Monday, December 29, 2008

The end of vinyl records

Vinyl records have been there for ages. My dad still has a couple of old records but he has no turntable anymore to play them. This is because _I_ claimed his turntable a long time ago, which he thought had become old fashioned.
I started buying vinyl records about 12 years ago. I remember saving all my pocket money and buying the latest records with it, instead of visiting pubs with friends. I remember everyone thinking vinyl records belonged to the past and MP3's and CD's were taking over. In fact, this was not true. DJ's playing at parties and clubs never stopped buying records and from my experience, about 80% of their music came from plain old vinyl and a tiny 20% from other media like CD's or MP3's.
The reasoning behind this is simple, if you wanted something new, something not popular (yet), you bought it on vinyl. If it became popular, some record company would probably be so kind to put it on some CD and sell it. But then again, ages, if not decades ( :) ) could pass between the song only being available on vinyl and the song being available to the public on CD (or MP3).
From my experience, playing vinyl records was also much easier then playing CD's or other media. The CD disappears in a box, if you're playing it, and there's no way you can touch it or fiddle with it unless you're using some stupid buttons which can do fancy stuff, like bending the pitch, or playing it reverse.
Companies building CD players for the DJ market (like Pioneer, Denon and others) have done their very best to build something that comes very close to a vinyl experience. Pioneer's CDJ-1000, for example, comes very close, but people used to vinyl know this is just fake.
Serato and Traktor have looked at this from a different perspective. Suppose we have a record playing a wave only understood by software (called time-coded vinyl), running on a PC or Apple, and then this software would sync an MP3 or any other media to this wave then we could bring together the best of both worlds. DJ's can still use vinyl records and they could use time-coded vinyl together with their collection of MP3's (which saves your back if you can't find someone to carry your cases).
I used this software the other night and I must say, even though it is not real vinyl, it feels very much the same. The only thing I missed were 400 large and heavy records I used to browse through, in search of the next great song to play. Instead, I just had to type in parts of the name of the artist or parts of the name of the song, and then select it.
This, my dear friends, could mean the end of true vinyl records. Lots of small shops, that survived on selling vinyl, already had to close down and go bankrupt. Only the larger and online stores like juno seem to be able to survive for now, but I wonder how long it will take.
If you want something new today, something not popular (yet), chances are that this song won't be available on vinyl, but available on MP3 instead.
I like buying records and I like spending a whole afternoon in a record shop, sniffing through a large collection just to find some great song I don't already have. I guess I am becoming old fashioned now, getting old, being surpassed by young people with fancy software. Is this a midlife crisis?

EDIT: As seen in a comment by someone reading this blog, one of Belgium's biggest dance stores (USA Import) is closing down. You can read all about it here.
This hurts :(

Sunday, December 28, 2008

KDE4: Panel artifacts when using Thunderbird or OOo using NVIDIA drivers

NVIDIA has had the best drivers for Linux users for several years. Since early releases of KDE 4, however, some nasty artifacts appeared when running some Gnome based applications (like Open Office and Thunderbird) on systems with NVIDIA cards. These bugs have been reported to NVIDIA but haven't been addressed until now. According to this very long thread, the latest beta drivers from NVIDIA (180.x) the nasty artifacts should have disappeared. I compiled and installed this latest driver and indeed, the panel corruption when, for example, composing a new mail in Thunderbird does no longer appear. Finally, people running KDE 4 with NVIDIA cards are no longer nvidia-victims :)

Saturday, December 27, 2008

Easy backups on Linux, putting it to the test

In an earlier post I was talking about how I've been using mondo as preferred backup solution for quite some time. However, I have never used it to restore stuff, since I've never broken any install before and hardware hasn't failed on me yet.
Since I wanted to replace the smaller 10GB hard drive, I've installed in the Wyse, with a bigger 500GB one, this would be an ideal case to try and restore everything with mondo.
So I created a backup of the 10GB drive with mondo to an NFS share on another PC (using the script posted earlier). Next, burned the resulting ISO to a CD and finally booted from the CD and interactively restored my data.
mondo has 2 main restore modes; interactive and nuke. Since my new drive was bigger than the original drive, mondo suggested to drop to interactive mode, which allowed me to create a whole new partition scheme (which is nice). The only thing that failed was grub installing itself on the master boot record. I'm not sure why, maybe a bug in the ancient mondo that ships with Etch, who knows. I had to install grub using knoppix and then the system booted just fine.

Wednesday, December 24, 2008

Easy backups on Linux

Ubuntu has been a fantastic operating system for my desktop and has been my preferred Desktop OS for more than 3 years now. The cool thing about Ubuntu is it's Debian based. So you install once and dist-upgrade to every new release without ever having to reinstall the whole thing. The downside is a dist-upgrade in Ubuntu sometimes fails leaving you with a very b0rken system. That's why I stick with LTS releases for now, because I have little spare time to reinstall my desktop every few months or so. Nevertheless there are brave people out there always keeping track of the latest, more or less stable, version and don't mind the dist-upgrade problems.
Anyway if your install is broken after a dist-upgrade (or any upgrade) it's always nice to have a backup at hand. In search of the ideal, most flexible, backup tool out there I found mondo. So, people, stop asking for a backup tool for Linux on forums, this one will suite your needs.
Unlike some other tools, mondo creates a backup of a live system. It is also capable of creating a set of CD's or DVD's which are bootable and will help you to easily restore your data.
mondo comes with an ncurses based UI to help you easily create backups. I still like the command line version though, so here's my script:
BACKUP_PATH=$BACKUP_HOME/`date +%Y%m%d`_myHost
BACKUP_EXCLUDE='/mnt /dev /proc /tmp /home/bu_operator'

mkdir -p $BACKUP_PATH
mondoarchive -Oi -9 -s 4200m -d $BACKUP_PATH -E "$BACKUP_EXCLUDE" -T $BACKUP_TEMP -S $BACKUP_TEMP

The above script will create a live backup (compressed) of the whole system on DVD ISO images. The BACKUP_EXCLUDE variable contains some volatile folders we don't want to be included in the backup.
Restoring the backup is easy. Burn the ISO images on a CD/DVD (or set of CD's/DVD's), boot from the first CD/DVD, select RESTORE and go grab a cup of coffee while mondo is doing the hard work.

