…
There are two types of schedule, which I’ll call the manager’s schedule and the maker’s schedule.

The manager’s schedule is for bosses. Its embodied in the traditional appointment book, with each day cut into one hour intervals. You can block off several hours for a single task if you need to, but by default you change what you are doing every hour.When you use time that way, its merely a practical problem to meet with someone. Find an open slot in your schedule, book them, and you are done. Most powerful people are on the managers schedule. Its the schedule of command.

But there is another way of using time thats common among people who make things, like programmers and writers. They generally prefer to use time in units of half a day at least. You can’t write or program well in units of an hour. That’s barely enough time to get started. When youre operating on the makers schedule, meetings are a disaster.
…

For those who have historically installed djbdns/ucspi-tcp/daemontools from source because of distribution restrictions, things changed really for the better after DJB placed all these software in the public domain in 2007. You can now setup all this in about one minute! (depending on your Internet connection though. )

To setup a local dns cache in Ubuntu (specifically, 10.04 Lucid Lynx on which I tried this), right now you need to do:

1. Install the necessary packages:
   
sudo apt-get install daemontools daemontools-run djbdns dnscache-run ucspi-tcp

   This installs all the necessary packages using Debian’s filesystem layout (not DJB’s). So all services are symlinked in /etc/service (and not in /service). dnscache files are supposed to be accessed in /etc/dnscache, and are already configured to use the root servers.
2. Start daemontools: The daemontools scripts (actually just svscan) are setup in Ubuntu to be run using upstart and not /etc/inittab. So all you need to do now is run:
   sudo start svscan.
3. Making the computer use the local cache permanently. The install scripts actually replace your dns servers in /etc/resolv.conf with the loopback address on which dnscache runs. So you would have already started using the dns cache already. However, if you are using DHCP with Network Manager, these changes will be overwritten the next time NetworkManager modifies resolv.conf, e.g. when the lease is renewed or you plug-in a DHCP interface again. To make this permanent, edit /etc/dhcp3/dhclient.conf, and uncomment/add a line saying prepend domain-name-servers 127.0.0.1;. Disconnect and connect to your DHCP interface again, and see the loopback address (127.0.0.1) being added at the top of the name servers in /etc/resolv.conf .
   That is it.

As usual, here are the other commands that you would be doing to manage dnscache. Read the docs for more details.

• View dnscache logs:
  tail -F /etc/dnscache/log/main/current | tai64nlocal
• Start dnscache: svc -u /etc/service/dnscache
• Stop dnscache: svc -d /etc/service/dnscache
• Restart dnscache: svc -t /etc/service/dnscache
• Edit root servers: Edit /etc/dnscache/root/servers/@

A stroke of good luck helped me get an opportunity to work with one of my close school friends – Inder, who introduced me to PHP 3. I hadn’t heard of it, but he assured me that it is going to catch up, and is great for making web sites. So I struggled through Apache and PHP 3 with the smattering of documentation available at the time.

One day, frustrated with my inability to set PHP up, I shot off a mail to the PHP 3 mailing list of the time, hoping I get some direction to see what I am doing wrong. To my utter disbelief, Rasmus Lerdorf himself replied to my question and gave me a step by step solution to my problem. And I was hooked to the Open Source community forever.

I finally managed to track down the reply by Rasmus to my newbie query 11 years back. I was blown away by the commitment of the Open Source leaders, and kept wondering “The guy codes all this and even then spends such quality time helping people out selflessly, no matter that others are making money out of his software!”.

To a person just out of college in India who haven’t ever interacted with the community before, the personal dedication of FOSS (free & open source software) leaders like the founder of PHP himself was a revelation. Today it is taken for granted, I feel.

I never found the same level of involvement among the closed source community, the last time I looked at it, and yes, at that time, Java included.

jhead -n%Y%m%d-%H%M%S -ft *.JPG

This would rename all the photos dumped in the current directory using the YYYYMMDD-HHMMSS format. And even if some app you have doesn’t sort by the file name, this command would change the modification time of all the photos to the time the photo was taken.

And yes, it is a good idea of using this time format and not the default MMDD-HHSS format, else trips on the year end (like ours, this time) would get messed up while sorting.

The problem – command line programs like fetchmail use the system wide openssl CA certificates to verify the authenticity of the server certificates they are provided when they connect to an SSL server like POP3 or IMAP.

Sometimes, you will have providers like Dreamhost, who will get smart and ditch the atrocious certificate issuing set up we have right now, and give you a self-signed certificate to verify their servers.

