Arbitrary Useful Information

This is a list of firefox add-ons that I use and find very useful.  I will update this entry if I find other very useful add-ons or if the ones of this list lose favor with me.

• Download statusbar: This add-on creates a status-bar at the bottom of the browser to manage downloads, rather than popping up a separate window to manage them, as firefox normally does. Not only does the status-bar save screen real estate, but it also keeps the download manager out of your way.
• NoScript: This is a great add-on for managing which sites can run java, and javascript.  It does this by assuming that a site is forbidden from running java and javascript unless you add the site to a whitelist.  Not only is this add-on good from a security point of view, but it also helps limit how annoying a website can be.
• Swift tabs: Firefox has integrated lots of the support that tabbing add-ons provide, but it still does not have support for keyboard shortcuts to switch between tabs.  This add-on allows you assign such shortcuts.
• Snap links: This allows you to use the mouse to draw a rectangle around a group of links on a website, that you wish to view, and each of those links will be opened in separate tabs. This is particularly useful when using search engines.

Many of my posts are explanations of information written by myself.  Today, however, I would like to post a link to a site that has a good explanation of how to perform an svn merge in 2 fairly common scenarios.  The first scenario explains how to merge changes from a project’s trunk into an existing project.  You might want to do this if you are working on a project branch, some critical changes are made to the trunk, and you would like those changes incorporated into your branch.  The second scenario explains how to merge a project branch back into the project’s trunk.

This is a howto discussing the use of Gentoo’s keychain and OpenSSH public-private keys to enable passwordless logins between Linux/Unix machines. When you are done with this process, you will be able to log on to your local machine, type a passphrase once, and that will eliminate the need to type passwords when ssh’ing from that local machine to remote machines. I will explain this howto giving you instructions for generating and using a DSA key which works with ssh2. At the end, I will explain how to add RSA keys that work with ssh1 and RSA keys that work with ssh2. Note, I use tcsh, so some of the commands might be different if you use a different shell, such as bash.

Before I detail the steps for the howto, I want to setup some terminology:

• Local-initiation host: A local-initiation host is any host that you locally log into and from which you wish to log into remote hosts without a password.
• Target host: A target host is any host into which you wish to login using ssh. A local-initiation host may also be a target host.

Here are the steps for setting up passwordless login. These steps should can be run from a local-initiation host.

1. Create a DSA public-private key pair.
   • Please use the most up-to-date OpenSSH implementation if you are generating your keys on a Debian-based machine (including Ubuntu) because there is a known openssh bug on Debian-based Linux distributions released between September 2006 and May 13, 2008.
   • Run: ssh-keygen -t dsa
   • By default it will ask to place your private key in ~/.ssh/id_dsa, which is where you want it.
   • Then it will ask you for a passphrase. It is my understanding that an empty passphrase is less secure than a non-empty passphrase, so use an empty passphrase at your own risk.
2. Create an authorized keys file and disseminate it to target hosts.
   • Ssh uses a file called ~/.ssh/authorized_keys on target hosts to determine if incoming hosts can login without a password . The authorized keys file contains a set of public keys. Any incoming host using an unlocked private key that is paired with a public key in the authorized keys file, will be granted access without a password.
   • To create the authorized keys file, run the following commands:

     touch ~/.ssh/authorized_keys
     chmod 600 ~/.ssh/authorized_keys
     cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

     Note, this adds your public key to the set of authorized keys.

   • Remotely copy the authorized keys file to the ~/.ssh directory of all your target hosts. If the current host is not a target host, then you can delete it from your local host. Make sure the permissions on the authorized keys file on all target hosts is 600.
3. Optional: Disseminate your private key to local-initiation hosts.
   • If you have more than one local-initiation host, then copy ~/.ssh/id_dsa to the ~/.ssh directories of all your local-initiation hosts, and make sure it has 600 permissions on each host.
4. Set up Gentoo’s keychain on local-initiation hosts.
   • First, let me explain what keychain does, so you’ll understand the setup.
     • If there is not an ssh-agent process running (for the local user), then keychain starts a persistent ssh-agent process.
     • Keychain saves environment variables in ~/.keychain/${HOST}-* files with information about the currently running ssh-agent.
     • Keychain make private keys know to the currently running ssh-agent, if they are not already known. If the keys are not already known, you are prompted for your passphrase, so they can be loaded.
   • Setup steps
     • Install Gentoo’s keychain on each of your local-initiation hosts.
     • Automatically run keychain. There are two methods to run keychain.
       1. The first method is to run keychain every time a shell is created. For example, I add the following lines to my ~/.cshrc file to do that:

          if (!($?SSH_CONNECTION)) then
            if (-X keychain) then
              keychain ~/.ssh/id_dsa
              source ~/.keychain/${HOST}-csh
            endif
          endif

          This code checks to see if the shell is local or remote(i.e., invoked through an ssh connection). If the connection is local, the shell runs keychain and reads in environment variables identifying where the local ssh-agent is running. (Note, if keychain has already been run, it is actually redundant to run it in every shell.)

