All posts by admin

Locking down an sftp user on Debian

This always ends up being a bit tricky, and some guides I’ve found on the net differ slightly from what I’ve got here. This seems to work pretty well for me on Debian.

Enter the following into /etc/sshd/config to allow sftp and to lock a user into a specific chroot’ed directory:

Subsystem sftp /usr/lib/openssh/sftp-server

For each user you want to lock down, you’ll first need to add the user, set the shell to false so they can’t log in via ssh and then set their home directory to where you want them chroot’ed:

useradd jorbloggs
usermod -s /bin/false joebloggs 
usermod -d /srv/www/somehome/ joebloggs

Now just add a few details for the user to /etc/sshd/config:

Match User joebloggs
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory %h

Important!

The users home directory must be owned by root and only writable by root – bit weird, but you get odd auth messages and it doesn’t work otherwise. There’s probably a work-around for this, but for me it doesn’t really matter. If or when I do need a work around I’ll post it here. Feel free to leave comments with tips/suggestions!

Copying mysql tables with keys / extras

A lot of sites will tell you to do this:

CREATE TABLE t2 SELECT * FROM t1;

Problem is that you’ll lost your auto_increment, primary key and any other indexes you have (and any other extra meta data like that.)

This might not be the best solution, but hey it worked for me:

CREATE TABLE t2 LIKE t1;

INSERT INTO t2 SELECT * FROM t1;

Hope that helps somebody.. I only noticed I’d lost all my primary keys after copying a load of tables using the old method.

How to prevent saslauthd sucking up memory

For about a year I noticed that very infrequently my VPS would run out of memory.. at first I thought it was probably just a wordpress plugin, but after a while I discovered it was actually saslauthd. This is a known bug (not known very well though..) with saslauthd on Debian. Anyway, here’s the fix – I’m not totally sure of the implications, so if you run a busy mail server I’d recommend you look into it a bit more before doing it:

I changed this line:

Update the file: /etc/default/saslauthd

OPTIONS=”-c -m /var/run/saslauthd”

to:

OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”

I think this basically disables threading and enables forking of the process (or something like that) which is what was responsible for the memory leak.

So if you’re running out memory on your server, maybe give this a try 🙂

[Thanks to Djamu: http://www.howtoforge.com/forums/archive/index.php/t-52750.html ]

Accessing get vars with ActionScript 3

I’ve just started to learn a bit of ActionScript for a new project I’m working on. The first thing I needed to do was integrate a message from the source html (and eventually a php file.) Turns out there’s pretty much no clear documentation out there on the web, so I decided to write this.

First thing’s first, create a text object in your flash file and set the instance name to something you can easily remember, in this example I set it to message. Once you’ve done that, on the keyframe for the layer in which that peice of text is, right click it and click on actions, then add the following:

this.message.text = LoaderInfo(this.root.loaderInfo).parameters.mymessage;

Easy enough, now you can publish your html. Once published, remove all the javascript stuff and the <noscript> tags surrounding the embed code [note, there’s probably a better way of doing all this and I’ll update this post once I figure it out.]

<param name="movie" value="test.swf" />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<embed src="test.swf?mymessage=workingok" quality="high" bgcolor="#ffffff"
  width="600" height="450" name="test" align="middle" allowScriptAccess="sameDomain"
  allowFullScreen="false" type="application/x-shockwave-flash" 
  pluginspage="http://www.adobe.com/go/getflashplayer" />

That’s basically where you set the variables you want to pass to flash. You have to urlencode each parameter. If you don’t know what that means, google it.

TWiT Live via MediaTomb for your WDTV Live (and probably ps3, whatever..)

I recently upgraded from a WDTV media player to a WDTV Live. The WDTV is just a simple set top box that allows you to play video on your tv, much like an xbox 360 and a whole bunch of other devices. The WDTV live allows you to play stuff over the network which opens up a whole host of cool stuff if you use the mediatomb DLNA server software available for linux (google tversity if you want something similar for windows..)

Anyway, I managed to get my wdtv live to play the live TWiT (http://live.twit.tv) video stream – meaning I now have a real internet tv station right up on my tv!

