norvig.dk

I came across a very useful feature in Postfix that I’ve somehow completely missed – the ability to make virtual ‘wildcard’ email addresses, and it has really changed how I handle spam.

A lot of websites require a login, and most of them need your email address to create a profile. I’ve never been fond of submitting my personal email address on all these sites, and my experience is that most websites either sell or lose your address to spammers. I’ve even seen spam sent to addresses I’ve registered on websites of danish newspapers and other sites I’d usually trust.

Instead of using my personal email address I created a new account on my mailserver called spam@domain.com and even though I’ve only used it to create profiles on various semi-serious websites it became flooded with spam within a short amount of time. It didn’t matter much as it was a secondary address but  I wanted to somehow track which websites that was giving away my email address. This is where regexp shines. With only one line added to my Postfix configuration I can now track at what sites my email address is “lost” to spammers:

In main.cf I add
virtual_maps = regexp:/etc/postfix/virtual-regexp

Create the file /etc/postfix/virtual-regexp and add this line:
/^login_(.+)@domain.com$/ spam@domain.com

(Remember to do a postmap /etc/postfix/virtual-regexp when making changes to this file)

With this simple change in my configuration I now have a ‘wildcard’ email address called login_*@domain.com.

Why? Let’s say I visit Sony’s site playstation.com and I for some reason fear they’ll lose my account details to hackers. I create my account with login_playstation.com@domain.com and since the address is just a reg-ex alias I will still get the mails in my old spam mailbox. I don’t have to create a new email alias or anything on my mailserver, the regexp will make sure that addresses starting with login_ always exist. And if Sony some day should be victim of hackers that give my address to spammers I can easily block mails that are sent to this address. This way I can still keep my good old mailbox that I use for all other kinds of email, and still get rid of the spam.

And on top of that I can easily track which sites that sell or lose my address.

Today I came across an old “feature” in Apache. A disk was running full on one of our Linux servers and to free up some space I deleted a 9 gigabyte logfile, but even though the file was gone the space left was the same on the disk. I’ve run into this before but I couldn’t remember how to fix it (which is why I’m writing this), but after a bit of searching I found a solution.

It was one of Apache’s access logs and even though it is documented in Apache Docs I had completely forgotten that Apache keeps the logfiles open even after they are moved/removed. This is especially important to remember if you’re using some kind of log rotation.

Anyway, to make Apache let go of the file and free up the space you need to restart the service:

apachectl graceful

By the way, this is not only an issue in Apache, plenty of other services does the same thing. I’ve read that to make MySQL let go of its logfiles you can run this command (I’ve not tested this so please give feedback if you can confirm this)

mysqladmin flush-logs

 

 

One of the best products I’ve come by in many years is CrashPlan. I’ve never really had a backup solution that worked for me, it was always some lousy solution with making copies of my photos and documents to USB drives or backup folders on a secondary harddrive. And they always ended up being neglected because I don’t have the discipline to keep a recent backup unless it is fully automated.

One day, when I realized I had 10 years of photos scattered across 3 USB drives, some DVD’s and some harddrives in a drawer, I decided to spend a few hours finding the perfect backup solution for myself. I also wrote down some requirements:

• Has to be fully automated. No weekly or monthly chores with switching or plugging in drives/medias
• Remote online backup. What good is a backup if you keep it with your originals. Burglars and fires won’t care even if you label your backup USB drive “Backup, don’t touch!”
• Inexpensive or free. I don’t mind paying for keeping my precious data safe, but this is something I need running for many many years
• Keeping me informed about the backup, but only relevant info not spammy behaviour

I spent more or less a month testing a range of online backup products; Mozy, KeepIt, iDrive, Carbonite, CrashPlan and a few other I don’t remember. Most of them were quite good products but it wasn’t until I tried CrashPlan that I was 100% convinced. This is what CrashPlan convinced me with:

