teh bigbro blog(tm)

Adding the CACert root certificate to Google Chrome on Ubuntu

Thu, 05 Aug 2010 22:42:00 GMT

Google Chrome is Google's browser and provides a refreshingly fast interface to (in particular) Javascript heavy websites. It's also a pretty good general browser, but like many others presents dire warnings of doom if you attempt to view a https secured website which doesn't have a recognised certificate. (Or more correctly, doesn't have a certificate signed by an authority recognised by Google.)
Most other browsers provide a method of installing root certificates but Google decided that they would use an already established certificate management system external to the browser, the NSS Security Toolkit. So if you want to view websites secured by free CACert SSL certificates or have the need to browse to sites secured by self-signed SSL certs (like the https management interface for my Linksys WRT54g wireless router running Tomato firmware for example) then you'll want to add some certificates to your NSS database. Fortunately, it's pretty simple to do...
First, let's install the CACert root certificate. Installing this means that Google Chrome will trust the identity of sites signed by CACert issues certificates. This is a good thing and saves clicking the "Proceed anyway" button every time.

First, grab the root cert file from the CACert Root Cert page. You should verify that the file is correct and has not been tampered with; md5sums and SHA1 hashes are included, along with the fingerprint signed by the CACert GPG key. I'll leave it as an exercise for the reader as to how authenticity should be verified, but for the moment let's assume we have a good, trusted copy of the CACert Root Certificate (PEM Format) saved as root.crt in your home directory.
If you've not already, you should install the NSS tool set - a simple sudo aptitude install libnss3-tools should work nicely. You will be asked for your login password to ensure you have permissions to install software.
Install the CACert root key by running certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "CACert Root Certificate" -i root.crt
There is no step 4... you can now go to CACert secured web pages and Chrome will correctly verify that the SSL site cert has been signed by the CACert root certificate.

The second instance typically occurs where a device generates a self-signed key, so there is no CA (Certificate Authority) to be installed in the browser. Instead, we can install the self-signed cert, indicating that we know and trust it - and most importantly getting rid of the extra click and big red warning page of doom every time we try and access the web interface of our home router ;-)

If you've not done so above, you'll need to install the NSS tools, using sudo aptitude install libnss3-tools or similar.
Next you'll need to get a copy of the certificate. Particularly with embedded devices, the easiest way to do this is by pulling the key directly from the device by pretending you're a web client. Thanks to tgulacsi78 who suggested echo QUIT | openssl s_client -connect hostname:443 | sed -ne '/BEGIN CERT/,/END CERT/p' - replacing hostname with the name of the host. In my case, I might use echo QUIT | openssl s_client -connect eeyore.han.signal2noise.ie:443 | sed -ne '/BEGIN CERT/,/END CERT/p' to get the cert from eeyore, my wireless router.
Copy and paste the lines between 'BEGIN CERT' and 'END CERT' into a file and save it as (say) router.crt
Now we import the cert in exactly the same way as previously, using a command line something like certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "My router web admin certificate" -i router.crt
Note that we have to use the C flag (i.e. mark it as a CA / Certificate Authority) due to a bug in NSS. Note also that you should replace the description after -n with something that means something to you, and the argument after the -i should be the file name and path to the file we created in step 3.
Test that everything has worked by using Chrome to access the site secured by the self-signed certificate again and notice that this time no warnings are given.

You can list the installed extra certificates by running certutil -d sql:$HOME/.pki/nssdb -L
Many thanks to the writers of the Google Chrome Certificate Management page and those who helpfully commented on it providing more information.