Installing the Wyse 6: adding LDAP and Samba for centralized user management

I like to have my users, that will be logging in on different types of machines on the network, stored in a central place. The ideal solution for this is an LDAP repository and configuring Samba to talk to this repository and configure it as a Primary Domain Controller.
This solution will enable users running Linux to authenticate using pam_ldap and users running Windows (NT and up) authenticate against a Samba Domain Controller. Linux users can also join their machines on the Samba domain, and create shares accessible to other users known by the Domain Controller.
This setup caused me a second headache, since the Samba server running on Ubuntu Hardy could not join the Samba Domain Controller running on Etch. This is because there is a compatibility issue between Samba 3.0.28a (Hardy) and Samba 3.0.24a (Etch). I had to fetch some more recent source packages here and compile and build them on Etch. This is not a procedure for the faint of heart, so if you haven't upgraded to Lenny yet, now is the time (at the time of this writing, Lenny has Samba 3.2.5).
I was planning on providing a step by step procedure to install and configure all of the necessary stuff, but apparently, someone already did. Following these instructions to the letter, will get you up and running in no time. The only thing you have to do is add these lines to libnss-ldap.conf:

bind_policy soft
nss_reconnect_tries 3
nss_reconnect_sleeptime 1
nss_reconnect_maxconntries 3

This is necessary, because otherwise the machine will try forever finding accounts in the LDAP server when it boots and is populating /dev. Populating /dev happens very early in the boot stage when no network or LDAP server is started yet.
I also created an additional LDAP user (next to the admin user) that is only capable of reading entries (instead of reading _and_ writing) as suggested here. This user is called nss and is used to configure pam_ldap on the client Linux machines.
My pam configuration file are also a bit different, so here they are for completeness:


session required skel=/etc/skel umask=0077
session optional


password required
password sufficient
password required use_first_pass md5 shadow


account sufficient
account required


auth sufficient
auth required use_first_pass

Please note that messing with pam modules could be dangerous and could lead to a system where you're unable to login. The above configuration definitely works, but it's always safe to have backups of your original pam files and have a bootable medium (CD, DVD, floppy, USB) at hand.

If you want to have a graphical user interface to be able to browse the LDAP you can use Apache Directory Studio (advanced but heavyweight application) or LDAP Browser (basic lightweight application). Both are Java based, so should run on anything that provides a Sun JDK or JRE.

If you find errors in this post, in fact, if you find errors in any post, please leave a comment or send me a mail.

Tuesday, December 23, 2008

Installing the Wyse 5: configure and install cups

If you're still following these series of posts and installed Debian Etch on your firewall, please go back and install Lenny instead. The problem with Etch is that it has a lot of old, outdated, software packages, containing bugs that _will_ cause you headaches.
While configuring cups should be a breeze, there are a number of bugs requiring you to do some manual interventions on the server side.
First there is a compatibility issue which causes cups to hang when configuring printers using Firefox 3. Due to export regulations, Debian does not ship Open SSL by default, causing cups to hang while generating SSL keys. The new admin interface now requires HTTPS, so you will need to install Open SSL by hand. The default configuration for cups, generated bu Debian's package management, also contains a few flaws.
All the above things are probably resolved in Lenny, so you might want to consider upgrading to Lenny. I chose to stick with Etch and here are the things I did to get cups up and running.
First you need to install the necessary packages:

ii hp-ppd 0.8 HP Postscript Printer Definition (PPD) files
ii hpijs-ppds 2.6.10+1.6.10-3etch1 HP Linux Printing and Imaging - HPIJS PPD fi
ii 20061031-1 printer support - PostScri
ii foomatic-db 20061031-1 printer support - database
ii foomatic-db-hpijs 20061031-1 printer support - database
ii foomatic-filters 3.0.2-20061031-1.2 printer support - filters
ii cupsys 1.2.7-4etch6 Common UNIX Printing System(tm) - server
ii cupsys-common 1.2.7-4etch6 Common UNIX Printing System(tm) - common fil
ii libcupsimage2 1.2.7-4etch6 Common UNIX Printing System(tm) - image libs
ii libcupsys2 1.2.7-4etch6 Common UNIX Printing System(tm) - libs
ii libcupsys2-dev 1.2.7-4etch6 Common UNIX Printing System(tm) - developmen
ii openssl 0.9.8c-4etch3 Secure Socket Layer (SSL) binary and related
ii hplip 1.6.10-3etch1 HP Linux Printing and Imaging System (HPLIP)
ii hplip-data 1.6.10-3etch1 HP Linux Printing and Imaging - data files
The above list contains the packages I installed to get cups up and running. I am not sure this is an exhaustive list, but it should be more or less complete.
After installing the necessary packages, we need to tell cups to accept calls from the internal network, so we're able to configure it using its web interface. Below is cupsd.conf containing all my modifications.
# Show troubleshooting information in error_log.
LogLevel debug
SystemGroup lpadmin
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
DefaultAuthType Basic
<Location />
# Allow shared printing and remote administration...
Order allow,deny
Allow @LOCAL
<Location /admin>
AuthType Basic
AuthClass System
Encryption Required
# Allow remote administration...
Order allow,deny
Allow @LOCAL
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
# Only the owner or an administrator can cancel a job...
<Limit Cancel-Job>
Order deny,allow
Require user @OWNER @SYSTEM
<Limit All>
Order deny,allow
Printcap /var/run/cups/printcap

Next, create a folder called ssl underneath /etc/cups to hold the ssl keys. Generate the keys, by running the following command:

openssl req -new -x509 -nodes -days 365 -out server.crt -keyout server.key

underneath /etc/cups/ssl
Now stop and start the cups daemon to let the changes have effect.
You should be able now to login and configure your printer. As I already said, don't use Firefox 3, but use another browser like safari or konqueror instead.
Below screenshot shows the completed configuration of my printer.