This is a bit rough and ready, but hopefully I’ll improve it over time. You’ll probably need to have a rough idea of what you’re doing.

Make sure transcoding is set to yes in the config:

<transcoding enabled=”yes”>

In mime type profile mappings in the config:

<transcode mimetype=”video/x-flv” using=”ffmpeg”/>

So anyway, you’ll want to add this profile to your config:

<profile name=”ffmpeg” enabled=”yes” type=”external”>
<mimetype>video/mpeg</mimetype>
<accept-url>yes</accept-url>
<first-resource>yes</first-resource>
<accept-ogg-theora>yes</accept-ogg-theora>
<agent command=”/usr/local/bin/ffmpeg-tr.sh” arguments=”%in %out” />
<!– <buffer size=”14400000″ chunk-size=”512000″ fill-size=”1024″/> –>
<buffer size=”5242880″ chunk-size=”102400″ fill-size=”1048576″/>
<hide-original-resource>yes</hide-original-resource>
</profile>
And create this shell script:
#!/bin/sh
exec ffmpeg -i “$1” -sameq -f mpeg -me_method zero -aspect 16:9 – > “$2”
The final piece of the puzzle is to create a link to it in the mediatomb database via the web interface:
Type: External Link (URL)
URL: http://bglive-a.bitgravity.com/twit/live/high
Protocol: http-get
Class: object.item.videoItem
Mimetype: video/x-flv
Notes:
  • You might be able to/want to change the mimetype to a made up one, video/x-twitlive or something so it doesn’t conflict with other types.
  • You’ll probably want to turn off the other profiles you won’t be wanting.
  • Play with the buffer sizes, the commented out one seemed to go a bit funny for me.

A special thanks to aTc from #mediatomb on irc.freenode.net – without whom this wouldn’t exist.

Samsung Galaxy S / Android review

On Monday I recieved my shiny new Samsung Galaxy S mobile phone. I’ve been putting off getting a smart phone for quite some years now as I never felt there was anything worth spending money on, and after some experience with my ipod touch I was put off getting an iphone. Anyway, I felt like writing my thoughts on the device now I’ve had it a week.

The hardware

My first impressions were that it does indeed look a lot like the iphone 3g, and I found I was trying to press the standby button which wasn’t there quite often, as well as picking it up and holding it upside down. As other reviews have pointed out, the handset does feel very light – this was a bit strange at first as I’m used to my wife’s iphone 3gs which weighs considerably more.

When I turned it on, I was genuinely impressed by how bright and sharp the display was – it easily outdoes the iphone 3g/3gs screen (I think the iphone 4 screen is probably better though.)

One thing a lot of reviews will skip over is how well the phone makes phone calls – I had no problems making a call from the phone, however because the phone’s speaker is on the back it’s sometimes hard to hear it ring if it’s on a flat surface.. bit of a weird issue but an issue non the less.

The sensitivity of the touch screen was reassuring. One reason why I’ve put off getting an android phone until now is because I’ve seen videos on the internet of slower devices and been really put off by the lag you can see when scrolling/pinching to zoom etc.. fortunately this isn’t a problem here. I did notice however that the accuracy of where you place your finger to begin with and then start to scroll is slightly off.. not a problem but I don’t think that happens on the iphone.

Inside, there is a SIM card slot (obviously) and an empty micro sd slot for adding more memory. My SGS came with 16MB of internal memory, which is strangely referred to as an SD card from within Android – my guess is that it does indeed use an internal sd card somewhere as it was probably a cheap way of manufacturing the thing.

Speaking of cheapness, the phone does feel a tad cheap compared to the iphone, although compared to any other device I’d say it’s fairly well built (certainly a lot better than my dell laptop for example!)

The GPS sensor on the phone seemed fairly good although it wasn’t so great when I went under some trees and when I began a walk to my local town to test it. There are known issues with the GPS which will be fixed next month (September) with a software update.

The compass and tilt sensors seem fairly standard. The compass only seems to be accurate if the phone is being held up rather than laid flat, but I guess that’s normal.

The front facing camera was fairly crappy, but I haven’t really found a use for it yet.. hopefully Skype will be released properly for Android soon so I can make use of it.

