Tales From The Geek Side

At work I administer a few Linux servers. I’m a long time Debian user who has rarely been disappointed by the distribution. As such I have Debian on the machines I administer. The company has chosen to use Symantec’s Backup Exec software. They “support” Linux but, in my experience with their software, it’s terrible. Memory leaks, crashes, and the most convoluted install scripts I’ve ever seen. If it were my choice I wouldn’t use their crapware at all but I have to use it.

Long ago I found this set of instructions for installing “RALUS” on Debian. Since their install scripts were so terrible I was happy to find good alternative. I’m reproducing the instructions here for my own reference. These instructions are based off of installing version 11d.7170. Read the rest of this entry »

I recently came across some some excellent concert footage. I wanted to have the performance available on my mp3 player but I didn’t want to re-encode the audio. Ffmpeg came to the rescue.

Using ffmpeg you can split out the audio and video components of any video stream it understands. In fact you can tell ffmpeg to transcode the audio as well. In my case the audio was already in mp3 format so I didn’t want to transcode. Ffmpeg allows you to specify “copy” as an output format in which case it doesn’t modify the audio stream in any way.

To extract the audio I ran the following. The -vn switch instructs ffmpeg to omit the video stream. The default behavior would be to output a video stream as well as audio streams. The -acodev switch tells ffmpeg what format you want the audio stream to be output as. In my case I didn’t want it transcoded so I specified “copy.”

$ ffmpeg -i slayer-rock-am-ring-2007.avi -vn -acodec copy slayer-rock-am-ring-2007.mp3

Now I just need to find a tool to break mp3s into audio tracks without re-encoding.

References:
http://howto-pages.org/ffmpeg/#strip

Well, I’m embarrassed! I let some embarrassing bugs make their way into the 0.8 and 0.8.1 release of tcl-dox. This release fixes a crash related to an uninitialized variable as well as the handling of namespaces. The latest release is 0.8.2. If you have trouble with 0.8.2 please use 0.7 and send along bug reports.

A new version of tcl-dox has been released. This version fixes a number of issues and has a few enhancements. Code was contributed for handling arrays. A bug where identifiers with underscores weren’t handled correctly has been fixed. Tcl code outside of procedures and classes is ignored now (but not global variables). Tcl code inside class declarations that isn’t explicitly translated by tcl-dox is now ignored as it was causing problems with Doxygen.

Thanks go to everyone that contributed code.

The latest version is 0.8.1.

Sync Kolab is an add-on for Thunderbird that synchronizes your address book as well as calendar data. The calendar features are optional and only available if you use the Lightning add-on (I do not). You can store your address book data in an IMAP folder or on a Kolab server. I’ve long been an IMAP user and I do not wish to administer a Kolab server so I’ve opted for the IMAP backend.

I’ve been using Sync Kolab for months now but I’ve always been disappointed. Thunderbird has an option to choose the format of messages, either plain text or HTML, for each contact. This is great because I like the richer formatting available in HTML but HTML isn’t appropriate for many situations. Mailing lists are a prime example of when to use plain text. I’d finally grown annoyed enough that I started peering into the source code to add the feature myself.

What I found in the code was that the feature was already supported — if you are using the VCARD backend. Now that I’ve switched to the VCARD backend all is well!

Multiple Names on One Certificate

While it is not possible without TLS extensions to serve different certificates for a single IP (See here on how to setup apache on Debian for TLS extensions.) it is possible to have a single certificate that works with any number of hostnames. I’m not talking about a wildcard certificate but a certificate that allows completely different hostnames to be valid for a single certificate. For example www.foo.com and www.foo.org can share a certificate. This approach would not be appropriate except in certain circumstances. You wouldn’t want to have two different customers using the same certificate but a single customer may wish to use one certificate for all of their domains. Both Internet Explorer and Firefox honor certificates of this type. From what I read some Java SSL libraries do not handle this type of certificate properly but Java was the only exception.

x509 certificates, those that are served in SSL communications, offer a feature known as Subject Altnerative Names. A subject Alternative Name is an attribute that lists an alternate name for the subject of the certificate (that’s oddly fitting isn’t it?). In a web context that subject is the hostname. However it’s not just hostnames that can be an alternative subject. Email is an option as is IP addresses.

