Jon’s posterous

I have a problem with the excellent Horde module "Ansel" - their photo
display and manipulation application - which I'm
documenting-until-I-fix-it.

If you have a lot of photos and you want to import the lot in one go,
there's a script called recursive_import.php - you'll find this under
/path/to/your/horde/install/ansel/scripts/recursive_import.php and it
takes the following arguments: -d /path/to/directory -u USERNAME -p
PASSWORD

I'd been using it thinking it would handle directory navigation a bit
better than it did, by running it as follows:

php recursive_import.php -d import_dir -u fred -p bloggs

Infact, I needed to do it like this:

php recursive_import.php -d `pwd`/import_dir -u fred -p bloggs

This is because the script navigates up and down the directory
structure as it works out the contents of each directory, instead of
handling the referencing properly. I plan to look at this properly
tomorrow when I've got a day off, but if I don't, or if the patch
doesn't get accepted, at least you know how to fix it now! :)

I'm writing a few little scripts at the moment, and one of them needed to be able to send an e-mail. I'd not got around to sorting out what my SMTP gateway was from my ISP - but I do tend to use GMail's SMTP gateway for non-essential stuff.

I thought I could easily setup sendmail, but no, that's SCARY stuff, and then I thought of Postfix, but that needs an awful lot of configuration for an TLS based SMTP connection, so I did a bit of digging.

Thanks to this post over at the Ubuntu Forums, I worked out how to get a local port 10025 to run, but PHP kept complaining, so I next looked for a "sendmail replacement", in comes nullmailer.

So, thankfully this is all rather easy.

• sudo apt-get install openssl xinetd nullmailer

• sudo tee /usr/bin/gmail-smtp <<EOF >/dev/null
  #!/bin/sh
  # Thanks to http://ubuntuforums.org/showthread.php?t=918335 for this install guide
  /usr/bin/openssl s_client -connect smtp.gmail.com:465 -quiet 2>/dev/null
  EOF
  sudo chmod +x /usr/bin/gmail-smtp

• sudo tee /etc/xinetd.d/gmail-smtp <<EOF >/dev/null
  # default: on
  # description: Gmail SMTP wrapper for clients without SSL support
  # Thanks to http://ubuntuforums.org/showthread.php?t=918335 for this install guide
  service gmail-smtp
  {
      disable         = no
      bind            = localhost
      port            = 10025
      socket_type     = stream
      protocol        = tcp
      wait            = no
      user            = root
      server          = /usr/bin/gmail-smtp
      type            = unlisted
  }
  EOF
  sudo /etc/init.d/xinetd reload

• sudo tee /etc/nullmailer/remotes <<EOF >/dev/null
  127.0.0.1 smtp --port=10025 --user=your@user.tld --pass=Y0urC0mp3xGM@ilP@ssw0rd
  EOF
  sudo /etc/init.d/nullmailer reload

Setting all this lot up was pretty easy with these guides. There's no reason why it wouldn't work on any other version of Linux (provided you can install all these packages).

Good luck with your project!

It's very rare that I'll inflict my political views on people by e-mail, however, this has recently come up, and I wanted to make sure that you understand what this newly proposed law could mean to you. It's only relevant to people in the UK, to ex-pats or Armed Forces people, so if you want to forward it on - please do, but please think before you forward, and don't just blanket send it to everyone.

** If you don't want to read all of the below, then I'd encourage you instead to have a look at http://www.dontdisconnect.us/ **

In the Queen's Speech [1] when parliament was opened for the 2009-10 session, the following was said:

"My Government will introduce a Bill to ensure the communications infrastructure is fit for the digital age, supports future economic growth, delivers competitive communications and enhances public service broadcasting."

The bill referred to is the "Digital Economy Bill", which is due to be introduced to Parliament this or next week, and it's caused a lot of fuss with us Technophiles.

Essentially, this bill allows "Rights Holders" (for example, Music Labels, Film Studios and Television Networks) to contact your ISP and insist that they issue you with a formal notice if they *believe* you to be unlawfully sharing their content on the internet. After "a certain threshold" the government has suggested [2] that it would be acceptable to temporarily disconnect you from the Internet. A law similar to this one was recently introduced in France, which insists on disconnection after 3 warnings.

Now, again, this seems fair, if you can't do the "time", don't do the crime... but, how do they actually know it's you? Because of certain technical limitations of the Internet, everyone sharing a single internet connection (for example in a house, at an office or a internet café) will appear to come from the same internet address, and this will cause you problems in this law, because:

If you let someone use your computer to access the Internet, and they unlawfully download some files, then the bill payer will be
blamed.

If you have a Wi-Fi connection which is not properly secured [3], and someone uses that connection to share a file they've downloaded,
again, the bill payer will be blamed.

* How about if your computer gets infected by malicious software (spyware, becomes a member of a botnet, or worse still, is actively hacked) and they use that as an untraceable machine to download their content - again, the bill payer is blamed.

My other worry is that none of this goes in front of a court of law - this all occurs between the ISP and Rights Holders, so if you get disconnected, it will happen without any judicial oversight and the prosecution's burden of proof is never required... someone (usually outside the UK) will accuse you of breaking the law and you will then get disconnected from the Internet. To me, that hardly seems very fair.