       2. The second method is to run keychain once when you log into a local-initiation host, not every time a shell starts up.  This can be accomplished in a few steps.  To run keychain once when you login, create the following keychain-startup.pl script:

          #!/usr/bin/env perl
          # Import HOST
          use Env;
          Env::import();
          $cmd = "rm -f ~/.keychain/" . $ENV{HOST} . "-*";
          `$cmd`;
          $cmd = "keychain ~/.ssh/id_dsa";
          `$cmd`;

          Then set up your current windowing environment to call that script on startup. In Gnome, you can do this if you go through the following menu progression: Ubuntu Main Menu->System->Preferences->Sessions->Startup Programs. In your shell configuration script you need to read the appropriate keychain generated file for your shell, created in ~/.keychain. I do this by adding the following code to my ~/.cshrc file:

          if (!($?SSH_CONNECTION)) then
            if (-e ~/.keychain/${HOST}-csh) then
              source ~/.keychain/${HOST}-csh
            endif
          endif

     • In both methods above, we only run keychain if we are on a local host.  If you are on a remote host, i.e., one that you’ve logged into via ssh, there is no need to run keychain on it because you can forward the ssh-agent from the local host, through ssh.  That is done by calling ssh with the -A option or by setting up agent forwarding in your <code>~/.ssh/config</code> file.  In addition, this eliminates you having to type your passphrase on the remote host. Note, the use of agent forwarding implies that if you start at a local-initiation host, you can type your passphrase once on that host, log into target host A without a password, and then log into target host B from the just-created ssh connection to target host A, also without a password.
5. Test your setup.

Troubleshooting:

• Remote host identification has changed: If you try to ssh into a machine and get a warning about the remote host’s identification changing, see this site for an explanation.
• Permission problems: If you’re having troubles, you may want to check the permissions of your ~/.ssh directory and of the files in it. Most notably, your private keys should not be readable by anyone but yourself, and neither your ~/.ssh directory nor the files in it should be writable by anyone but yourself.

Setting up RSA keys in addition to your DSA key:

1. Generate the RSA keys similarly to how you generated the DSA key above, except you pass -t rsa1 to ssh-keygen to generate an RSA key for ssh1 and -t rsa to generate an RSA key for ssh2. Note, private RSA keys for ssh1 are stored in ~/.ssh/identity and private RSA keys for ssh2 are stored in ~/.ssh/id_rsa
2. Similarly to what you did with your public DSA key, add your public RSA keys to your authorized keys file and disseminate it to your target hosts.
3. Optional: Disseminate your private RSA keys to local-initiation hosts.
4. Modify the keychain code you added to your shell configuration file so that keychain is also called with your private RSA keys. For example, I would change the keychain line in my ~/.cshrc file to read: keychain ~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh/identity.

For more information:

• Run man on the following: keychain, ssh-keygen, and ssh-agent.
• Visit the following websites:
  • Gentoo keychain project

I have a Toshiba A135-S2356 laptop running Ubuntu. A major annoyance is that when the laptop is actually in my lap, it is too easy to accidentally brush against the volume dial. So, I find myself wanting to disable the volume dial. You can do this by going to the Ubuntu menu and selecting System -> Preferences -> Sound. At the bottom of the devices tab is a list of Default Mixer Tracks. If you set the Default Mixer track to something like Mic Boost (assuming you’re not recording anything), when you brush against the volume dial, it will not mess up your volume.

A user named Chris submitted a comment on my “Configuring Ubuntu 7.04 on a Toshiba A135-S2356″ post that helped me fixed a problem on my laptop in which the headphones did not mute the external speakers. The sound card used by my Toshiba laptop is the ATI SB450 HDA. The steps to fix the headphone problem are below. Note, I did not have to use the realtek 6 patch that Chris mentions.

If you have the same laptop as me and the following instructions do not work, please post a comment.

1. Download the latest ALSA source files from http://www.alsa-project.org. I’m not sure if you need all of these, but I downloaded the driver, lib, and utils packages. The versions I retrieved are 1.0.14, 1.0.14a, and 1.0.14, respectively.
2. Next, compile the driver, lib, and utils packages, in that order. To compile package, perform the following commands from a command prompt:

   ./configure
   make
   sudo make install

3. In my previous post “Configuring Ubuntu 7.04 on a Toshiba A135-S2356,” the instructions asked you to append

   options snd-hda-intel probe_mask=8 model=3stack

   to the file /etc/modprobe.d/alsa-base. Now, “3stack” needs to be changed to “lenovo”.

