Rendering Forms in a Paragraph

Posted by Christopher Wojno Mon, 14 Jul 2008 19:16:00 GMT

Here’s an example:

<p>If you're looking for other confidential
search parameters, click
<form action="secret_search" method="post">
<input type="hidden" value="my secret search parameters"/>
<input type="submit" value="here"/>
</form>
!</p>

You can’t.

The P element represents a paragraph. It cannot contain block-level elements (including P itself). HTML4.0 Reference

That means you’re stuck with a line-break if you want to have buttons with form data in your paragraphs.

Posted in  | Tags , , , ,  | 2 comments

A DNS Server to Call My Own

Posted by Christopher Wojno Sun, 30 Dec 2007 23:56:00 GMT

I’ve been itching to set up my own DNS server for a while now. Why? I’ve come up with three reasons:

  1. Speed
  2. Convenience
  3. Security

The first one is pure fluff. My home network doesn’t have nearly enough traffic to make it worth it. The second has merit. It would be nice if I could name machines on the network and have them resolve correctly. I could also use it to mask external addresses. So I could make stuff up and have it resolve locally. So I could make, oh, doubleclick.net resolve to 127.0.0.1. Now, no one on my network will get those advertisements anymore. Sure, I have it set up in the hosts file now, but I’m like any other network administrator… No, not lazy, but clever.

I’m working with Linux Gentoo 2.6.19 here on my local network. There is no chance that I will corrupt any legitimate records as nobody outside my network will be able to query my DNS server. I have my favorite editor: Vim at my side. Named (Bind) is currently at version BIND 9.4.1-P1.

Install bind

First, edit your /etc/portage/packages.use file. Add a line that says:

net-dns/bind -ipv6 -ldap postgres -ssl threads -mysql -bind-mysql -odbc

This means: I don’t want IPV6 support (my router doesn’t support it… sadly). Don’t use ldap. Add support for postgres (my favorite database). Don’t include SSL support (I’m assuming everyone trusts my server on the local network). Use threads to handle many requests simultaneously (I suppose I could turn this off as the server load will not be very large). Finally, don’t include mysql bindings or ODBC. Save that file.

Emerge

Using Gentoo’s emerge system:

%emerge net-dns/bind

It should install without any further intervention.

Firewall (IPTables)

I use the IPTables firewall to protect my server from local and foreign attacks. I like it because it gives me a lot of control over what goes in and out. I also don’t like it because it is very complicated. If you have a firewall, you need to poke holes in it for port 53 in the following ways:

  1. Outgoing UDP connections TO port 53 from your server to the DNS servers you normally use
  2. Incoming UDP connections TO your server on any port from the DNS servers you normally use for established UDP connections
  3. Same as #1 with TCP connections
  4. Same as #2 with TCP connections
  5. Incoming UDP connections from the local network on port 53
  6. Outgoing UDP connections to the local network on any port for established UDP connections
  7. Same as #5 with TCP connections
  8. Same as #6 with TCP connections

The above table is derrived from nixCraft’s article: Linux Iptables block or open DNS / bind service port 53 I added some modifications, however. Here’s an example configuration:

firewall.sh

#!/bin/bash
IPTABLES='/sbin/iptables'
LOCALNET='--src-range 192.168.1.2-192.168.1.254'
INTIF1='eth0'
DNSSERVERS='a.b.c.d a.b.c.e' # 2 IP addresses for your ISP's DNS servers

# PREAMBLE
$IPTABLES -F #flush old rules
$IPTABLES -X #clear old chains
$IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT #always trust requests from the server
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #always trust active connections

# ... (other rules here)

# BIND/NAMED
# Outgoing Recursive Requests
for ip in $DNSSERVERS
do
        iptables -A OUTPUT -p udp -d $ip --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
        iptables -A INPUT -i $INTIF1 -s $ip -p udp --dport 53 -m state --state ESTABLISHED -j ACCEPT
        iptables -A OUTPUT -p tcp -d $ip --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
done
# incoming request configuration
# accept local queries
iptables -A INPUT -i $INTIF1 -m iprange $LOCALNET -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

# block out all other Internet access
$IPTABLES -A INPUT -j DROP

The for loop was nixCraft’s idea. Very clever, however, instead of using the IP address of the server, I fell back to the interface card. Then, no matter what your IP address, you’ll be able to control access to the DNS server.