Installing the Wyse 4: configure the firewall

The Wyse will be used as my gateway to the internet. There are a lot of out of the box Linux (and BSD) firewall distributions out there. Some of them run from a bootable CD, others can even run from a single floppy. The problem with these distributions is they don't have all the necessary software I need. Next to the firewall software, I will need the following additional services:
  • samba: to use as server for potential windows machines on the network
  • LDAP: to serve as central storage for user accounts and their metadata
  • cups: to use as centralized printing server for all kinds of machines on the network
  • other services I might have forgotten (like subversion, squid, dansguardian, ....)
I have to admit, though, that Endian comes close to what I need, but I just like to do stuff all myself :)
My old Etch firewall was running some custom firewall script I created by hand, but this time, I wanted to use a tool called fwbuilder to create the script.
fwbuilder is a GUI available for most popular OS'es out there (including Mac OS X), capable of generating firewall scripts for a variety of platforms. Platforms include Linux (even old kernels), BSD, CISCO, ... . It also has some pre built templates, to get you started quickly.
So, first you need to download and install fwbuilder for your OS. In Ubuntu (or any Debian based distro), just type apt-get install fwbuilder to download and install the software.
Fire up fwbuilder and create a new object file, which I called home.fwb. Now, right click on Firewalls and select new Firewall from the pop-up menu.
In the next screen, select or enter the following:
  • name: your firewall its name
  • firewall software: select iptables if your firewall is running Linux 2.4 or higher
  • firewall OS: select Linux 2.4/2.6
Be sure to also check Use preconfigured template for firewall objects to get a basic set of rules.
In the next screen, I selected fw template 2 since this one suits my needs. Now click finish.
That's it. You now have a set of rules for a machine running Linux 2.4 or higher with 2 network cards. eth0 should be connected to the internet and has a dynamically assigned network address. eth1 should be connected to the internal network and has a static assigned address. By default, this is, which I changed to You can change this underneath User -> Firewalls -> Your Firewall -> inside -> eth1:ip.
By default, access from the internal network is limited to DNS queries and SSH (Rule 2). Access from the firewall to the internet is limited to DNS queries only (Rule 5). We will need to change this, because we need to be able to upgrade Debian every now and then and we want to have access from the internal network to some of the services mentioned above.
The screenshot below shows my modifications. Rule 5 now allows requests to ntp(to be able to synchronize our clock) and HTTP (to be able to fetch new Debian packages from the internet). Rules 6 and 7 make sure that our logs are not flooded by broadcasts and multicasts from the outside world. Rule 2 was changed, as I already said, to allow access to additional services running on the firewall.

To generate an iptables script from the rules we just created, just select Rules -> Compile. If you transfer the script to the firewall, make it executable (chmod +x) and launch it, you should be able to connect from any machine connected to eth1 with the internet.
Below are some additional scripts I created to start and stop the firwall from /etc/init.d.
The firewall startup script (/etc/init.d/firewall):
#! /bin/sh

set -e

DESC="firewall service"

# Gracefully exit if the package has been removed.
test -x $SCRIPT_START || exit 0
test -x $SCRIPT_STOP || exit 0

# Function that starts the daemon/service.
d_start() {

# Function that stops the daemon/service.
d_stop() {

case "$1" in
echo "Starting $DESC: $NAME"
echo "Stopping $DESC: $NAME"
# If the "reload" option is implemented, move the "force-reload"
# option to the "reload" entry above. If not, "force-reload" is
# just the same as "restart".
echo "Restarting $DESC: $NAME"
sleep 1
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1

exit 0

The script referenced in the above script to start the firewall (/etc/init.d/rc.start-firewall) is the script created by fwbuilder.
The script referenced in the above script to stop the firewall (/etc/init.d/rc.flush-firewall):
# Stop firewall.

. /etc/default/firewall

log "Flushing firewall ..."

# reset the default policies in the filter table.

# reset the default policies in the nat table.

# reset the default policies in the mangle table.

# flush all the rules in the filter and nat tables.
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
# erase all chains that's not default in filter and nat table.
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

log "... flushed"

The common script used for logging and constants (/etc/default/firewall):
# Firewall resources.


debug () {
[ $DEBUG == "ON" ] && echo "[$0]: $1" | $TEE -a $LOG_FILE

log () {
echo "[$0]: $1" | $TEE -a $LOG_FILE

export PATH="/sbin:/bin:/usr/sbin:/usr/bin"

# Check if all the commands are there.
alias which='type -p'
IPTABLES=`which iptables` || IPTABLES="/sbin/iptables"
IFCONFIG=`which ifconfig` || IFCONFIG="/sbin/ifconfig"
IPSC=`which ipsc` || IPSC="/usr/bin/ipsc"
AWK=`which awk` || AWK="/usr/bin/awk"
SED=`which sed` || SED="/bin/sed"
TEE=`which tee` || TEE="/usr/bin/tee"

for i in $REQCMDS; do
if [ -x $i ]; then
debug " found $i"
echo "I need $i for executing this script, bailing out."
exit 0

# Get the IP address for a specified interface. IP is returned in $IP.
get_ip_for_interface () {
IP=`$IFCONFIG $1 2>/dev/null \
| $AWK '/inet addr:/ {print $2}' \
| $SED 's/addr://'`
debug "found IP: $IP for $1"

# Get the subnet mask for a specified interface. Mask is returned in $MASK.
get_mask_for_interface () {
MASK=`$IFCONFIG $1 2>/dev/null \
| $AWK '/ Mask:/ {print $4}' \
| $SED 's/Mask://'`
debug "found MASK: $MASK for $1"

# Get the net for a specified interface. Net is returned in $NET.
get_net_for_interface () {
NET=`$IPSC -i $1 2>/dev/null \
| $AWK '/Network address:/{print $3}'`
debug "found NET: $NET for $1"

In the next posts, we will get our hands dirty and start configuring cups, LDAP and samba.