BIND 9 DNS on Ubuntu with AppArmor

Mon, 28 Jun 2010 13:31:00 GMT

Like many people I run Ubuntu on a number of servers with DNS being just one of the services provided. Bind 9 has worked extremely well to date, though I recently came across a conflict between AppArmor (note American spelling) and bind which resulted in slave domains not being replicated correctly. This happened on my systems some time on or after 2009-07-29 (and I'm only getting around to writing up the blog post now... I know...) If you see lines similar to the following in the output of dmesg, or in your system log, you may have the same problem:


audit(1234567890.462:15891): type=1503 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/etc/bind/zones/slave/tmp-bkTe208LbH" pid=123 profile="/usr/sbin/named" namespace="default"

audit(1234567890.460:15892): type=1503 operation="inode_create" requested_mask="w::" denied_mask="w::" name="/etc/bind/zones/slave/tmp-3VUN2uHFUI" pid=123 profile="/usr/sbin/named" namespace="default"

To explain briefly what this means: AppArmor is an extra layer of security which effectively makes sure that system programs are allowed only limited access to the system, even though they may run as root. This helps significantly in the case of a root escalation vulnerability being discovered, since if AppArmor is correctly configured your system is somewhat compartmentalised so damage should be limited. Without this, a root privilege escalation in a daemon would allow full read and write access to the entire system, with predictably bad results. Permissions for various daemons under AppArmor are configurable in files under /etc/apparmor/ and /etc/apparmor.d/ (on an Ubuntu system at least.)

Under Ubuntu it appears that AppArmor is misconfigured for BIND 9, specifically with regard to the default setting that slave zones - where your DNS server is acting as a secondary DNS server for some domain(s) - are stored under /etc/bind9/zones/slave/. From the log lines above it's clear that AppArmor is disallowing writes to this location for BIND, with the result that secondary / slave zones can never be updated. This is a bad thing.

Fortunately, there is an easy solution. Either update your BIND config to write slave zone files somewhere else, or update AppArmor to allow BIND to write to the slave zones directory. I chose the latter, accomplished by adding the following line to /etc/apparmor.d/usr.sbin/named


/etc/bind/zones/slave/** rw,

This allows bind to read and write to the slave directory, enabling it to create the files it needs to store updated zones coming via AXFR transfers from master DNS servers. You can test by running rndc reload and watching the syslog and file timestamps in the slave directory. You should also no longer see log writings with the denied_mask="W::" key-value pair as above.

Thanks to alphageek for the first clue as to what was going on and hopefully this blog entry will provide a more secure fix for the problem.

Studying...

Sun, 16 May 2010 18:11:00 GMT

...is really hard. Particularly when it's law and unlike engineering, for every rule there's at least one exception. I am not having fun here :-( That is all. I promise to be (marginally) less grumpy once exams are over.

Ubuntu 9.10 and suspending on a Dell D430

Sun, 02 May 2010 14:19:00 GMT

Since moving to Ubuntu 9.04 and 9.10 I've had repeated problems with my Dell D430 being able to suspend. One of the things that Apple got right with their laptops was that when you close the lid, the computer goes to sleep and it wakes up again ready for use upon opening the lid again. I used to enjoy similar functionality on my Dell D430 until moving to the more recent versions of Ubuntu - which is a real pity. I always hate to see regression instead of progression, particularly when it comes to open source.

I thought the issues were resolved finally until a large update was issued which my laptop installed on 1st May 2010, and now I'm back to a laptop that I have to shut down to move about again - no suspend for me. This makes the laptop significantly less useful and is pushing me (and others) towards replacing portable hardware with Apple products, since they just work. I can't speak for the world in general, but I and the people I regularly deal with don't have time to deal with intermittently faulty systems and laptops that may or may not lock up when you shut the lid (losing any work that was not saved.)

I'll try and provide a better bug report to Ubuntu, but as a reminder to myself, the following update was what has killed suspend again. Also, if you're a Dell D430 owner running Ubuntu 9.10, DO NOT grab the latest updates!

I have installed 10.04 (Lucid) on a D420 but I can't say I've tested it properly yet. I'll get around to putting it on the D430 shortly - and hopefully will be posting a good news story about how suspend works again and proper regression testing has been instituted such that it doesn't get broken again.

Aptitude 0.4.11.11: log report
Sat, May  1 2010 12:35:10 +0100

IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.