• It’s free to use if you don’t want to store your data at their datacenter
• If you want to store your data at their datacenter it’s cheap, from $1.5/MO to $6/MO depending on your needs. Their datacenter is a 5000 square foot underground facility within a vault of a former bank, protected by 21″ steel-reinforced concrete walls, ceiling and floors. Probably completely irrelevant regarding protection of my data but it’s still kinda cool
• They offer a lot of different backup destinations and you can use any number of them at the same time. My PC at home is backing up to a locally connected USB drive, to my girlfriends PC (and hers to mine) and to my Linux server on a remote location. You can also backup to a friends PC if he allows you to take up some space, and vice versa.
• It is encrypted. Either with your CrashPlan account password, a private password or with your own key.
• They’ve got clients for Windows, Mac, Linux and Solaris.
• The Linux client doesn’t require xwindows and you can manage it remotely. I run CrashPlan on my CentOS Linux server and I can manage it remotely with their CrashPlan client from my Mac or Windows PC. Their guide on how to do remote management through an SSH tunnel instantly convinced me that these guys definitely know what they are doing.
• It’s fully automated and doesn’t bug me. It emails me now and then with a backup status, and warns me if my PC hasn’t been backed up for several days.

To me, it is as close to a perfect product as it can be.

If you’d like to get started with some programming for your Android phone you might find this small guide useful.

First get Java Development Kit

1. Download and install JDK from this site http://java.sun.com/javase/downloads/index.jsp

Then get Android SDK

1. Download Android SDK from this site http://developer.android.com/sdk/index.html
2. Unpack it to c:\android_sdk and add the location to your path
3. Run c:\android_sdk\tools\SDK setup.exe and select “Available Packages”
4. Pick the packages you need and the SDK Platforms you’d like to write for, and press install (see Bonus Info below)
5. Select “Virtual Devices” and create an AVD (Android Virtual Device). This is your Android emulator that you can test your app on.

For more info: http://developer.android.com/sdk/installing.html

Then get Eclipse and install ADT (Android Development Tools) Plugin

1. Download Eclipse from this site http://www.eclipse.org/downloads/ (Eclipse IDE For Java Developers)
2. Start Eclipse
3. Go to Help -> Install New Software and click Add…
4. Enter this address https://dl-ssl.google.com/android/eclipse/ and install the plugin. Eclipse should restart when you’re done.

For more info: http://developer.android.com/sdk/eclipse-adt.html

You’re now ready to write your first Android app. I suggest you start out with Hello World.

Getting more serious?

When you start making more serious apps I suggest you use Google Code for hosting your open source code. Go to http://code.google.com/hosting/ to get startet. When you create a Google Code project you pick either Subversion (SVN) or Mercurial version control system. If you choose to use Mercurial repository you can install the hgEclipse plugin in Eclipse for an easy way to checkout and commit changes to Google Code. I’ve not yet tried using Subversion but as far as I know Subversive for Eclipse is the best plugin for that purpose.

For more info: http://code.google.com/p/support/wiki/GettingStarted

Bonus Info

Picking the right Android SDK platform is important because you’ll be choosing what version of Android your app will work for, and you’ll limit yourself to the functionality in the API of that Android version. Currently Android 1.5 is the most used version so you’ll have a lot more potential users by using that platform, however you’ll be forced to use API version 3 with the limitations that gives to your code. The newest version as of writing this text is Android 2.2 (FroYo) with API version 8. A lot of new functionality has been added since API 3 but you’ll also limit the amount of users of your app to those with the newest Android phones.

One of the most important things to consider when coding for Android is battery life. Please do yourself a big favor and check out this session from Google I|O 2009 about making better code. There is a great PDF with all kinds of tips and tricks to optimize your code on that website, but I’ll give you a direct link here as well.

Some more useful links:

• Android Developers Reference Guide
• Android Developers forum at Google Groups
• anddev.org Android Development Community

I’ve never understood why telnet is so rare a tool that it need to be installed in Windows. It’s not like it takes up vast amounts of space and it has been an universal tool for administrators for centuries.

Anyway, the easiest way I’ve found to install it (only tested this in Win7) is running this command as administrator:

pkgmgr /iu:TelnetClient

Ever wondered how you set up authentication on your website using Apache 2 and an LDAP user database? Probably not, but in case you do this is what you need to know.