Monday, December 01, 2008

Installing the Wyse 3: dhcp server and client

In a previous post I showed how to install a Domain Name Relay Daemon to serve as a caching DNS server. Since the firewall will get its address from the DHCP server from your ISP, there's one small configuration we still need to do.
In /etc/dhcp3/dhclient.conf we need to uncomment (or add, if its not there) the following line:

prepend domain-name-servers;

This will make sure the firewall itself will query the name server on the firewall to resolve host names on the local network and the Internet.
The firewall should also run a DHCP server for the internal network. The internal network addresses range from to So, first we need to install a DHCP server:

# apt-get install dhcp3-server

Next, use the following configuration for /etc/dhcp3/dhcpd.conf:

allow bootp;
ddns-update-style none;
subnet netmask {
default-lease-time 600;
max-lease-time 7200;
option subnet-mask;
option broadcast-address;
option domain-name-servers;
option domain-name "earth";
option routers;
group {
host internalhost {
hardware ethernet 11:11:11:11:11:11;
pool {

The above configuration will configure the DHCP server to serve addresses from to This will allow any PC to connect to the local network and get an address.
We also configured a host, called internalhost to receive a fixed address (, since we want to add this fixed address to our dnrd configuration as well.
The DHCP server will also propagate its own address to the clients as preferred name server.
The bootp flag is used to be able to net-boot some old UNIX machines I have (a Sun Ultra and an HP 712/60). For now, no boot images are configured or served, but this will change in the future.
In a next post, we will start configuring the firewall itself using a GUI called fwbuilder and iptables.

Sunday, November 30, 2008

Installing the Wyse 2: dnrd

The new Wyse machine should serve as a caching DNS for the internal network. This will enable us to resolve host names on the internet (e.g. and local hostnames (e.g. My old router used dnrd to accomplish this, so I will use dnrd again. You could use a full blown DNS server, such as bind but bind has always suffered some security issues and is harder to configure (but not impossible).
So, first we need to download and extract dnrd:

# wget
# tar xvfz dnrd-2.20.3.tar.gz

Next, install a compiler:

# apt-get install gcc
# apt-get install g++
# apt-get install make

Next, configure the package:

# ./configure

Compile and install the package:

# make
# make install

Create a startup script (/etc/init.d/dnrd)
#! /bin/sh
set -e

DESC="Domain Name Relay Daemon"

OPTIONS="-s -s -a"

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

# Function that starts the daemon/service.
d_start() {
start-stop-daemon --start --quiet --pidfile $PIDFILE \
--exec $DAEMON -- $OPTIONS

# Function that stops the daemon/service.
d_stop() {
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--name $NAME

# Function that sends a SIGHUP to the daemon/service.
d_reload() {
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--name $NAME --signal 1

case "$1" in
echo -n "Starting $DESC: $NAME"
echo "."
echo -n "Stopping $DESC: $NAME"
echo "."
echo -n "Restarting $DESC: $NAME"
sleep 1
echo "."
# echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1

exit 0

Add a user for dnrd

# adduser --system dnrd

Configure dnrd; create and edit /usr/local/etc/dnrd/master

domain earth localhostname firewyse

Start dnrd using the script we created earlier:


Test your nameserver:

# nslookup firewyse


Non-authoritative answer:

As you can see, dnrd is able to resolve the earth domain. Adding additional hosts from your local network is accomplished by adding additional entries in the /usr/local/etc/dnrd/master file. All you need to do is maintain one single configuration file. Configuring bind to do this, requires a lot more additional steps and configuration files.
Finally, we need to make sure dnrd starts when the system is booted:

# update-rc.d dnrd defaults
Adding system startup for /etc/init.d/dnrd ...
/etc/rc0.d/K20dnrd -> ../init.d/dnrd
/etc/rc1.d/K20dnrd -> ../init.d/dnrd
/etc/rc6.d/K20dnrd -> ../init.d/dnrd
/etc/rc2.d/S20dnrd -> ../init.d/dnrd
/etc/rc3.d/S20dnrd -> ../init.d/dnrd
/etc/rc4.d/S20dnrd -> ../init.d/dnrd
/etc/rc5.d/S20dnrd -> ../init.d/dnrd

Installing the Wyse 1: Prepare for installation

As already mentioned in an earlier post, I have bought a small Wyse thin client.

The picture above shows the Transcend flash card with 40-pin IDE that comes with the Wyse terminal. The card can only store 512MB data and I am not sure how a flash card reacts on a live operating system writing log files to it every now and then. A flash card ages and has a limited number of write / delete operations. Since the Wyse has plenty of room, I decided to mount a normal 10 GB hard drive, recovered from an older PC. I also installed an extra network card, since this device will be used as firewall / router / proxy for my network.
Most Wyse terminals' BIOS are protected with a password. The default password is Fireport (I had to look it up on the internet). You'll need this password and enter the BIOS to change the device's boot order. By default, it searches the network for a boot image ... which will take some time if you don't have a TFTP boot server running.
The picture below shows the added network card and extra hard drive.