Will install 34 packages, and remove 0 packages.
172MB of disk space will be used
===============================================================================
[INSTALL, DEPENDENCIES] linux-headers-2.6.31-21
[INSTALL, DEPENDENCIES] linux-headers-2.6.31-21-generic
[INSTALL] linux-image-2.6.31-21-generic
[UPGRADE] aisleriot 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] compiz 1:0.8.4-0ubuntu2 -> 1:0.8.4-0ubuntu2.1
[UPGRADE] compiz-core 1:0.8.4-0ubuntu2 -> 1:0.8.4-0ubuntu2.1
[UPGRADE] compiz-gnome 1:0.8.4-0ubuntu2 -> 1:0.8.4-0ubuntu2.1
[UPGRADE] compiz-plugins 1:0.8.4-0ubuntu2 -> 1:0.8.4-0ubuntu2.1
[UPGRADE] compiz-wrapper 1:0.8.4-0ubuntu2 -> 1:0.8.4-0ubuntu2.1
[UPGRADE] glchess 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] glines 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnect 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnibbles 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnobots2 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnome-blackjack 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnome-games 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnome-games-common 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnome-mahjongg 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnome-sudoku 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnometris 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnomine 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnotravex 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gnotski 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] gtali 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] iagno 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] libdecoration0 1:0.8.4-0ubuntu2 -> 1:0.8.4-0ubuntu2.1
[UPGRADE] libpq5 8.4.3-0ubuntu9.10 -> 8.4.3-0ubuntu9.10.1
[UPGRADE] linux-generic 2.6.31.20.33 -> 2.6.31.21.34
[UPGRADE] linux-headers-generic 2.6.31.20.33 -> 2.6.31.21.34
[UPGRADE] linux-image-generic 2.6.31.20.33 -> 2.6.31.21.34
[UPGRADE] linux-libc-dev 2.6.31-20.58 -> 2.6.31-21.59
[UPGRADE] same-gnome 1:2.28.0-0ubuntu1 -> 1:2.28.0-0ubuntu3
[UPGRADE] tzdata 2010h-0ubuntu0.9.10 -> 2010i-0ubuntu0.9.10
[UPGRADE] tzdata-java 2010h-0ubuntu0.9.10 -> 2010i-0ubuntu0.9.10
===============================================================================

Log complete.

Walking at last

Tue, 20 Apr 2010 21:16:00 GMT

Today D decided that after months of tearing around the house pushing her buggy, she could walk all on her own. Nothing is safe any more - particularly the poor dog who is learning that his erstwhile relatively quiet life can now be disturbed by a screaming running infant. Comedy++

Link(s) of the Day

Tue, 20 Apr 2010 18:09:00 GMT

I've not done a Link of the Day thing for ages... but perhapas that's because meebo.com is the first webapp to impress me in some time.

meebo.com: Meebo is an IM aggregator, allowing you to communicate with all your contacts on different IM networks, including Google Talk, Facebook and many others, from one place. Killer feature is that your conversations follow you around from machine to machine, and iPhone push support works well, allowing you to carry on IM'ing from the iPhone App.

Indexing in Thunderbird 3...

Mon, 19 Apr 2010 17:15:00 GMT

...is a pile of epic fail (on Linux at least.) I like the idea of full-text searching - but I also like my laptop to not have the CPU at melting temperature all the time and the fans running at full speed as thunderbird burns through CPU indexing what I can only assume are the same messages over and over and over again. I also like to start blog posts with a hearty generalisation, even if the behaviour is something relatively specific to my situation - it grabs the reader's attention and makes sure they read the remainder of the article ;-)

Normal behaviour, and better use of your CPU can be restored by disabling full text search / indexing. You can do this by setting the advanced configuration option mailnews.database.global.indexer.enabled to false, or as this has obviously become a big enough problem for enough people, the Edit | Preferences | General tab now has a checkbox marked Enable Global Search and Indexer. Unchecking this will also turn off this feature.

