I'm using Oracle 10g, but you're free to download any other versions that you want.

wget http://prdownloads.sourceforge.net/cx-oracle/cx_Oracle-5.0.2-10g-py26-1.x86_64.rpm?download
# We should use alien but it didn't work for me.
rpm2cpio cx_Oracle-5.0.2-10g-py26-1.x86_64.rpm | cpio -id
sudo cp usr/lib64/python2.6/site-packages/cx_Oracle.so /usr/lib/python2.6
# Go to the Oracle Instant Client download page and accept their fucking license, then download Instant Client Package - Basic for version 10.2.0.3, that is instantclient-basic-linux-x86-64-10.2.0.3-20070103.zip
unzip instantclient-basic-linux-x86-64-10.2.0.3-20070103.zip
sudo cp instantclient_10_2/{libclntsh.so.10.1,libnnz10.so} /usr/local/lib
sudo ldconfig

Installing such proprietary shit like Oracle (related software) is a bad experience too many times.

I think this feature will soon be standard in Ubuntu as many users requested it. It's absolutely mandatory for me because every time I leave my laptop I carry out this action, even at home. Yeah, call me paranoid...

I've written a simple script to deal with the issue:

#!/bin/bash
gnome-screensaver-command -l
sleep 3
xset -display :0.0 dpms force off


You're encouraged to bind it to any key combo. It should work perfectly out of the box but a gnome-power-manager related bug enables the display some seconds or minutes later randomly, so we have to

killall gnome-power-manager

and it should be pretty fine. For those who can't afford to live without gnome-power-manager an alternative (and in my opinion suboptimal) workaround exists.

It's a great movie with spectacular visuals. It's a must see for anyone even remotely interested in sci-fi or if you're interested about what today's state-of-the-art rendering technology can produce. I've enjoyed every minute of it.

About a year ago I became involved in electronics. This was because the development of the Ultimate Keyboard requires strong electronics knowledge and not only I couldn't hire anybody (without the resources doing so), but I also wanted to understand electronics and over time as I read the articles on Hack a Day I realized how cool electronics really is.

I've been doing software development for a few years and it's always fun, but doing purely software development in itself is not that interesting for me as it used to be. We have a keyboard, a mouse and a monitor, that's mildly interesting. We also have the Internet for several years which is much more interesting. What if create a propeller clock, a line following robot or all kinds of ultra-crazy stuff, both the hardware and software? That sounds to me like the ultimate fun.

Joe Grand is probably the most well-known hardware hacker who became famous as one of the hosts of Prototype This. He is a really cool guy and has tons of interesting materials on his site. I'm grateful for every piece of knowledge that I can learn from guys like him.

Finally, I got my first laptop a week ago which I named nitehawk because of it's color.  It's an Acer Aspire 8935G-874G100BN and I think it pretty much represents the level of hardware integration that can be achieved in 2009.  With its 18.4-inch LED LCD screen and its load of impressive features it's almost more like a desktop than a laptop and it's exactly what I wanted because I change my location of a two weekly basis and I don't need much mobility other than that.

The first thing I did when nitehawk arrived is I sent it back to Acer so they could remove Windows 7 and give me back its price. When all things summed including the traversing costs I haven't earned almost any money, but I didn't do it for the money. This was my gentle gesture to show Redmond that they're welcomed to taste my middle finger.

nitehawk's keyboard is as crappy as most laptop keyboards from a typewriting point of view, but I do truly appreciate its power efficiency in overall and suspend, hibernate especially. I carry it in a Targus TCB001EU XL notebook backpack because I couldn't get any other backpacks in Hungary that was big enough to hold this beast. :)

Oh yeah, Linode has just reached Europe.  Moving from Dallas to London made my ping go from 150ms to 50ms looking from Szeged and the migration couldn't have been easier or smoother.

Thank you Linode staff, you rock!

I've just replaced the microswitches of my Logitech MouseMan Optical dual sensor mouse.  I bought it about 6 years ago for about $80 and I was extremely satisfied with it until the switches broke.