The power supply does not have an additional connection to power an additional CD ROM drive, so I connected the CD ROM drive, since this is only temporal, to an external power supply recovered from an old XT computer. You cannot use a normal ATX power supply, since this needs feedback from the ATX motherboard to power on (unless you know how to bypass this).
The picture below shows the CD ROM drive connected to the external XT power supply. This CD ROM was connected to the second IDE channel to be able to install Debian on the Wyse.

Debian installs like a breeze on this device. Just download the Etch net-install, put it in the CD ROM drive, connect the device to the network and power it on. Debian has a ncurses based "next->next->next->finish" installer, so even your grandmother can do this.
Finally, detach the external CD ROM drive, close the case and your done. All other necessary packages for Debian are fetched from the internet.

Tuesday, November 25, 2008

My new pet project

Before I start telling about my new pet project, I must congratulate my 3 colleagues that joined me at the Ubuntu booth on this weekends Dipro fair. We managed to gather around €80 of donations from people collecting an Ubuntu (or Kubuntu) installation medium. Compared to an earlier fair I did, with roughly the same people, this amount of money is enormous. If everything goes well, this money will be transfered to the Belgium Ubuntu loco team for supporting their actions.

Anyway, like any other Dipor fair, there were a lot of people trying to sell old computers and laptops for unreasonable prices, the most hideous cases, do-it-yourself-ink-cartridge-refill kits and mini keyboards only my kids can type on :)
While strolling through the fair, however, a colleague showed me an interesting Wyse Thin Client. These terminals are normally used as a very lightweigt computer, accessing terminal services provided by some server running Windows or Unix. This particular device (a 9455XL) was running some embedded version of Windows XP which I found quite intriguing. I also thought that all these devices had proprietary hardware, allowing them to run OS'es provided by Wyse only.
This device was different. After kindly asking the seller for a screwdriver, we noticed a very familiar VIA chipset inside. The main board also had a normal IDE controller and one of its bays was occupied by 512MB, 40-pin, Transcend, IDE Flash Module. There was also a PCI riser card present, to be able to add an additional hardware component like a TV card. For the readers that got lost in the past few lines, this was a normal, damn small, extensible PC with very low power consumption :)
The guy was selling these for €25 each, so I bought one.

Since the device only consumes an average of 15W, this will serve as an ideal replacement for my current 24/7 router-firewall-all-in-one-file-and-print-server providing Internet access to my network at home. The latter is a normal IBM Aptiva consuming an average of 65W. You could also use this as a cheap NAS device, after inserting a very huge hard disk.
I had been thinking about this before, but I never found a reseller in Belgium for mini-itx boards and solutions. The German Mini PC site came close, but after configuring my first device, using their builder, it seemed a lot more expensive than I anticipated.

In the next posts, I will elaborate on some adventures in installing the device. I will also talk about the software I will install on this device (yes, it will be Linux, what else) and how it's configured. I will also turn this device into a content based proxy, instead of a normal NAT (Network Address Translator), to be able to filter out some unwanted sites. The latter will be interesting and necessary, since my girfriend's daughter is taking her first steps on the Internet.

Stay tuned!

SPAM: The Russians ... oh no, not again

Oh yes. I received another mail from a different girl, I mean woman, asking me for something totally different than love. Please read ... it's funny.

Dear Friend,

My name is Elena, I have 31 year and I live in Russian province. I work in library and after my work I allowed to use computer when it possible.
I finded your address in internet and I decided to write you this letter.

I have 7-year daughter Angelina, her father abandoned us and we live with my mother.

Recently my mother lost job and our situation became very difficult.

The price for heating our home is very high and we cannot afford it anymore.

The winter is coming and weather is colder each day. We worry if the temperature will become cold in our home, we don't know how to survive.

For heating our home we need portable stove which give heat from burning wood. We have many wood in our region, but we cannot buy the stove in local market because it cost equivalent of 193 Euro and very expensive for us.
If you have any old portable wood burning stove, we will be very happy if you can donate it to us and organize transport of its to our address (200km from Moscow) or help us to buy it in our local market.
This oven are different, they are from cast iron and weight 100-150kg.

I downloaded our picture to free website and you can see it at:
It is not of very good quality, but it will give you idea how we look.

I hope that you answer me and I wish you all the best.


I bet this one has a whole hangar of stoves :)

Thursday, November 20, 2008

SPAM: Does it ever stop ...

... I guess not. Today I received the following mail on my very old Hotmail account.

Dear User,

We are sorry to inform you that we care currently working on securing our server. During this process, an account that is not manually verified by us will be deleted, Please confirm that you have an account and submit your information for manual verification by one of our customer care representatives

Information that is be to provided is below:
User Name:
Date Of Birth:
Country (At Signup):

Upon confirmation of the information from you, we will manually verify your yahoo account and, thereby, prevent it from being deleted, We are sorry for any inconvenience this might cause.

Account owner "who" refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.

Copyright © 2008 Yahoo. All rights reserved. Copyright/IP Policy
| Terms of Service | Guide to Online Security

NOTICE: We collect personal information on this site.
To learn more about how we use your information, see our Privacy Policy.

Now this is funny. They're asking for my user ID and password for my Yahoo account, so I can keep using my Hotmail account. I don't even _have_ a yahoo account, and I never did!
I said it before and I'll say it again, the Internet is a very dangerous place. Please, keep your children away!