More usefully, some exceptionally bright spark has made a plugin called GlodaQuilla available. It's experimental but has not yet set fire to my laptop or caused my pets to explode - your experience may be different of course and any use of experimental plugins is completely at your own risk. I did the following and now have a full indexed search of the subset of my mail that interests me, along with a much more responsive machine (and some 500MB of disk space no longer used by the full-text index)

Install GlodaQuilla in the usual fashion
Restart Thunderbird
Disable indexing completely (see above for how to do that)
Quit Thunderbird and wait a few moments to make sure it's definitely no longer running
Delete the old full-text database taking up space on your hard drive. It's a file called /home/$username/.thunderbird/random.default/global-messages-db.sqlite on my Ubuntu Linux machine. You'll need to find your own global-messages-db.sqlite yourself, but the path above should give you a clue as to where it is.
Start Thunderbird and right click on a folder containing mail you do not want indexed. (e.g. my Archive/ folders contain old mail that I don't really need searched or indexed.) Uncheck 'Inherit' and you can now individually enable or disable indexing of the mail folder.
Once you have set which folders you do and do not want indexed, remember to re-enable indexing and restart Thunderbird, just to be sure to be sure.
Leave your computer for a period of time, if possible, as Thunderbird will need to rebuild indices for those mail folders you left with indexing enabled. This may take some time. Expect performance to be poor during this time. You can track activity by selecting Tools | Activity Manager from the menu.
Enjoy a nice, fast, performant full text search of the mails you actually care about searching and indexing.

eeePC SSD failure

Sat, 17 Apr 2010 22:33:00 GMT

I set up my eeePC 701 as a fileserver in the house over the Easter weekend. It runs Ubuntu and with a little configuration happily shared a few USB disks over the home network with SAMBA and NFS. Most importantly it ran pretty cool and didn't use a lot of power - important for something that was going to be left on all the time.

All worked well until the last couple of days when I noticed some pretty strange messages appearing in the logs. A reboot resulted in GRUB giving me the dreaded Error 17. Further investigation seems to indicate that the SSD has shed its mortal coil. Poo! Cue research to determine whether it's more cost and time efficient to get a replacement SSD or just buy a Mac Mini.

Time Machine software...

Thu, 08 Apr 2010 23:46:00 GMT

...possibly some of the most delicate software in the known apple universe. Once again either it or something separate has caused corruption on the time machine backup disk, and once again nothing has recovered my machine short of 'reboot' typed at the command prompt. It seems that if anything goes wrong with Time Machine it just sits there consuming resources giving the user no clue that anything has even gone wrong. Thanks a bunch Apple. I'm hugely confident that my data is safe with you and your dubious software.

Fortunately, last weekend saw me set up a Linux based server solution which allows me to back up most data to a known working, safe solution that I can recover data from. And if there's an error with it, I'll find tons of info in /var/log/syslog most likely, instead of the cast canyon of nothingness that Apple seems to see fit to provide users with. I won't even mention the stupidity of Apple's Disk utility giving time estimates as to when it might be finished - I've seen Windows copy operations estimate time better.

Yes, this is a bitter article and yes, I find Apple's hardware and software to be generally of a decent standard - but I'm trusting my data to this backup solution and this is the second time I find myself putting the pieces back together. I have zero faith in Apple Time Machine any more.

I was under the mistaken impression...

Mon, 05 Apr 2010 18:45:00 GMT

...that I had ordered the Disney channel on Sky for the benefit of my small child. Apparently I was almost right... ;)

High speed upload with USB 3G mobile broadband dongles

Thu, 01 Apr 2010 09:08:00 GMT

We at HEAnet labs have been testing 3G mobile broadband USB dongles for some time now, and the key weakness identified is the problem that data download is asymmetric. This means that while you can download content at high speed, uploading content is much much slower. This means that 3G dongles are unsuitable for things like uploading large photographs or video information to the interwebs. This severely restricts their usefulness - or at least, it used to.

While the technology of 3G and in particular the USB dongles means you are limited to an asymmetric connection, by changing the polarity of the USB power feed you can alternate between high speed upload and high speed download. This means making up a USB cable yourself, but as John Beale helpfully demonstrates, this is pretty easy. Just (carefully) swap the black and red wires.