First check what version of Apache you are running. This is important as Apache 2.0 (installed on RedHat Enterprise 4 and CentOS 4) is slightly different than Apache 2.2 (RedHat Enterprise 5 and CentOS 5). You can check the version with this command:

apachectl -v

Then check that you are loading the modules needed. You’ll probably find this in your httpd.conf

• For Apache 2.0

LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so

• For Apache 2.2

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Next insert the following code in e.g. a VirtualHost block

• For Apache 2.0

<Directory /var/www/html>
  AuthType Basic
  AuthName "Use your LDAP login"
  AuthLDAPURL ldap://your-ldap-server.com:389/dc=userdb,dc=com?uid?sub
  require valid-user
</Directory>

• For Apache 2.2

<Directory /var/www/html>
  AuthType basic
  AuthName "use your LDAP login"
  AuthBasicProvider ldap
  AuthLDAPUrl ldap://your-ldap-server.com:389/dc=userdb,dc=com?uid?sub
  AuthzLDAPAuthoritative off
  AuthLDAPCompareDNOnServer on
  Require valid-user
</Directory>

That’s it. You can also limit access to specific users or groups in 2.0 with “Require user” and “Require group”. In 2.2 it’s a bit different but also much more flexible. When you set AuthzLDAPAuthoritative to On you can use “Require ldap-user”, “Require ldap-group” and even “Require ldap-attribute” which will allow you to limit on specific flags in your LDAP tree.

Relevant links:

• YoLinux Apache Web Login guide

I’ve been fiddling a bit with the Google API for a small PHP project where I needed to pull GMail contacts. There is many ways to do this, but I’ll post the method I found easiest to use.

First you need the Zend Google Data Library (aka GData). Download it from zend.com and extract the files to your PHP work directory.

This is a small example of PHP code that will allow you to pull all contacts from your GMail account

<?php
require_once 'Zend/Loader.php';
Zend_Loader::loadClass('Zend_Gdata');
Zend_Loader::loadClass('Zend_Gdata_ClientLogin');
Zend_Loader::loadClass('Zend_Http_Client');
Zend_Loader::loadClass('Zend_Gdata_Query');
Zend_Loader::loadClass('Zend_Gdata_Feed');

$user = "username@gmail.com";
$pass = "password";

try {
  $client = Zend_Gdata_ClientLogin::getHttpClient($user, $pass, 'cp');
  $gdata = new Zend_Gdata($client);
  $gdata->setMajorProtocolVersion(3);

  $query = new Zend_Gdata_Query('http://www.google.com/m8/feeds/contacts/default/full');
  $query->setMaxResults(100);
  $feed = $gdata->getFeed($query);

  print $feed->totalResults." contacs<br>";

  $results = array();

  foreach($feed as $entry){
    $xml = simplexml_load_string($entry->getXML());
    $obj = new stdClass;
    $obj->name = (string) $entry->title;

    foreach ($xml->email as $e) {
      $obj->emailAddress[] = (string) $e['address'];
    }

    foreach ($xml->phoneNumber as $p) {
      $obj->phoneNumber[] = (string) $p;
    }

    $results[] = $obj;
  }
} catch (Exception $e) {
  die('ERROR:' . $e->getMessage());
}

// display results
foreach ($results as $r) {
  print "name          ".$r->name."<br>";
  print "number        ".join(', ',$r->phoneNumber)."<br>";
  print "email addr.   ".join(', ',$r->emailAddress)."<br>";
}
?>

Thats all you need to use your gmail contacts in your own personal webservices. If you only want to pull contacts from a specific group then add this before you call getFeed:

$query->setParam('group','http://www.google.com/m8/feeds/groups/default/base/xxyyzz');

Finding the group ID (the URL with xxyyzz) is quite easy, just pull the contact groups by changing the query in line 17 to http://www.google.com/m8/feeds/groups/default/full and find the group ID in the Atom XML.

Relevant links:

• Google Developer’s Guide: API Protocol
• Programmers Reference Guide for Zend Google Data Library (GData)

Most free antivirus software is as efficient as the ones you can buy, and out of the many I’ve tried Avast! is the best one. It’s stable, checks for updates quite often (every 4 hours) and has caught every single malicious piece of code I’ve come by through the last five years.

You download and install it from www.avast.com. Once installed you need to register which will grant you a free one-year license.

There’s one annoying thing about this software; Every time it has updated the antivirus definitions it will tell you with a popup message and a loud audio message. If you got your speakers turned up or is listening to music this gets extremely annoying. There is a way to disable this but it is hidden well, which is the main reason for this post.

How to disable the Avast popup and audio message:

• Right click on the Avast icon in your system tray (small A)
• Select Program Settings
• In the left panel click on Sounds
• Put a check mark in Disable Avast Sounds
• Click Update Basic in the panel to the left
• Set both updates to Automatic
• Click Details
• Select Silent Running Mode
• Check “Show update progess” and “Ask for reboot when needed”
• Click OK

That should remove all the annoying alerts