Update your firewall rules by executing your firewall script.

%./firewall.sh

IPTables example explained

This example actually works as is. But if you’re using SSH for access, you need to add in an SSH hole: 

$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT

Now, the beginning of the script defines (in order) the script used to interpret the file (#!/bin/bash), the iptables program (stored as a variable for ease in name or location changes), LOCALNET (an IP address range specifying your local network, generally, 192.168.1.1 is the gate way and packets may appear to originate from your router if it’s a piece of junk. 192.168.1.255 is broadcast, so no need to include that address either), INTIF1 is the NIC card on my server. Use ifconfig to figure out what yours is (or iwconfig if you have a wireless server because you’re crazy that way). Next, I define the DNS servers from my ISP. I didn’t list them here because my ISP probably would not appreciate that. Use OpenDNS if you’re really in a bind (pun not intended).

Let’s skip to the #BIND/NAMED section. Here, I’ve looped through each DNS server from my ISP. I’ve opened up the UPD and TCP ports to allow recursive look ups generated by my local network traffic. After that loop, I open up port 53 locally. Notice I’ve used the interface (-i #INTIF1). This restricts where requests may originate. You really only need this if you have more than one NIC card on the box.

Configuration

Before we can test, there’s one more thing we need to do: configure named/bind to listen to us. By default, bind is configured to only accept connections made ON THE SERVER. That doesn’t help when you want other computers on your network to be able to make requests. Open: /etc/bind/named.conf in vim. You need to change the listen-on directive to include your local network address. I just used “any” as my firewall will deny any other requests.

...
options {
  /* ... other configurations here ... */
  listen-on {any;};
};

Make sure you include the semi-colon after “any” or you’ll get named complaining at you. Restart named (bind). 

%sudo /etc/init.d/named restart

Testing your server

You should now be able to test DNS lookups from another machine. From you local (non-DNS server), type:

%dig @DNSSERVER_IP_ADDRESS www.google.com
Replace DNSSERVER_IP_ADDRESS with the IP address of the server on which you just configured and installed bind/named. You should get something similar:
; <<>> DiG 9.4.1-P1 <<>> @DNSSERVER_IP_ADDRESS www.google.com -t A
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13465
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.            IN    A

;; ANSWER SECTION:
www.google.com.        604748    IN    CNAME    www.l.google.com.
www.l.google.com.    249    IN    A    64.233.169.104
www.l.google.com.    249    IN    A    64.233.169.103
www.l.google.com.    249    IN    A    64.233.169.147
www.l.google.com.    249    IN    A    64.233.169.99

If you’re using Windows, you need to use nslookup (command line application). The syntax is slightly different. If you’re using Gentoo, you need to first install the bind tools (emerge net-dns/bind-tools).

That’s it! You now have a working local DNS server merely acting as a cache.

Posted in  | Tags , , , , , , , , ,  | 1 comment

Mac Latex-mk

Posted by Christopher Wojno Sun, 30 Dec 2007 19:27:00 GMT

I really like the LaTeX typesetting system. It makes nice looking documents. It’s a bit of a pain to use, however. On FreeBSD, there is a LIFE-SAVING port called “latex-mk,” which is a set of maintained make files that will do all the heavy-lifting for you. It’s only released for FreeBSD and NetBSD, but I’ll walk you through how to install it on Darwin (Mac). I make no warrantees here. You accept all responsibility for following these instructions or deviating from these instructions. I am not responsible for lost data or damaged property, etc.

Installation

Getting LaTeX and latex-mk

First, you need the latex package for Mac: MacTex. Install that the usual way (or read their instructions if you get lost, no sense me repeating them). Once you have that installed, grab the latex-mk file. You’ll have to dig around a big, look under “Obtaining” if that link still exists. You’ll see a SourceForge download. Download this file: latex-mk-1.9.1.tar.gz. I’m sure these instructions will work for future versions too, though I make no guarantees.

Uncompressing/Unarchiving

Go ahead and unzip the latex-mk. Crack open a terminal (Finder > Applications > Utilities > Terminal.app). Change to the latex-mk directory:

cd ~/Downloads/latex-mk-1.9.1

If the version has changed, cd to that. Remember, you must unzip it first. Apple’s archiver should handle it. But you can always do a “tar -xzf latex-mk-1.9.1.tar.gz” if you’re old fashioned like me.