This still leaves us with the problem that the connection is asymmetric, but that's easily solved by using iptables and a second USB dongle with the polarity set to normal. Effectively, we want to configure iptables to route the download traffic through USB dongle A (which is wired normally) and route the upload traffic through USB dongle B (wired with the polarity reversed.) Thanks to PaulJ on the ILUG list for providing a basic config for iptables:

ip route add default \ nexthop via dev weight x \ nexthop via dev weight y change x and y so that x/y == bandwidth ISP1 / bandwidth ISP2

Thanks to all who helped investigate this technology, including Ghostbusters and the internets.

Note neither HEAnet labs - a made up organisation - your mobile provider nor I take any responsibility for your dongles, USB cables, laptops or pets if you try this, particularly given it's a blog post from April 1st. Seriously... ;)

Apple's Time Machine...

Tue, 09 Mar 2010 23:31:00 GMT

...disk has corrupted. that would explain its inability to run backups for some time. Thanks Apple for such useful error messages ("Failed!") - helpful. *sigh*
Fortunately it's only my backup that's corrupted, and hopefully a 'Disk Utility' repair will put that back in a working state.

How to make a good survey...

Mon, 01 Mar 2010 23:23:00 GMT

...or at least not annoy those attempting to respond to it.
For whatever reason, I've been asked to complete an unusually large number of surveys recently. I get customer surveys from suppliers I deal with at work and as a student I frequently get asked to participate in questionnaires to assist other students in their research. If I feel a survey is reasonable I'll happily respond to it - but I find myself getting annoyed with surveys for the same reasons over and over again. Some surveys have been so annoying I've abandoned them half way through, wasting my time and probably not providing any feedback to the surveyor.
Remember that most people who fill in surveys are giving of their limited free time to provide you with some useful feedback. Respect their time and good will and try to make things easy for them. Here, for reference of anyone who would like me to respond to their survey, are my top tips for making your survey more likely to be completed and returned:

Be up front and open about what information you are trying to gather and why you are trying to gather it. While multiple-choice answers are unlikely to change depending on the reason for the questionnaire, free-form text answers are likely to be quite different. I'll except those doing psychological research from this rule, since they typically have their own reasons for asking certain things in certain ways.
Be honest about how long it will take. Give an estimate at the start so people can decide if (a) they want to devote that much time and (b) if they have that much time available in one block now, or should wait until later to start. Estimate on the high side. Ask three friends of yours to take the survey and time them - see how long it takes them to fill it in and use that as a gauge. If it's a multi-page survey, provide a progress bar. Make sure the progress bar is honest and realistic about progress at every page.
Use less pages, particularly on web surveys. Remember that ever time I have to click next wastes time as my browser has to download a new page, render it, etc., etc. In particular, stop the foolishness of asking one question per page. If I wanted to click next all day, I'd install Windows software for a living.
Don't make questions compulsory. Allow me to progress without answering a question. It might be that I don't have an answer, don't want to give an answer, or that I want to come back to it later.
Don't ask for personal details, in particular things like date of birth. If there is a genuine reason you need such information, state why you need it and don't make it compulsory. Any survey I get asking me for date of birth is ignored. If you are building up a statistical model that requires the person's age, ask them that - or ask them their year of birth, or even the month and year. If you need such information, explain why and detail how you are going to protect such personal information from abuse (e.g. By only storing anonymised data, or similar.)
Get someone else to check your questions. For preference, get someone who does not intimately understand your research or line of work to check your questions. See if they can understand all your questions, and indeed that their understanding is the same as yours.
Make it clear whether you expect one or multiple answers to each question. For online surveys, radio buttons should be used to allow selection of a single option, and check boxes allow selection of multiple options.
Do not make free-form text answers compulsory, ever. By all means allow free-form text answers or extra 'any other comments' style questions at the end, but do not make them compulsory. In particular, do not echo one recent survey which asked "What made you pick option X?" after each question - and forced some answer to be given before proceeding. This is a classic example of how to erode any good will the survey respondent feels towards you.
Thank the respondents and most importantly, tell them what's going to happen to the information and how it will help you. A poor survey will thank the respondent for answering their questions and leave them wondering what, if anything, will happen next. Consider offering to collect an e-mail address and send them a copy of your research when it's ready for publication. If you're a commercial company, offer to provide an update in a reasonable time frame on the results of the survey and what improvements customers can expect because of it. If the respondent declines to give an e-mail address or contact details, consider giving them a URL where they can find more information about what will happen with the information they've just given you. People like feeling useful - make your survey respondents feel useful!