Today I managed to get some Omron D2F-01 switches.  The original switches are Omron D2FC-F-7N parts but they have been obsoleted.  The new switches have a crisp tactile feel which I love, altough they are a little bit harder to press than the old ones.

Being able to replace the switches is one of the "secrets" that manufacturers don't want you to know because chances are you wouldn't have to buy any other mouse ever again.  There are other temporary fixes to solve the issue, but replacing the switches with new ones is stongly advised.

This is a much harder question than one might think as VSZ and RSS are not accurate.  /proc/{PID}/smaps provides the most accurate information as of Linux 2.6.16.

ps_mem.py is a nice script that summarizes smaps information on a per application basis and gracefully falls back to measure VSZ when no smaps support is found.

cat >> /etc/firewall << END
iptables -t filter -A input_wan -p udp --dport 1194 -j ACCEPT
iptables -I INPUT   1 -i tun+ -j ACCEPT
iptables -I FORWARD 1 -i tun+ -j ACCEPT
iptables -I OUTPUT  1 -o tun+ -j ACCEPT
iptables -I FORWARD 1 -o tun+ -j ACCEPT
END

/etc/init.d/firewall restart

opkg install openvpn
# I don't wanna convert my OpenVPN config to UCI-like format so I just replace the default init script.
mv /etc/init.d/openvpn /etc/init.d/openvpn.orig

cat >/etc/init.d/openvpn <<END
#!/bin/sh /etc/rc.common                                                                                                                                                                             

START=99                                                                                                                                                                                             

start() {                                                                                                                                                                                            
    openvpn --daemon --config /etc/openvpn/server.conf                                                                                                                                               
}                                                                                                                                                                                                    

restart() {                                                                                                                                                                                          
    stop                                                                                                                                                                                             
    sleep 3                                                                                                                                                                                          
    start                                                                                                                                                                                            
}                                                                                                                                                                                                    

reload() {                                                                                                                                                                                           
    killall -SIGHUP openvpn                                                                                                                                                                          
}                                                                                                                                                                                                    

stop() {                                                                                                                                                                                             
    killall openvpn                                                                                                                                                                                  
}
END

chmod 755 /etc/init.d/openvpn

# Here, I copy my OpenVPN config to /etc/openvpn
/etc/init.d/openvpn start

# Thanks the OpenVPN via TUN HowTo for the help. Enjoy!

I have a reoccuring task of setting up OpenVPN for the LANs of small enterprises and adding / removing users.  Usually they have a dumb little TP-Link or D-Link router facing the public Internet, we bring a relatively powerful PC to their office and my job is to configure the PC as an OpenVPN gateway (among other things).  OpenVPN traffic gets forwarded to our PC through the dumb little router using port forwarding.  Well, this is not particularly challenging to me but I was looking for a way to automate this process as much as I can because managing clients can be cumbersome.

Let's clarify a task at hand: An OpenVPN gateway has to be set up for a /24 LAN in order to provide access to all hosts on the LAN.  Privilege management will be implemented using PKI.  On top of that we'll use tls-auth so the HMAC firewall will only answer if the received packet signature is valid, thus effectively making the OpenVPN service undetectable by any scanning techniques.

The LAN should reside on a class A private subnet (10.x.y.0/24) where x and y should be randomly choosen because it'll minimize the probability of address collision with other subnets used with OpenVPN.

First of all, the PKI should not reside on the server on which the OpenVPN daemon runs for security reasons.  I store it on my home partition which is heavily encrypted and regularly backed up.  I create a directory under ~/openvpn for every OpenVPN installations where I store the server and client configuration files and the PKI.  Only the needed files will be transferred to the server or to the clients.

This post will describe the implementation of the above configuration and will provide a set of scripts to make the task very efficient.