Configuration

Like most packages, you need to run the configuration program. Do this from the latex-mk-1.9.1 directory (you should still be there).

sh ./configure

You will see lots of text fly by. If you get errors, sorry, this tutorial is over. Drop me a line, maybe I’ll be able to help or point you in the right direction. If you see it create lots of little files, then you’re golden.

Compile

Type:

make

And, after a very short time, it will complete.

Install

Type

sudo make install

Sudo will ask for an administrator’s password. Enter it. If you don’t trust this package, you can always install by hand… But I’m not going over that. Once this is done, latex-mk is now installed and ready for use.

Cleaning up

Type:

make clean distclean

That will remove any installation files. You may also simply delete the latex-mk-1.9.1 folder. You should delete the zip file from which you got the latex-mk-1.9.1 folder; you no longer need it.

Testing

Let’s take it for a spin. Assuming you have MacTex installed already:

  • Create a new folder somewhere, I’ll call it: “Test”
  • cd to “Test”
  • Create a new latex document, say, “test.tex” and type or copy in the following:
%test.tex:
\documentclass[]{article}
\begin{document}
\LaTeX
\end{document}
  • Now create a new file called “Makefile” and put the following into it:
#Makefile
NAME = test
TEXSRCS = test.tex
BIBTEXSRCS = 
TGIFDIRS = tgif_figs

include /usr/local/share/latex-mk/latex.gmk
  • At the command prompt, type: “make pdf”
  • You’ll see it build the file. When it finishes, open finder and go to your “Test” folder. You’ll see a shiny new “Test.pdf” so go ahead, click it! You’ll see the strangely formatted LaTeX logo.

Congratulations. You just “ported” a FreeBSD application to Mac. Aren’t command line applications grand?

Why Latex-mk?

Latex-mk takes care of lots of details when creating LaTeX documents. It keeps your bibliography up to date automatically and will re-run the latex processor to ensure all your citations and cross references are up to date and shiny. Otherwise, you have to run latex 2-3 time every change to ensure your references will be linked. Your new friend is “make pdf” as it enables one-stop generation shopping.

More Information

The make file can do much more. You should see what it can do by going to the latex-mk site for instructions.

Posted in  | Tags , , , , ,  | no comments

Mac Applications Not (Force) Quitting

Posted by Christopher Wojno Sat, 29 Dec 2007 05:24:00 GMT

I’ve just recently (a few hours ago) run into applications not loading or quitting (even with Forced quits) on Mac OSX10.5 Leopard on a brand-new machine. Here’s the grueling story:

I tried to read a .doc and I declined to try Office 2004 for Mac. Nothing appears wrong at this point. I then tried to launch iTunes, it had the launched icon (blue circle) under it, leading me to believe it was running, but there was no window. I could not interact with iTunes at this point. I attempted repeatedly to launch iTunes to no avail. So, I did what any self-respecting GUI user did: Quit. After ignoring the problem report, I attempted the last straw, the Force Quit. After trying that several times, also to no avail, I turned to the Internet for help. Most forums suggested unplugging your iPod when this happens. I do not have an iPod attached to the computer. So I tried a little Unix magic. But “kill -9” from the command line was ineffective. Trevor suggested “killall Dock,” (the Dock is the application “Task Bar” for you Windows users) but that was also ineffective. iTunes appeared thusly in ps xau:

% ps xau | grep iTunes
6432   0.0  0.0        0      0   ??   E    6:45PM   0:00.00 (iTunes)

I’ve never seen an “E” state before, nor a process enclosed in parenthesis. According to the man pages for ps, the “E” means “the process is trying to exit.” The man pages, however, are silent as to what (PROCESS NAME) means.

Can’t Quit, Can’t Delete

Time Machine is running and was backing files up at that time to an external USB disk. It also refused to load or force quit (like iTunes) after stopping the back up. I could also not view the trash as it claimed that items were “being deleted.” The system was still responsive (I could browse the Internet to look for forums with this problem, but found nothing completely applicable). I attempted to restart: APPLE MENU > Restart. All windows quit, but the system would not complete the restart. After trying to restart AGAIN (the dock was still visible, so I opened up a Terminal and the menu reappeared), iTunes, System Preferences (Time Machine) and trash were still inaccessible. I then forced a restart by holding down the power button.