There's a petition [4] against this law which is currently available to be signed (provided you live within the UK, you are an ex-pat or are a member of the Armed Forces), and, if you agree that it isn't fair, I would strongly encourage you to write to your MP [5]. If you do decide to write to them, please review the content at the Don't Disconnect Us website [6] and review some of the letters which have already been written [7] [8] as this e-mailing service will remove duplicate e-mails so if you just copy the content it'll never get to your MP.

Thank you for your time. The links I have referred to above, labelled [x] are listed below if you want to read them.

[1] Queen's Speech: http://www.number10.gov.uk/Page21361
[2] Stephen Timms defends the Digital Economy Bill: http://www.guardian.co.uk/media/2009/nov/20/digital-economy-bill-stephen-timms
[3] Ways to secure your WiFi connection: http://www.dontdisconnect.us/secure-your-wireless/
[4] The petition against the Digital Economy Bill: http://petitions.number10.gov.uk/dontdisconnectus/
[5] You can contact your MP via e-mail at this website: http://www.writetothem.com/
[6] Don't Disconnect Us official website: http://www.dontdisconnect.us/
[7] A letter I wrote to my MP: http://jonspriggs.posterous.com/a-letter-to-my-mp-threestrikes
[8] A letter written by someone else to their MP about this law: http://grahambinns.com/blog/2009/11/24/digital-economy-bollocks/

Dear Andrew Gwynne,

I'm writing to you, as my MP, to ask for your support, to try to discourage the implementation of the Digital Economy Bill that was introduced recently.

This proposal is very worrying to me, as a Free Culture (Open Source Software and Creative Commons) Contributor and activist. A large part of the distribution of this Free Culture Content is performed over peer to peer networks, such as BitTorrent, and it appears that this law is trying (in part) to discourage the use of peer to peer networks, on the grounds that they may be used to unlawfully transfer files.

I also worry that during discussions of this law between Stephen Timms (Treasury Secretary) and The Guardian newspaper, he suggested that a temporary account suspension from one's ISP would be an acceptable movement without any judicial overview. Given that Finland has recently recognised Internet Access is now such a fundamental part of our day-to-day lives that they are classing it as a Human Right, I worry that this movement could effectively prevent many of your constituents from being active in society.

I've also noticed that many ISPs and most of the policing and intelligence services have stated they disagree with the recommendations of this bill (for a variety of different reasons), I would be grateful if you could support their position and reject this bill in it's current state, if you are able, when it is presented.

Yours sincerely,

Jonathan Spriggs

I recently wrote a document on http://jon.spriggs.org.uk/blog explaining how to monitor the interface of a McAfee sidewinder to see when it failed over. I don't know why I didn't write it on Posterous, but if you're following me on Posterous, and you think that you might want to know how to use Perl to repeatedly loop over the same command, and show the results with a date stamp underneath it (a bit like the watch command) then you'll find this page really useful. In the mean time, I've also written the same script for the CSH shell, which is used, amongst other places, on Nokia Firewalls.

I was recently asked how to configure VNC for user support across a series of machines running GNOME. I'm in the process of trying out a few different platforms at the moment, and didn't have my GNOME machine to hand and working right, so I decided to work it out from what I've done in the past. Here's the bulk of the e-mail I sent him to try and help him out. Maybe this will help you at some point.

If you find any errors (especially around the option names in the actual dialogue boxes) please post a note so I can correct this!

Thanks!

On most GNOME based systems (which includes Fedora), you can active "Remote Desktop Sharing" for users.

Go to System -> Preferences -> Remote Desktop Sharing (or something similar). I'm afraid I've just recently moved my systems to KDE, so I don't know the exact options, but I believe it'll say something like "Enable remote connections" (tick that), and "User is prompted to permit connection" (this will be down to policy) and "Remote user needs to enter a password" (this will need some text to be entered).

Once you have these for one system, you can automatically set this for all the other computers.

From the command line, type
  gconftool-2 -R /desktop/gnome/remote_access

This will return all the settings you have made. Here's mine:

 view_only = false                                         
 alternative_port = 5900                                   
 prompt_enabled = false                                    
 icon_visibility = client                                  
 lock_screen_on_disconnect = false                         
 disable_xdamage = false                                   
 mailto =                                                  
 use_alternative_port = false                              
 enabled = true                                            
 disable_background = false                                
 network_interface =                                       
 require_encryption = false                                
 authentication_methods = [vnc]                            
 vnc_password = &&&&&&&&&&&&                               
 use_upnp = false

(I've removed the password for my box)

You can use this gconftool to set the same variables on your computers you've already deployed, either per-user, as a default policy for each machine, or as a mandatory policy for each machine.

This article from Sun's GNOME configuration guide explains how to set variables: http://docs.sun.com/app/docs/doc/806-6878/6jfpqt2t5?a=view while this is an overview of all of the GNOME configuration tool (including that article): http://docs.sun.com/app/docs/doc/806-6878/6jfpqt2sv?a=view and lastly, this is how "Vino" the VNC client for GNOME works: http://www.gnome.org/~markmc/remote-desktop.html

I hope this helps you!