4. Reboot.
5. If you plug in the headphones, the external speakers will mute. However, if you adjust the “Front” volume in the system volume controls, the external speakers will unmute. Fortunately, you can do something about this. Launch gnome-volume-control, either by double clicking the volume icon on your task bar, or by running gnome-volume-control from a terminal. Set the “Front” volume at 100% and never touch it again. From here on out you can then adjust the volume by adjusting the “PCM” volume. The volume of many applications will be tie to the “Front” volume. Therefore, you should not adjust the volume through those applications. Instead use the “PCM” volume in gnome-volume-control.

I recently put Ubuntu 7.04 on a machine with an AMD Athlon 64-bit processor. One of the immediate challenges with just about every 64-bit Linux Distribution is getting Flash and Java browser plugins to work. I found an excellent howto that provides a script to install a 32-bit version of Firefox (and a few other Firefox variants) with plugins for Flash, Java, and mplayer.

Note, in lieu of this approach, you can use a 64-bit browser and install nspluginwrapper to support a 32-bit Flash plugin, as I discuss here. As for Java, you can install a Blackdown Java and a 64-bit Blackdown Java browser plugin through the Synaptic package manager.

Note, if you use CUPS for printing, the printing system will be 64-bit and will not work with your newly installed 32-bit browser. An easy workaround is to print to a postscript or pdf file. Then you can open the file with a 64-bit postscript or pdf viewer and print the file. The default postscript and pdf viewers are 64-bit unless you’ve explicitly changed them.

http://hotspotr.com is cool site that shows the locations of wifi hotpots in the US on top of Google maps. It also differentiates between free and pay hotspots. Its a great tool to find hotspots in your community or to find them if you’re traveling.

See this post for an update on sound.

I recently got a new Toshiba Satellite A135-S2356, on which I installed Ubuntu Feisty Fawn. Below I will discuss several issues involved in configuring Ubuntu on the laptop. Unfortunately, I was not able to configure everything to my complete satisfaction. In those cases, I will detail as much as I know about the issue and will update this post as I learn more.

To configure the touchpad you need install an application such as gsynaptics. (On KDE you may want to use a different application, such as ksynaptics.) gsynatpics can be installed using the Synaptic Package Manager. After installing gsynaptics, edit /etc/X11/xorg.conf, and look for an entry that starts:

Section "InputDevice"

        Identifier      "Synaptics Touchpad"

Make sure that the following option is listed under that entry:

Option          "SHMConfig"     "on"

If you do modify /etc/X11/xorg.conf, you’ll need to restart the X-server for the changes to take effect. You can do this by rebooting or pressing ctrl-alt-backspace.

Sound is the most frustrating part of configuring this laptop. The Toshiba Satellite A135-S2356 uses the ATI SB450 HDA sound card. Apparently the SB450 has worked off and on at various stages of Ubuntu’s life cycle over the past few years. Its pretty frustrating that it reportedly worked in Ubuntu 6.10 but is broken again in Ubuntu 7.04. Its not clear to me if the problem lies in the kernel or with ALSA. At any rate, I have figured out how to get the sound card working, but with one giant quirk. When headphones are plugged in, the sound continues to emit from the laptop’s internal speakers, essentially defeating the point of headphones. To get to this point, you need to edit /etc/modprobe.d/alsa-base, and add the following line to the end of it:

options snd-hda-intel probe_mask=8 model=3stack

After doing so, the easiest next step is to reboot, that way the change will take effect. I have tried recompiling the alsa drivers, but that did not fix the speaker-headphone problem. In addition, it does not appear that this problem is a very high priority issue. Hopefully that will change, as I and many others require music while working and often work in environments where externally audible sound is unacceptable. I will continue to monitor the situation and will update this blog if I figure out how to make the speakers mute when headphones are plugged in. If anyone reading this blog knows how to fix the speaker-headphone situation, please post a comment.

I have posted a solution to get the headphones to mute, here.

Restricted drivers exist for the ATI graphics card in the laptop; however, I’ve found that when enabled, the screen goes black when ever you log out of Ubuntu. Consequently you have to reboot. So, if you’re the only person that uses the laptop, then those drivers are probably OK to use. On the other hand, if you’re not doing anything graphically intensive, you probably don’t need to worry about using them. I have not extensively looked into recompiling the kernel to fix the black screen problem.

The laptop does not seem to properly wake from hibernate and sleep, using the default power management scheme. I was able to fix the problem by changing the default power management scheme with the steps below. (Note, I am still testing this new scheme.)