Monday, November 10, 2008

Fixing a fluorescent rod

A few years ago I bought an orange fluorescent rod, which, mounted behind my television cabinet, gives an orange ambient light. The other weekend, it broke down :(

Unfortunately, the original manufacturer (WOFI) stopped selling these a while ago. Makro where I originally bought the rod doesn't sell them anymore either. So I had a problem.
Velleman however has these rods in its products list, so I rushed to a local dealer, finding that he only had these in green and white (WTF?). So I still had a problem.
There's no way to open these rods, since the black ends are glued to the orange rod at both sides. So normally, there's no way to open these rods without breaking something. Fortunately the black end with the power cord on the rod I own came loose a while ago. So I decided to take it apart to see if there was a way to fix it.
Inside, there is a normal fluorescent tube of 56W (about 1.5 meters in length) powered by an electronic ballast. Normally, fluorescent lamps you find at home, are powered by a magnetic ballast and a starting switch. Electronic ballasts, however, are becoming more common (because they are less power consuming) but are more expensive than their magnetic counterparts.
There were 2 possibilities, either the fluorescent lamp or the electronic ballast was broken. Or maybe both :(
To test this, I took a working fluorescent lamp (used in my garage) and wired this to the electronic ballast (being very careful though). It worked, so I could conclude the ballast was still working and I only had to replace the broken fluorescent lamp.
So now, until the ballast fails, I have my ambient orange rod working again.

In search of perfection: Spaghetti Bolognese

A while ago there was a series on the BBC on Heston Blumenthal's search of perfection. In the series, Heston tries to "perfect" 8 traditional dishes. About a year ago, a friend of mine brought these series to my attention, but in fact, I've never watched them. That's why I bought the books (in the meantime there have been 2 series) and yesterday, I tried to make Heston's version of Spaghetti Bolognese.

I will not go into detail on how to make the sauce, it is a lengthy process that takes about 8 hours. Instead, I will talk about some of the modifications I've done to Heston's recipe.
There were some ingredients I couldn't find:

  • The star anise: According to Heston, this is the most important ingredient for the sauce, because combined with the onions, it enhances the flavor of the meat.
  • Boned oxtail
  • The coriander seeds
  • The Thai fish sauce
  • The sherry vinegar

Apparently the star anise has a concentrated anise flavor, so I replaced it with 3 tablespoons of Ricard, which is an anise flavored liqueur. I am not sure if it worked though, but it was worth a try.
I couldn't find boned oxtail. Instead, I used oxtail with the bones and boned it at the end of the recipe. IMHO this is even better, because meat always tastes better when it's cooked on its bone.
Instead of coriander seeds, I used coriander herbs, which are in essence dried coriander leaves. Not sure if this changes anything. I haven't used coriander seeds before, so I don't even know how they taste.
I didn't bother buying the Thai fish sauce and replaced this with 2 tablespoons of soybean sauce, which has an oriental salty flavor. To add the fish taste, I stirred in 6 fillets of salted anchovy on oil at the end of the recipe.
The cherry vinegar was replaced by xérès vinegar, but IMHO you can use any good quality, good tasting vinegar.

With all of the above modifications, I am not sure if my end result tastes the same as Heston's idea of perfection. But I have to say, it tastes incredible, and it was definitely worth 8 hours of cooking.

Thursday, October 23, 2008

Acoustic Design 3311

As all of you probably know, I have kids. 2 of them are currently able to crawl/walk around and unfortunately they don't have the correct understanding of the word no yet. Another problem is they seem to be very fond of technology, music, and they just love to fiddle with my ancient Kenwood KR-2200 receiver and peripherals. They also love to play with my regular sized speakers, I bought a long time ago for a cheap price at Aldi (Medion). Although these speakers were cheap, they sound great and I don't want the kids to break or damage these. So I removed the speakers and replaced them with very small sized speakers that are attached to my old portable radio cassette player (rx-ct800).

As much as I used to love my rx-ct800, the little speakers sounded like crap attached to the KR-2200, so I needed a solution.
I was thinking on buying some cheap JB Systems speakers, since I already own a set of cheap JB Systems TSX speakers. Unfortunately, these sound like crap too.

So I decided to look at second hand stuff on eBay and Kapaza and I found a pair of Acoustic Design 3311 speakers. In fact, I didn't know these were Acoustic 3311's until I removed the covers at the guy's place.

The guy that offered the speakers was selling these for €30. I thought this was a bargain. These speakers where enormous (the kids won't be able to toss these over) and they didn't sound too bad either. I was also going to use these speakers as a temporary solution until the kids have a correct understanding of the word "no" and stop tossing over the speakers.

So I bought them :)

Today, I found myself nothing to do and decided to look for some schematics or more technical details on the speakers I bought. After typing in Acoustic 3311 in google, I found these speakers were part of a large scale scam several years ago (damned, why does this always happen to me). These speakers were sold for prices ranging from $200 to $2000 for a pair.

Anyway, I don't really feel scammed. I didn't buy the speakers from some guys driving around in a white mini van and I didn't pay $200 for them either. They also sound a lot better than the small speakers from my rx-ct800. As I already said this is merely a temporary solution, so in a few years or so, watch out for my Acoustic 3311 speakers on eBay or Kapaza :)

Monday, October 13, 2008

Linux: Visit us at the Ubuntu booth on November 23rd @ ICC Gent

Just to let you know, that yours truly and some other Ubuntu enthusiasts will be hosting a booth at the Dipro fair on November 23rd in Ghent on behalf of the Ubuntu Community. I will bring candy :)
Please visit the dipro website if you're not sure how to get there.

Sunday, October 12, 2008

Getting pestered by Adium

A few days ago I upgraded my Adium Instant Messenger client on Mac OS X to the latest version. While I was working yesterday, I was being pestered by girls who really wanted me to visit _their_ webcam the whole day :(
I guess I am naive and thought only authorized buddies could sent messages to me. Apparently not. If you want the spam messages to stop, all you have to do is go to the Privacy Settings... in the Adium menu and select Allow only contacts on my contact list.

