not only help SEO, but also make the site easier to navigate and understand for users, especially those with different accessibility needs. Originally going through page titles, I though that perhaps the page descriptions were unimportant, but recently I finished the page titles and began writing content for the descriptions, as I realized these are used by search engines to sometimes show a summary of the page, when specific page content didn't match the user's search.

One of the difficulties I have run into with page descriptions is that I'm not sure what tense/person to write these in. I have tried to keep all of the page descriptions simple and declarative, and I'm sure there is a standard out there I'm supposed to follow, but that will have to come another day.

Page URLs

I had a lot of legacy URLs, for example the imaging system were all under the name "posse", which was the name of the group I originally had photos of. I have been refactoring and redesigning the site so that all of the urls make sense. This means that "posse" is now "photography", which definitely more accurately describes what that section of the site does. Another area I have improved is with the article system. It appears that a few characters have slipped in over the past year that weren't removed from the URL string version of the article, meaning that things like single quotes were included, when they have the potential to mess up spyders or browsers that don't process them well.

404 Errors

The final piece I have been working on is to add a few 404 errors to pages where the user is searching or browsing. The best example of this is the new tagging system. Before with the tagging system, if you entered a tag that didn't yet exist in the site, you would receive a blank page that didn't tell you anything about what happened. This type of user interface leaves the user wondering "what happened? Did I do something wrong?". In response to this, if you try to view a tag that doesn't exist yet, you will get a 404 error, as well as a friendly error message explaining what happened.

I understand that photos can never really capture the beauty or magnificence of really traveling and seeing places for yourself, but hopefully some of the photos I take are at least pretty to look at.

How to convert a certificate for Courier

It is relatively simple to make the conversion once you know how. Take the cert downloaded from godaddy (this file is typically a .crt file) and conver the cert to PEM using the following command

From there you need to take the PEM file and prepend the unlocked .key file into a new file ending in .pem. The .key file would have been created by you when you originally made the Certificate Signing Request. This key file contains your private key that allows you to decode the data provided by others using your public key, and forms the basis of the SSL system.

With this new .pem file in a safe place, point your imapd-ssl Courier configuration file to it, and you should be done,

Inspiration and tips for this article found at http://www.tnpi.net/wiki/Use_a_signed_SSL_certificate.

This is where kexec comes in. kexec is a tool that allows Ubuntu (or any Linux distribution) to pass control between kernels directly. This means that when rebooting, control never get's passed back to the BIOS for reboot, and no additional device testing or detection (beyond that required by linux) needs to be done. For me, all of the initialization steps in the BIOS and GRUB before Linux takes over takes around 30-40 seconds. This is a little bit longer than the average case, but I'm sure this is a problem for a lot of people.

How to install kexec

You can install kexec in Ubuntu using the following command:

The installation will ask you if you want to replace the reboot process. In order to have the benefits of skipping unnecessary steps in reboot, you need to choose the option that uses kexec for your reboot.

What could go wrong?

The only problem with this is when you are attempting to actually return to the BIOS, or if you want to go back to GRUB to choose another operating system in the case where you dual boot. This isn't that big of a deal though. Although I haven't found a way to pass control directly to GRUB or back to the BIOS, it is possible just to choose shutdown, and then turn the computer back on after the shutdown has completed. It doesn't take any extra time, it just takes more effort as you need to press the power button on the computer.

Solution

The solution (however unfortunate) appears to be simply to restart the machine.