The first step is to create a CSR (certificate signing request) that contains the subject alternative names that you desire for your certificate. I will show how to do that using openssl. You will likely need to modify the default openssl.cnf file. In Debian this is located in /etc/ssl/openssl.cnf. Note that you may prefer to make modifications to a local copy and tell openssl to use your locally modified copy using the -config option. For simplicity I will omit -config localopenssl.cnf from my examples.

Config File Settings

You need to tell openssl to create a CSR that includes x509 V3 extensions and you also need to tell openssl to include a list of subject alternative names in your CSR. In my openssl.cnf I have the following:

In the [req] section

[req]
req_extensions = v3_req

In the v3_req section:

[ v3_req ]

# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate…
subjectAltName          = @alt_names

[alt_names]
DNS.1   = www.foo.com
DNS.2   = www.foo.org

Generating the CSR

Then the CSR is generated using:

$ openssl req -new -out $CSR_FILENAME -key $KEY_FILE

To check to see if you got everything correct use:

$ openssl req -text -noout -in $CSR_FILENAME

You should see something similar to this:

        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name:
                DNS:www.foo.com, DNS:www.foo.org

Creating the Certificate

Now you must have a CA (certificate authority) create a signed certificate based on the information provided in your request. Unfortunately most CA software will not honor the subject alternative names in a CSR by default. In the case of the certificate signing tools from Microsoft in Windows 2003 you can tell it to honor subject alternative names using the following:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

For openssl you need to use a policy that allows subject alternative names. I believe the policy named policy_anything in the default openssl.cnf file will work. To use that policy:

$ openssl ca -policy policy_anything -in $CSR_FILENAME -out $CERT_FILENAME

Finally to test that your certificate was created correctly use the following:

$ openssl x509 -text -noout -in $CERT_FILENAME

You should see something like this:

 X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name:
                DNS:www.foo.org DNS:www.foo.org

A new version of tcl-dox has been released. It fixes a bug in the handling of comments inside proc bodies. Special thanks to Michele Joyce for reporting the bug. The latest version is 0.7.

This spring I finally bought a modern receiver. My new receiver, like nearly all modern receivers, has multiple digital inputs. My Myth frontend machine is based on a VIA M10000 board which has a SPDIF (digital) output. There are a lot of reasons to use a digital output. One is that I suspect the digital to analog converters in the receiver are much higher quality than the cheap on-board ones found in most computer systems. Also if you watch DVDs or HDTV through Myth you can get Dolby Digital (AC3) and DTS multi-channel audio. I personally do not use MythTV for DVD watching nor for HDTV (without transcoding which trashes the AC3 audio stream) but I still wanted to use the digital audio output.

The basic setup steps are:

1. Identify the correct jumper settings to enable SPDIF output on the VIA M10000.
2. Test digital audio connection using basic ALSA tools.
3. Setup MythTV to use SPDIF output device.
4. Setup alsa to re-sample audio to 48000Hz.

Read the rest of this entry »

I’ve almost completed my first Ebay sale.  The auction has ended, I’ve received payment, and I’ve shipped the item.  Due to the holiday season the item has not arrived at the buyer’s address yet.  Overall I must say that I’m pretty impressed with how easy Ebay makes the whole process.  I currently have 4 auctions in progress.  I’m selling a printer, a SCSI controller, a bluetooth headset, and a sound card.  All of the auctions except the bluetooth headset are bundles — I’m selling a bundle of related items instead of single items.  So far I’ve got bids on everything except the headset.  I’m kind of hoping that auction ends with no sales.  Instead of selling it I could give it to a family member.  Had I been thinking I would have done that in the first place.

Tonight I put something for sale on ebay for the very first time.  Yeah, I know I’m a newb.  I’m too embarassed to say how long I spent crafting my listing.  The listing isn’t even for an expensive item.  I’m using a less expensive items to get my feet wet and then I will sell one of my guitars.

I must say that I’m disappointed with Ebay.  Their picture upload tool did not work with Firefox in Linux.  Come on!  Uploading pictures should not be browsers specific.