Sunday, October 05, 2008

I have a new girlfiend, and she looks awesome :)

A few weeks ago, I received a mail with the following subject: Likely, you will be now surprised.

Below is the complete content of this mail:

Hi, how are you? Likely, you will be now surprised. I long thought
before writing you the letter. This morning, I have received love the
Internet dispatch, from the unknown person to me the addressee. In the
given letter, it was spoken about love relations between people. In
the list e-mail addressees, I have seen your address. I long thought
before writing to you. I think, what you as search for serious
relations? I consider, that the given chance for me unique, therefore
I have decided to write to you. I wish to find the present love! I
would like to begin our acquaintance, with the small story about me.
My name is Anahit. Friends me name simply Anahit. To me of 28 years. I
the quiet, young, purposeful girl. Friends say to me, that I cheerful.
I love dialogue. I consider, that dialogue very important component in
our life. I, as well as all women of our country, like to cook food,
to go in for sports. I conduct a healthy way of life. I do not smoke
and I do not take alcohol. I have work which very strongly I love. But
I do not have not enough love. I am assured, that on our planet, there
is a person who can present to me happiness and love! On the Internet
I more recently. I have no wide experience in the Internet
acquaintances. I have seen transfer on the TV, about love in the
Internet and have decided to find the happiness. I consider, that it
is real. I search for the real man who will love, and to respect me. I
consider, that this main thing in relations. I wish to get acquainted
with you more close, by means of e-mail. It will be for us easier

I give you mine e-mail the address:

You can write to me. I with pleasure will answer you. Certainly, I
will send to you many the photos and I hope, that they will like you.
I with impatience will wait your letter to me, with more detailed
story about you. I am assured, that we become good friends and we can
love each other. Yours faithfully, Your new girlfriend, Anahit.

She looks great, doesn't she. These kinds of mails should remind us, the Internet is a dangerous place. The same day I received that mail, there was a documentary on Canvas about people who received mails, just like the one displayed above, and actually responded.

The mails are sent by a Russian organization, trying to steal some money from you. First they send you this generic mail, with a picture attached. When you reply, you will receive several other mails, telling you how in love with you she really is. After that, she will start asking money, e.g. to pay for a trip to come and visit you and have a ball the whole weekend (oh yeah). Sometimes you'll need to pay for her sick mother, father or brother, which is likely going to be a lot more expensive.

Anyway, I hope the few people reading this blog think twice after receiving a mail like that.

Saturday, October 04, 2008

Tuxdroid: Exploring the 2.0 beta API and software

Just a quick update on the Tuxdroid / Java story. I followed the wiki page describing the installation for the 2.0 beta software and launched the new control center (which is entirely written in java).

The screenshot above shows this UI and it looks and works awesome. It has a lot more possibilities then the Python based 1.x UI and the attitunes stuff now really works. Attitunes are some kind of scenario's you can _play_, instructing the droid to do and say stuff. If you take a closer look to the screenshot, you can see the "Computer Alert 1 Nl" attitune highlighted. Pressing the play button executes the attitune and makes the droid speak and move.
Using the UI you can also download, install and execute attitunes contributed by other people from the Tux Is Alive website.
Anyway, I've checked out the code and I'm going to take a closer look at it.

Nerdtalk: The Tuxdroid has arrived

Earlier this year I was visiting FOSDEM and together with a colleague I attended a talk about how to design a Linux robot companion. Although I studied electronics a long time ago, resistors, transistors and other electronic components have never really been my cup of tea. That's why I started to work as a Software Engineer, rather then a chip designer, but that's a whole different story.
Anyway, the talk was not that difficult to follow, given my background. Even for people without a hardware background, I think, the talk was not that "nerdy".
In the talk David presented a few Tuxdroids and told the story on how they designed it. The presentation was crystal clear for everyone, so the only question that popped from the audience was "Where the hell can we buy this thing?" (laughter all over the place). ThinkGeek was of course the place to be.
At that time, we, Europeans, could buy stuff rather cheap on ThinkGeek, so a friend of mine decided to place a major order at ThinkGeek.
A few weeks ago, I was paying this friend another visit and the Tuxdroid had arrived.
I would not recommend this Tuxdroid to lesser nerdy people, because buying this will involve uploading new firmware and you need some programming skills to write your own gadgets. These gadgets, e.g. a mail checker, will alert you when a mail comes in. The droid will even read the sender's name and subject aloud. Using Linux is also more or less mandatory, as it is the preferred OS to use with the droid.
Currently there rewriting the API to be able to support Java. Being a Java developer this caught my interest, so when I find some spare time left, I'll be looking into this API.
To be continued ...

Linux: Ubuntu 8.10 is coming

Just a quick post to tell the small amount of people tracking this blog that Ubuntu 8.10 is coming. The first beta's are already released. Gentlemen (or women), start playing :)

Saturday, May 03, 2008

Linux: Some issues I had with Kubuntu 8.04

Whilst reinstalling my desktop and all the applications I wanted, these were the problems/issues I encountered.

VMware does not work

I use VMware to test drive upcoming Ubuntu releases and for running Windows XP. I still need XP for my GPS software on my PDA. I tried to install VMware 1.x and it failed when compiling the netwokr modules. This link solved my problems and I managed to compile the modules. When trying to run VMware, another problem appeared:
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/ version `GCC_3.4' not found (required by /usr/lib/
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/ no version information available (required by /usr/lib/
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/ version `GCC_3.4' not found (required by /usr/lib/
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/ no version information available (required by /usr/lib/
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/ version `GCC_3.4' not found (required by /usr/lib/
/usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/ no version information available (required by /usr/lib/

To solve this, you have to symlink /usr/lib/vmware/lib/ to /lib/ Please note that /usr/lib/vmware/lib/ already contains a file called, so you need to remove it first. After that, VMware will run just fine.

f-spot and KDE 4 aren't friends

I use f-spot as preferred application to manage my pictures. Though f-spot installs just fine in Kubuntu, it fails to run miserably with and SIGSEGV exception. Apparently, f-spot needs the gconfd that is started by default when running Gnome. This daemon is also started automatically by firefox, so as a workaround, just start firefox once, prior to running f-spot and you're good.