1)  Set up the ~/openvpn infrastructure

mkdir ~/openvpn
cd ~/openvpn

# User credentials will be temporarily published under the directory below for user download.  This should be a trusted host.
# It's probably needless to say but I mention that $PUBLISH_URL should not under any circumstances be listable by the web server.
cat >config <<END
PUBLISH_PATH=yourhost:/var/www/pki
PUBLISH_URL=http://yourhost.com/pki
END

wget http://monda.hu/releases/openvpn-scripts.tar.bz2
tar xjf openvpn-scripts.tar.bz2 -C ~/bin
rm openvpn-scripts.tar.bz2

2) Set up the server directory

cd ~/openvpn
mkdir SERVERNAME
cd SERVERNAME

3) Set up the PKI

mkdir easy-rsa
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* easy-rsa
cd easy-rsa
# Edit the all the KEY_* variables in ./vars so you won't have to type them anymore.
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd ..
mkdir ccd

4) Create server configuration

openvpn --genkey --secret ta.key

cat >server.conf << END
mode server
local 10.X.Y.Z
tls-server
dev tun
proto udp
port 1194
client-config-dir ccd
ifconfig 10.8.0.1 10.8.0.2
push "route 10.X.Y.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
route 10.8.0.0 255.255.255.0
keepalive 10 120
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
log server.log
verb 3
END

# This will be used by the synchronization script to rsync the configuration to the server through SSH.
echo SERVERHOSTNAME > server.hostname

5) Create general client configuration

# This is the client configuration from which the all individual client configurations will be generated.
# Don't touch "username" as it will be automatically replaced with the name of the relevant user during the generation process.

cat >client.conf << END
dev tun
proto udp
nobind
remote OPENVPN-GATEWAY-HOST 1194
client
ca server.crt
tls-auth server-ta.key 1
cert username.crt
key username.key
verb 3
END

6) Add users

openvpn-add-user username1
openvpn-add-user username2
...

# The configuration will be automatically transferred to the server.

7) Publish client credentials

openvpn-publish-user-credentials username1
openvpn-publish-user-credentials username2
...

# Which outputs something like this:
# User credentials are accessible from http://yourhost.com/pki/servername-username1-65378842373270.zip
# User credentials are accessible from http://yourhost.com/pki/servername-username2-10200344763221.zip
# ...

# These URLs are meant to be mailed to the relevant users and removed eventually.

8) Unpublish client credentials

openvpn-unpublish-user-credentials username1
openvpn-unpublish-user-credentials username2
...

# Which removes the relevant files from the server.

9) Revoke client credentials

openvpn-revoke-user-credentials username

# The configuration will be automatically transferred to the server.

I like this series.

geekhack has the best article every written on N-key rollover.  The issue is more complicated than one might think.

I've started Coder Keymaps a long time ago to create a special keyboard mapping that's the best for me.  That idea is to map Hungarian characters in a special way using the Windows key.  Take the standard US layout, keep a Windows key pressed and press an alphanumeric key which produces an accented character on Hungarian keyboards and voila: the key will produce the relevant Hungarian character.

That was the basic idea but I went further about two years ago when I realized that hand travel distance is much longer than it's supposed to be in many cases.  When writing code one's right hand must move often between the alphanumeric keypad and the navigational keypad.  To alleviate this problem I decided to map the whole navigational block to the alphanumeric block through the Windows key.

I've used the above configuration with great pleasure and it improved my efficiency for almost two years.  Unfortunately the X keyboard drivers must have been changed in the last two Ubuntu releases because my xmodmap keymaps stopped working.  I knew it in the beginning that xmodmap is outdated and XKB is the future but it wasn't really urgent to port Coder Keymaps to XKB so I didn't do that.

Due to the pressing need to use my beloved mapping I've made some efforts and had some online chat with Sergey Udaltsov who is very knowledgable about XKB.

Long story short, it seems that it's impossible to create such an exotic keymap on Linux.  Not that it's not possible to create it with XKB, but various GUI toolkits, such as GTK+ interpret the mappings in strange ways and the mapping wouldn't be consistent accross toolkits.  I'm sure that this can be solved by modifying the X keyboard driver or the toolkits but as you may suppose it's a heroic work.  Not only that, but this is an OS-specific problem and there are no standard solutions that truly work.

I finally decided to attack the problem differently by creating a keyboard hardware that has limitless power regarding remapping.  It's actually not a new idea of mine,  it's about two years old.  The prototype is in development and it's very innovative in many ways.  I've gathered a small, but knowledgable team and we're progressing rapidly.  I wanted to have a working prototype by the end of this year but I'm not sure we get there in time because rapid prototyping is expensive and the delivery of rare electronic components take time to arrive to Hungary.  But no matter how long it will take, we'll never give up.