So fetchmail will, for example, belch out this error message every time they connect to Dreamhost’s mail servers:


$ fetchmail -v --nosyslog
fetchmail: 6.3.9-rc2 querying homie.mail.dreamhost.com (protocol POP3) at Saturday 08 August 2009 02:12:28 AM IST: poll started
Trying to connect to 208.97.132.208/995...connected.
fetchmail: Issuer Organization: New Dream Network, LLC
fetchmail: Issuer CommonName: New Dream Network Certificate Authority
fetchmail: Server CommonName: *.mail.dreamhost.com
fetchmail: homie.mail.dreamhost.com key fingerprint: 17:F7:F2:FF:4A:9D:C3:D3:2B:8A:E9:12:47:C4:A4:28
fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate


While you can mostly ignore this (Dreamhost itself says they don’t care much about the “chain of trust” – all they care about is the encryption), you might want to be a little more careful and use the “sslcertck” keyword while connecting to your mail servers. This keyword will force fetchmail to only attempt fetching the mail if the issuer of the server certificate strictly matches a CA in your local CA certificates.

Note that this strict certificate check is going to be the default setting in fetchmail any day now. So you might want to pay more attention to these fetchmail warnings right now before they bite you later.

Dreamhost provides the CA certificate which issues their server SSL certificates here.

Installing this in Ubuntu was pretty simple once you know the program involved. So while this example is about Dreamhost, you can similarly install any CA certificates (even your own).

Steps are:

1. Create a directory for the issuer under /usr/share/ca-certificates/.
   mkdir /usr/share/ca-certificates/dreamhost
2. Copy the CA certificate file into this directory. Use this directory to consolidate all the CA certificates of the common entity.
   sudo cp ~/ndn.ca.crt /usr/share/ca-certificates/dreamhost
3. Update the CA certificate hash symlinks used by openssl. This will open a text dialog asking you to confirm the CA certificates to be marked as trusted. Out of the box, a typical modern Linux distro would have a long list of certificates which would already be marked as trusted. You have to search for the authority you just copied (it would be unmarked), mark it and select OK.
   sudo dpkg-reconfigure ca-certificates

That is it! Next time your run fetchmail, the CA warnings should have gone.

Note that GUI programs like Firefox and Thunderbird have their own CA storages and therefore their own process of adding CA certificates. Modern versions of these programs make it pretty easy to add them using a just a few clicks. This post was about installing them for mostly CLI based programs like fetchmail.

Another note, it seems that on Ubuntu, Postfix needs the config parameters smtp_tls_CApath and smtpd_tls_CApath to be set to /etc/ssl/certs to verify server and client certificates respectively.

So I decided to do the next best thing – I have started using the latest official Flickr Uploadr for Windows in Ubuntu using Wine. No, it doesn’t work out of the box. It just takes an additional step.

1. Install wine. (apt-get install wine)
2. Download winetricks from http://wiki.winehq.org/winetricks. This is a small script which automates installation of common wine program dependencies.
3. Install MS Visual C++ 2005 libraries. (sh winetricks vcrun2005). Some messages which look like errors come on screen. Ignore these.
4. Download Flickr Uploadr Windows executable from http://www.flickr.com/tools/uploadr/.
5. Install it! (wine FlickrUploadr-3.2.1-2009.06.02.01-en.exe)

That is it! Find Flickr Uploadr installed in your menu at Applications->Wine->Programs.

My IP address.

sandipb@pluto:~$ wget -O - -q http://www.whatismyip.com/automation/n09230945.asp;echo
122.167.0.79
sandipb@pluto:~$ host 122.167.0.79
79.0.167.122.in-addr.arpa domain name pointer ABTS-KK-Dynamic-079.0.167.122.airtelbroadband.in.


Akamai CDN for downloading Adobe AIR.

sandipb@pluto:~$ host airdownload.adobe.com
airdownload.adobe.com is an alias for airdownload.wip3.adobe.com.
airdownload.wip3.adobe.com is an alias for airdownload.adobe.com.edgesuite.net.
airdownload.adobe.com.edgesuite.net is an alias for a1396.g.akamai.net.
a1396.g.akamai.net has address 203.101.62.10
a1396.g.akamai.net has address 203.101.62.11
sandipb@pluto:~$ host 203.101.62.10
10.62.101.203.in-addr.arpa domain name pointer dsl-KK-static-010.62.101.203.airtelbroadband.in.


I am downloading from a server co-located at my ISP. Industry standard in US, but I feel really great for this to be happening in India.

Imagine. Download server in India, three hops, 25 ms away!

sandipb@pluto:~$ mtr -i 10 203.101.62.10
My traceroute [v0.73]
pluto (0.0.0.0) Thu Apr 23 01:41:38 2009
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.1 0.0% 1 1.1 1.1 1.1 1.1 0.0
2. ABTS-KK-Dynamic-001.0.167.122.airtelbroadband.in 0.0% 1 25.4 25.4 25.4 25.4 0.0
3. ABTS-KK-Static-173.32.166.122.airtelbroadband.in 0.0% 1 24.9 24.9 24.9 24.9 0.0
4. ABTS-KK-static-008.32.144.59.airtelbroadband.in 0.0% 1 39.0 39.0 39.0 39.0 0.0
5. dsl-KK-static-010.62.101.203.airtelbroadband.in 0.0% 1 25.0 25.0 25.0 25.0 0.0