These tips are not all encompassing - far from it. They do capture some of the most irritating and repeated failures I've seen in a sequence of recent surveys. For some more general tips on writing good surveys check here, here or use the power of your favourite internet search engine to find innumerable other resources on the subject. Consider reading a book, made of paper on the topic; there are many. Stick to the guidelines above though and you're at least likely to get a prompt response to your survey from me.
Happy surveying!

Hurrah for on-line Manuals

Sat, 27 Feb 2010 14:21:00 GMT

Just a note of congratulations to Phillips who appear to provide electronic copies of their product manuals online. I'm torn though between pointing out how this is a good thing(tm) and berating them for the fact that it is not at all obvious how to remove the dust collecting cylinder of their FC 8738 Animal Care vacuum cleaner.
As an aside, despite the label 'Animal Care' neither Puppy nor Kitten are too enamoured by the scary noisy machine. Perhaps they read 'care' in a more Al Pacino sense of the word. (Completely justified in Puppy's case as everyone knows vacuum cleaners are canine specific interdimensional portals.)

Getting You There?

Thu, 18 Feb 2010 17:47:00 GMT

Bórd Scannán na hÉireann in association with Monster Animation and Design present this short film about transport within Dublin. As someone who uses public transport in Dublin almost every day of the week, I regret to say I largely agree that their title - "Not There Yet" - expresses the state of play pretty accurately.

Installing Ruby on Rails

Wed, 10 Feb 2010 18:19:00 GMT

I'm going to try making a small project in Ruby on Rails, so first I need to install the development environment on my laptop. More for my own future reference than anyone else's benefit, here's what I did:


sudo aptitude update  (because it's just a good idea)

sudo aptitude install ruby-full build-essential (This installs emacs. wtf?!? Oh well...)

wget http://rubyforge.org/frs/download.php/60718/rubygems-1.3.5.tgz  (Find the latest RubyGems package from rubyforge.org)

tar xzvf rubygems-1.3.5.tgz

cd rubygems-1.3.5

sudo ruby setup.rb  (It appears to hang for a while with no output but eventually works and returns you to a prompt. So far so good...)

sudo ln -s /usr/bin/gem1.8 /usr/bin/gem

sudo gem update --system  (Should say nothing to update if you've pulled down the latest version)



sudo gem install rails (Install rails)

All done and nothing remaining but to check that MySQL is up and running and start developing actual code.

3G is not broadband

Wed, 20 Jan 2010 07:22:00 GMT

With the wealth of information available on the internet, I find I'm using it more and more to learn about new things, to remind me about things I have failed to retain or indeed to discover those new subject areas that I should gain some understanding of.

Unfortunately (for me), more and more material is being presented in video format, particularly with the increasing ease with which one may create and upload something to YouTube and similar sites. This is good - with both visual and auditory stimulation information tends to be better retained. However, I am currently limited to 3G bandwidth (as in HSDPA from a mobile provider, not 3Gbit/s - which would be lovely ;-) ) and I'm finding that this pretty much precludes me from using video. It's no longer reasonable to have to wait 8 times the length of a video clip to download it.

Interestingly, given the Irish governments recent underwriting of 'broadband expansion' within the country through the medium of HSDPA coverage, their own website defines broadband as (from broadband.gov.ie):

"Broadband is an always-on Internet connection that gives you high-speed access and downloads for a flat rate monthly charge.
Everything works faster, from downloading emails and files (such as pictures & mp3's) or streaming movies and radio."