1. Install uswsusp using the Synaptic Package Manager.
2. Test uswsusp. To test hibernate, execute sudo s2disk. To test sleep, execute sudo s2ram -f. You must use the -f option because the A135-S2356 is not in the whitelist of supported laptops for s2ram. However, it seemed to work fine for me. For more information about s2ram, go to http://en.opensuse.org/S2ram.
3. The default power management scripts have a certain order in which they look for commands that put your computer into hibernation or to sleep. The first thing they look for is pmi. Unfortunately, you can not remove pmi from you system because of the way certain package dependencies are organized. However, you can rename pmi so that the power management scripts can’t find it. If you renamed pmi using a move command, it would simply reappear the next time it was updated on the system. What you can do instead is to rename in a way that lets the packagemanagment system know it was renamed. That can be done with the following command:

   sudo dpkg-divert --rename --divert /usr/sbin/pmi-disabled /usr/sbin/pmi

   Now, power management will find s2disk and s2ram instead of pmi. Note, if you have installed other power management tools, you may have to remove them or similarly rename them.

4. Another issue is that we need the power management execute s2ram -f, not just s2ram. In order to do that, we mv s2ram similarly to how we moved pmi.

   sudo dpkg-divert --rename --divert /sbin/s2ram-install /sbin/s2ram

   After moving s2ram, we create a new s2ram that calls the renamed s2ram with the appropriate flags. That can be accomplished with the following two commands:

   sudo echo "/sbin/s2ram-install -f" > /sbin/s2ram

   sudo chmod 755 /sbin/s2ram

5. Note, because we used dpkg-divert to rename s2ram, it will still get updated properly.

The Toshiba function keys can be used to adjust brightness, mute/unmute the audio, etc. I have not yet figured this one out. However, I believe the solution is use fnfx, which can be installed using the Synaptic Package Manager. Unfortunately, in order for fnfx to work, the kernel must be compiled with Toshiba support. In particular, it requires that CONFIG_ACPI and CONFIG_ACPI_TOSHIBA are defined in the kernel configuration. Toshiba support seems to be missing in the kernel that Ubuntu supplies. Thus, I believe it is necessary to recompile the kernel. If you’re reading this and you know where to download current versions of the kernel compiled with Toshiba support, please post a comment.

Although I’ve been disappointed with Ubuntu’s sound support, I have been impressed with its wireless support. The wireless just worked! One addition I like to make to the wireless is to make OpenDNS the default DNS provider. I do this because some ISPs have not yet figured out how to setup fast and reliable DNS. In order to make OpenDNS your default DNS server for your wireless, add the following line to /etc/dhcp3/dhclient.conf, and then reboot:

prepend domain-name-servers 208.67.222.222, 208.67.220.220;

Because the headphones do not work properly, I am forced to use an external music player. Currently I am using an ipod. Instructions can be found at http://www.linuxjournal.com/article/9266, for using your ipod with Ubuntu. Personally, I have chosen to use gtkpod to manage my ipod. In addition, if you’re sick of Rhythmbox starting whenever you attach your ipod to your laptop, you can fix that by launching gconf-editor and modifying the settings under desktop -> gnome -> volume_manager. If found that particular piece of advice here.

One bottleneck for web browsing of which many people are not necessarily aware is DNS lookups. For those that don’t know, DNS stands for Domain Name Service. Routers on the Internet do not know what to do with a website name, such as www.espn.com. A DNS server is responsible for translating a website name into an IP address, which routers on the Internet know how to handle, allowing them to route you to the website that you want to visit. So, when you type a website in you browser, a query is first sent to a DNS server to translate the website name into an IP address. Once the translation is done, your browser then requests the webpage from the IP address. If you request a webpage that has content from other websites, then your browser will have to make multiple DNS queries, in sequence. For example, imagine a scenario in which you go to some website called www.xxxxxxxxxx.com that displays a graphic which is located at www.yyyyyyyyyy.com. The following steps will be taken:

1. Your browser will query a DNS server asking it to translate www.xxxxxxxxxx.com into an IP address.
2. Upon receipt of the IP address your browser sends a message to the IP address, asking it for its content.
3. As your browser receives the content, it starts to display it but realizes it needs a graphic from www.yyyyyyyyyy.com. So, your browser makes another DNS query, asking for the IP address of www.yyyyyyyyyy.com.
4. Upon receipt of www.yyyyyyyyyy.com’s IP address, your browser then fetches the graphic.

As you can see, slow DNS lookups can be a bottleneck for browsing. Most people’s home network is configured to use the DNS server provided by their ISP. Unfortunately, that server may be overloaded or may just be slow.  Fortunately, OpenDNS provides free DNS services that are fast, in my experience.  So, if you suspect that slow DNS lookups are a problem, give OpenDNS a try to see if it improves your preformance.

In addition, OpenDNS provides useful features that are not available from normal DNS servers.  For example, if you are about to visit a phishing website, OpenDNS will redirect you to warn you of the danger.  They also attempt to correct spelling mistakes in website names, on-the-fly.  For example, if you type www.espn.cmo on your browser, OpenDNS will still direct you to www.espn.com.  OpenDNS is easy to use also.  Directions for using it are contained on their website.