Lesson learnt: OpenDNS hurts all this goodness

Thank goodness, I moved off opendns today. This is what opendns was giving me all this past year that I was using it.

sandipb@pluto:~$ dig @208.67.222.222 airdownload.adobe.com
...
;; ANSWER SECTION:
airdownload.adobe.com. 85521 IN CNAME airdownload.wip3.adobe.com.
airdownload.wip3.adobe.com. 218 IN CNAME airdownload.adobe.com.edgesuite.net.
airdownload.adobe.com.edgesuite.net. 20721 IN CNAME a1396.g.akamai.net.
a1396.g.akamai.net. 20 IN A 204.2.160.24
a1396.g.akamai.net. 20 IN A 204.2.160.34


sandipb@pluto:~$ host 204.2.160.24
24.160.2.204.in-addr.arpa domain name pointer a204-2-160-24.deploy.akamaitechnologies.com.
sandipb@pluto:~$ ping -c 1 204.2.160.24
PING 204.2.160.24 (204.2.160.24) 56(84) bytes of data.
64 bytes from 204.2.160.24: icmp_seq=1 ttl=54 time=259 ms


A download server 260ms and 11 hops away in US.

Using opendns is breaking anything which uses CDN. Now I have used opendns for a while and it is nice at its work. But believe me, we spend more time downloading videos and text than querying DNS, and if you have a DNS cache at home (like djbdns) or even your ISP’s DNS, it works a lot as well.

However, my pet grouse for a long time was that the PDFs, which look excellent on screen don’t seem to print too well on paper. A close examination and various posts on mailing lists like this made me discover the fact that this is primarily because of the Computer Modern fonts used by default by texinfo.

Interestingly, the GNU Press folks which print FSF manuals customize the PDF by modifying fonts etc. so that they print better. At the very minimum, they replace the Computer Modern font with Palatino which prints better. And in the FSF’s spirit of sharing code, these customizations are available for download at the Savannah Gnupress project cvs repository. A look here and at some brief instructions here let me arrive at these simple steps to generate a texinfo PDF with palatino fonts.

1. Check out the CVS sources of GNU Press from the savannah repository. Here I am checking out in my home directory.
   cvs -z3 -d:pserver:anonymous@cvs.savannah.gnu.org:/sources/gnupress co gnupress
2. Download the texinfo sources that you want to generate PDF from.
3. The first time, generate a pdf the normal way using texi2pdf.
   
texi2pdf --clean gdb.texinfo

   This step is important as sometimes the document is broken and cannot be parsed by texinfo. Trying to use the gnupress’s code will only make it more difficult to troubleshoot and will introduce an unnecessary variable to consider while debugging. I have seen the downloadable libc texinfo sources as broken. So this i a realistic possibility.
4. Modify the texinfo source code by adding just this one line immediately after the line containing \input texinfo at the top of the file.
   
@input palatino


   So effectively, this would the how the top of the document looks after you added the line.
   
\input texinfo @c -*-texinfo-*-
@input palatino
@c Copyright (C) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1998,
@c 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
@c Free Software Foundation, Inc.
@c
@c %**start of header
@c makeinfo ignores cmds prev to setfilename, so its arg cannot make use
@c of @set vars. However, you can override filename with makeinfo -o.
@setfilename gdb.info
...


5. Generate the pdf using texi2pdf and the gnupress code. I checked out their code in my home directory. If you checked out elsewhere, adjust paths accordingly.
   
texi2pdf --clean -I ~/gnupress/texpress/ -I ./ gdb.texinfo


That is it!

So I decided to only archive un-encrypted PDF statements from now on. I consider this as a very legitimate reason to bypass PDF encryption and do not see any legal (or at least moral) reason for doing so. So you corporate lawyers looking for a DMCA victim, get out of my face.

For years, I have been using pdftk on my Ubuntu systems to manipulate PDFs. However, it being written in Java, installing it pulls in, among other things, the gcj runtime, etc. It was a minor irritation all this while. However, things finally came to a head when it refused to decrypt my credit card statement. PDFs have the concept of an owner password and an user password. The person who creates the PDF can set either one or both. Apparently, the ICICI credit card statements come with an owner password apart from an user password., and pdftk refused to decrypt the pdf without the owner password while all I had was the user password.

I searched around the net, and discovered another pdf manipulation gem, lying in the Ubuntu repositories no less, which can do what I want: QPDF.

So here is how I went around decrypting my statement.

$ sudo apt-get install qpdf
$ qpdf --decrypt --password=mypassword input.pdf output.pdf
$ evince output.pdf #to check if it asks for password

That is it!


mutt -f .news/ -e 'set confirmcreate=no; set delete=no; push "T.*<enter>;snews<enter><quit>"'


(Gleaned from this mailing list post )