No administrator button in KDE 4 System Settings

The System Settings for KDE 4 application looks really great. The problem is that some settings requiring administrative privileges are not accessible, due to a missing administrator button. The KDE folks probably forgot to add this, and I hope it will be there in KDE 4.1. Anyway, as a workaround, just open a terminal and type: kdesu systemsettings. This allowed my to change the kdm login screen.

Those were the problems I encountered, other than that, it installed and runs just fine. The Ubuntu folks did a good job and delivered Hardy on time. Kudos guys, keep up the good work and thank you for bringing Linux one step closer, again, to world domination.

meh :)

Friday, May 02, 2008

Linux: Impressions of Kubuntu 8.04 KDE 4 Remix

Almost 3 years ago, I decided do ditch my old PII Celeron and buy a new HP Pavilion Pentium 4. The Pavilion had Windows XP preloaded and it lasted about a week. Since that week, it has been running Ubuntu and I never re-installed it. I have been dist-upgrading the machine from Breezy (ah, those were the days) to Dapper. Since I like having a stable machine, instead of feature rich, "running latest versions of everything" machine, I've been using Dapper until yesterday.
Since the early days of Linux having a "desktop environment", I have always been a big fan of Gnome. It looked right and has always served my needs. As a java developer, I use Gnome as the preferred desktop environment at work too. Using Gnome, or any desktop environment, hours and hours in a row, enables you to discover the less pleasant parts of it. So, after a year of developing on a Gnome desktop, I have come to dislike it.
A few months ago, youtube was flooded with short demos on the new, upcoming, KDE 4 desktop environment. There were also a lot of demos showing Combiz, Beryl and later Compiz Fusion, but I never got very impressed with those. The KDE 4 demos impressed me though and I came to learn more about KDE and its applications. Gutsy was the first Ubuntu release providing a KDE 4 live CD, it was love at first sight :)
In my opinion, KDE has done a good job looking at the Mac OS X user interface, features and applications. I have also the impression that these applications written for the KDE desktop are more feature complete and mature than similar applications for the Gnome desktop. For me, it seems the Gnome desktop is a collection of small, feature incomplete, immature, applications. If, for example, you're looking for a "Total Commander" clone for Linux, you have the choice of 2 (maybe more) clones available for Gnome. These "Total Commander" clones for Gnome are less feature complete, then lets say Krusader. So I was using Krusader on my Gnome desktop, amongst other KDE applications as Amarok and K3B.
I was determined when the next LTS would arrive, I was going to switch to the KDE desktop environment. Unfortunately, from what I heard and read on the Internet, Kubuntu 8.04 won't be an LTS, since its primary focus will be KDE 4, which is considered not stable.
Indeed, KDE 4 is far from stable, but it works and it looks and feels right. This is the desktop environment for Linux I have been waiting for. The KDE developers still have a long road to go, since most applications still aren't ported yet from KDE 3.x. Integration of GTK applications, such as Firefox or Thunderbird, also need more work.
I don't want to start a desktop war here. The cool thing about Linux is that _you_ can choose whatever desktop environment or window manager you want. I chose KDE 4 :)

Saturday, March 29, 2008


Voor de mensen van mijn leeftijd (of ietsje ouder) die de rotzooi die ze de kinderen vandaag voeren op televisie maar niets vinden, deze link. Hier kan je alles lezen over series gaande van "Merlina" tot "Tik Tak". De site heb ik toevallig via google gevonden en wou ik jullie niet onthouden. Eigenlijk was ik op zoek naar (en gevonden :) ) Blake's 7.

Thursday, March 27, 2008

Mule: Update on the ServingXML transformer

This is just a short post to give you the latest news on my Serving XML transformer for Mule. I have updated the pom, so now the project builds properly with maven. Hopefully this will improve my build statistics on MuleForge's bamboo :)
I have also included a small unit test, taken from the samples included with the ServingXML distribution, that shows how you can use the transformer _without_ Mule. I will provide working samples, integrated with Mule, later. People that are familiar with Mule and how to configure transformers should be able to use this transformer in their setup.
Good luck ...

Wednesday, March 26, 2008

Yes, I am still alive

I realize it has been a long time since I last blogged on this site. I am very sorry for this, but I have been very busy.

First I started a project on MuleForge (ServingXML Transformer) that should help people using Mule to easily wrap all the power of ServingXML into one single transformer. There is already some code in the svn repository, but it doesn't build yet with maven. The problem is that ServingXML does not have any jars available in the main ibiblio repositories, so I will need to host these jars somewhere else. For the brave out there, just checkout the code, download ServingXML, put the jars in your local maven repository and issue a mvn clean install. This should get you up and running, if not, just wait for me to fix the build.
The reason why I created this project is that people where asking me off-list for new code and documentation. Unfortunately I didn't have those, so the project should solve this, I hope :)

I also got involved with uface. This small project aims to create an abstract layer on top of different UI toolkits, such as Swing and JFace, and bind the UI controls to the model using JFace's binding framework. Using the current binding framework requires a lot of repetitive coding, so this framework should ease things here and there. It is still very immature though, but in a few months, we should have a first release. I will blog about the progress we're making. Tom is also blogging about this and he does this more frequently.

So this was a short update to tell you about the stuff I am working on. I'll try to blog more frequently.