As a result of the above I don't wanna devote any more time to Coder Keymaps.  The project has been closed.

I've just found some fascinating resources regarding mechanical keyboards:

• Mechanical Key Switch Keyboards Demystified
• EliteKeyboards.com
• Mechanical Keyboard Guide
• The Story’s Story: Keyboards

Lately I've extended my HOWTO on supercharging the storage space of your ASUS WL500GPV2 with OpenWrt.

I'm so delighted to make this work because from now on:

• the whole root partition is able to store 8G - the size of the Kingston pendrive I've plugged in
• the extension is completely transparent and it doesn't break the router on restart when the pendrive is not plugged in
• everything is faster including package managment because the CPU doesn't need to do any compression on JFFS

First I wanted to use JFFS instead of ext2 but smart folks told me that wear levelling is integrated into pendrives.  (JFFS can only be used with MTDs anyways.)

This hack has dozens of practical uses such doing any logging on the router or SCPing backups from external hosts to the router on a timely basis.

As I dwelve more and more deeply into OpenWrt I start to realize how brilliant it is.  The use of SquashFS to store the image and the the mini_fo'ed JFFS on top of it as a copy-on-write file system is the most advanced solution one could ever devise to maximize filesystem storage space.  It makes me laugh when I compare OpenWrt to the official firmware of the typical SOHO router.

Thanks for all the documentation on the net, especially for the Packages on external media HowTo.

GiveWell does a pretty unique job of finding out which charities it is worth donating to. Looks like it's hard to get enough information of various charities to assess their effectiveness because most of them aren't very open.

Apple has recently made some countermeasures to block users who are not using the official QuickTime player to watch their movie trailers, such as Linux users. This bothered me deeply since I watch those trailers for more than a year and would like to do so in the future.

I presumed that correctly downloading movies required some user agent related masturbation and Wireshark proved me right when monitoring HTTP on a Windows host. After that it wasn't a big deal to play an Apple trailer:

mplayer -cache 4048 -user-agent QuickTime/7.5 http://movies.apple.com/movies/disney/achristmascarol/achristmascarol-fte1_480p.mov

This is really nice but I wanted to make it work out of the box. Though adding the user-agent option to an MPlayer or mplayerplug-in config file seemed like a viable option, unfortunately mplayerplug-in didn't respect this option in any config files.

Fortunately I realized that the Quicktime user agent string is hardcoded in mplayerplug-in for apple.com as of 2009-09-23 CVS.

Since the latest official release is very old, one has to build it from the CVS:

sudo apt-get remove mozilla-mplayer
cvs -z3 -d:pserver:anonymous@mplayerplug-in.cvs.sourceforge.net:/cvsroot/mplayerplug-in co -P mplayerplug-in
cd mplayerplug-in
sudo apt-get install libxul-dev
GECKO_XPIDL=/usr/lib/xulrunner/xpidl ./configure
make
sudo cp mplayerplug-in*.so /usr/lib/mozilla/plugins
sudo mkdir -p /usr/lib/mozilla/components
sudo cp mplayerplug-in*.xpt /usr/lib/mozilla/components

You also need to set the cache size of MPlayer so you won't only see the first few secs of the movies but the rest also.  Have this line in /etc/mplayerplug-in.conf :

cachesize=4092

Now restart Firefox and use my Greasemonkey script to make the Apple Trailer pages work with mplayerplug-in.

Enjoy the movies and have fun!

It's a very cool seminar on the topic.

Normally I don't put anything overly twisted on my blog but I'll do an exception this time because it made me roll on the floor.

This lovely movie certainly represents the ultimate level of pervert humour.

Thanks for sharing, Dömi!

Dr. Kevin Gurey has made a fabulous lecture on the topic.  It's very informative, it's full of statistical informations and has ideas to present the problem to the general public.

I think carbon emission trading is a good motivator which is necessary seeing the effects of global warming.