The software

Unfortunately, Samsung have decided to install their own custom software on the phone which is not easily removed (as far as I know you have to root the device.) This is apparent straight away as there’s a fairly naff locked screen thing and there’s a samsung task killer widget on one of your home screens. One of the nice things about android is you can customise it quite a bit so removing that widget and all the crappy samsung items from your home screens is easy enough.

I got this phone with version 2.1 of the Android OS also called Eclair, which is a fairly modern release although the most recent is 2.2 – Froyo which is due to be released for the SGS next month. One of the first things that struck me about the OS was how different it felt from the iphone operating systems (including iOS4.) Even though the home screen that the SGS uses is blatantly set up to mimic the iPhone’s, it’s still very different and there was certainly a bit of a learning curve to using it.

The first thing you notice is how there are more menus and options than on the iphone, which at first was a little bit strange, but now seems pretty logical. Rather than apps having a back button, there’s a physical button on the phone (a touch sensitive one,) along with a menu button which brings up a context menu much like right clicking something in windows. Having a back button is great, it’s certainly something I think Android has over the iPhone.

Another big feature of Android is the fact it does real multi tasking unlike the iPhone. This feature is certainly cool and useful, but requires some thought on the users part. I think this is the real deal breaker for whether someone will prefer Android to the iphone or not as some (bad) programs like to use up lots of CPU time when they’re in the background and this can slow things down and make stuff laggy. At first I was killing apps off left right and centre, but after doing a bit of a search on google I found that perhaps this isn’t the best idea.. and I think they’re right.. it’s basically working the same as your computer does by keeping apps resident in the memory it means if you ‘load’ them again or switch back this will be instant rather than having to load the app back of the internal storage. It’s quite complicated to explain, and for this reason alone I think anyone used to the iphone’s way of doing things will get pissed off with this until they ‘get it.’

Anyway, the apps from google seem very good, perhaps with the exception of google listen which seems to have a very laggy interface – which is surprising. I won’t go into any individual apps as there’s a lot of good/fun ones I’ve been playing around with and I don’t want to spend too long writing this.

All in all I’m very happy with the handset, I get fairly decent battery life out of fairly heavy (but careful) usage – perhaps just under 2 days. I’ll probably make some additions and corrections to this post over the weekend.

Ubuntu Lucid (10.04) on Dell Studio 1555

Ok, so I decided to natively install Ubuntu 10.04 on my Studio 1555.. fairly impressed.. almost everything works out the box which is a bit annoying.

The only issue I’ve had is that the included proprietary ATI driver fails when you try to use suspend, however this is apparently easily circumvented by using the most recent driver from the ATI site (it was a bug with their driver.)

Using the open source driver results in poor power management, so I’d advise against doing that.

Trac quick start on Debian

Trac is pretty easy to set up on Debian, here’s a mini guide of what I did to get it working nice and quick. You’ll probably want to configure users etc afterwards, but this should be enough to get going.

Install:

apt-get install trac libapache2-mod-wsgi

Initiate the trac environment:

trac-admin /var/www/srdev/trac/ initenv

Set permissions:

chown -R www-data /var/www/srdev/trac/

Install the wsgi script and web resources. The first argument before ‘deploy’ should match the install environment (the path above.) The second argument following ‘deploy’ can probably go anywhere, but I just shoved it in the trac dir.


trac-admin /var/www/srdev/trac/ deploy /var/www/srdev/trac/www/

Next, we need to tell apache how to call the wsgi script, we do this using an alias. You can use / if you just want it to be in the same dir as your virtualhost, but in my case I wanted trac to be in a sub directory of the site (www.mysite.com/trac.) Add this to your virtual host (/etc/apache2/sites-enabled/whatever.)

The directory directive specifies some permissions for the script.

WSGIScriptAlias /trac /var/www/srdev/trac/www/cgi-bin/trac.wsgi
<Directory /var/www/srdev/trac/www/cgi-bin/trac.wsgi>
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>

Finally, enable the wsgi module, and then restart apache. Now it *should* work 🙂

a2enmod wsgi
/etc/init.d/apache2 restart