I'm not sure where they've run tests from, but in real world testing where I'm situated more than a few metres from the transmission mast / basestation, and there is more than just me as a subscriber in the area, video just does not work. Neither does VoIP / Skype or a number of other things that depend on reasonable, consistent latency - particularly on the uplink. I was amused to notice, in fairness, that the Broadband Technologies page on the same site does not list HSDPA/HSUPA as a broadband technology (rightly, in my personal opinion.)

I await the delivery of actual broadband to my house, so I may enjoy the occasional video from the internet once more...

Linux and Keyboard Layouts

Mon, 18 Jan 2010 12:25:00 GMT

I write in English and Irish reasonably frequently, with an occasional sojourn into German and French too. Of course, there is also a requirement that I be able to correctly punctuate and accent the names of colleagues with non-Anglicised names too - so that leaves me with some fairly extensive requirements for keyboard layouts. My operating system of choice is Ubuntu Linux and I consider myself fortunate that the international flavour of the developers appears to have rubbed off on its multi-lingual configuration.

If you want one language and layout, simply choose System | Preferences | Keyboard and choose the Layouts tab. There you can add or remove layouts at will - I prefer the Ireland UnicodeExpert layout as it allows me to type English, Irish, German and French (and probably other languages too) without changing layout at all. Note that if you want to add this layout 'by language' it's under English, rather than Irish or Gaeilge/Gaelic.

Once you have selected this keyboard layout you can, of course, type in English as normal. Note that it's a 'UK' keyboard layout rather than American (i.e. the quotation marks are above the number 2 and the @-sign is above the single quote character. Also, the hash is next to the Enter key and the monetary pound sign is above the 3.) To get letters with fadas on them, as required for Irish, simply use (usually) AltGr + vowel. AltGr + o produces ó for example. This makes typing as Gaeilge go han-shimplí ar fad. Níl a lán rudaí níos éasca ar chor ar bith.

As well as this feature - the ability to get fadas (or French acute accents) with a single key-combo, things like umlauts are not too difficult: a simple AltGr + : (colon) followed by a vowel will give an umlaut over the letter. AltGr + : followed by 'e' gives ë - easy-peasy. Note that AltGr + ; (semi-colon) will do - it 'implies' the Shift key, saving you from having to be a concert pianist or an emacs user to key the keystrokes right. AltGr + ^ (the 6 key) and an appropriate letter puts a hat over the letter. AltGr + ~ (tilde) puts a tilde over letters like 'n' for Spanish (I think...) There are lots more characters and languages supported without changing keyboard layout.

Gwibber

Tue, 08 Dec 2009 22:05:00 GMT

Gwibber is a handy microblogging client, but it would be nice if it:

Could be made smaller
Allowed hiding of things like the tabs and menus and other useless bits
Retried gets without constantly moaning about things failing. It's the internet - get over it. I don't need an orange triangle to warn me that the twitter API or the internet dropped a packet or two.
Retried posts more than once - maybe even until they work - instead of logging a meaningless error and losing my post. Something more than an orange triangle would be good to say a POST failed.
Could track whether I've read tweets or not - and maybe highlight the ones I've not read?
Could get more than about 20 tweets on startup - maybe make it configurable, or even continue getting historical tweets as long as they are unread by me (up to a configurable max)

Note: See, I've been good - I've not even asked for a filter to remove all the crud that people put on twitter, particularly me ;-)

Nightwish - Oceanborn

Tue, 08 Dec 2009 21:47:00 GMT

It's almost an old album now - at least Rachael's battered copy that I found is. Wonderful to rediscover an artist / band after a break from listening. Unfortunately, every time I listen to the flute solo in Gethsemane I cannot help but pictre Bill Bailey astride the conductor's podium demonstrating the ficticious and enchantingly aloof qualities of the transverse orchestral flute, conjuring up visions of titanic grandeur. "Iceberg! Dead ahead!"