Office 2004 for Mac not the problem

Now, convinced Office was the problem, to avoid this problem again I attempted to deinstall the Office 2000 Test Drive application(s). That began to run, it claimed to have progressed 1/10th of the way through (as seen by the progress bar) at which point, the application was hung. Force quit was ineffective. I submitted a problem report about Remove Office crashing. But the application persists! Force quitting that does not shut it down either. Things are getting serious.

Time machine

Time Machine was not actively backing up at this time. I decided to unmount the back up drive “Time Machine Backups” (what Time Machine calls its backup drive). This did nothing as well. The drive refused to unmount, even though backups were stopped (this was done via System Preferences > Time Machine and then click the circled X near “Backing up” or “Next Backup”. Since that didn’t work, I decided to go for the gusto. I yanked the USB cable to the backup drive. This caused the trash to immediately empty. Remove Office quit. It appears that Time Machine is causing these hangs.

The External Drive

The external hard drive is a Smart Disk, 60GB FireLite XPress.

I then decided to check the disk. I launched the disk utility (Applications>Utilities>Disk Utility.app) and ran “Verify Disk”. It claims that the drive appears to be OK. I repaired it anyway and after a vigorous re-indexing (thank you Spotlight (AKA “mdworker” to ps)) the volume, again, appears to be OK. Things appear to be working again. I’ll try yanking the cable if it misbehaves again.

Problem

Applications not quitting, even after forced quit

Solution

Unplug external hard drives/iPods connected via USB.

Although it appears that Time Machine may be responsible, it may apply to all external USB hard drive devices.

Posted in  | Tags , , , , , , , , ,  | no comments

Thunderbird Copy to Sent IMAP Connection Error

Posted by Christopher Wojno Fri, 21 Dec 2007 05:46:00 GMT

This article applies to: Thunderbird v.2.0.0.9 and a few previous versions and may very well be applicable in the future.

The Solution

I’m assuming you want the solution and not the explanation. If you really do want the explanation, scroll down and come back!

After I set up my own IMAP server for my e-mail, I began to get error messages from Thunderbird: “Error copying message to sent folder. Retry? OK.” Rather than change my Postfix server (which was advised against by the documentation), I looked for a client-side solution. Retrying is a crap-shoot. Sometimes it copies, but most of the time it just sits there after informing you that:

Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings Dialog to reduce the number of cached connections.

Advanced IMAP Server Settings Dialog? I’ve never heard of that before. Let’s see what about:config has to say. You can find it in Tools->Options… on Windows, or Edit->Options… on other platforms. Once you see the dialog, hit the “Advanced” icon at the top right, then hit the “General” tab in the area below it. You’ll see “Config Editor…”.

I tried setting: mail.imap.max_cached_connections from 5, to 1, to 0. No value fixes it.

I then noticed: mail.server.server2.max_cached_connections And not just that one (I have several IMAP accounts). There were a few others as well. Setting these to 1 HAS solved my problem.

Just make sure all your: mail.server.serverN.max_cached_connections = 1

Now, had I listened to the error message from the start, I would have gone to the account settings for each. Right click on the IMAP account and select properties. Then goes to server settings. You’ll notice an “Advanced” button. Sure enough, you see the text field for the number of cached connections. Of course, if you want to change them all at once, you can use the Config Editor.

Remember, restart Thunderbird for the changes to take effect. Don’t expect miracles until after you’ve relaunched.

The Explanation

IMAP connection caching? Yes, when Thunderbird checks your e-mail over IMAP, it starts up a TCP connection. That’s a 3-way handshake.

  1. Hello Server!
  2. Hello Client!
  3. Hello again Server! (I got your hello)

3 Hello’s = 3 way handshake. OK OK, yes, this is a gross oversimplification. None-the-less, this handshake sequence is considered slow and “expensive.” So instead of saying good-bye after getting your mail, the client will say, “I’ll be back, so leave the line open.” Sounds good, but most servers have limited resources. Once the maximum number of connections is reached, it won’t accept any more. That’s what is happening with Thunderbird here. It’s being told that there is no more room.

So, what limited resource am I talking about? Well, those connections take up memory, especially the secure ones. SSL adds the overhead of a new shared secret (passphrase). That’s not too bad, but it’s more than storing the usual, unencrypted nothing. Even if you don’t use SSL, each connection uses a new port. Every computer has 65535 ports. Depending on the system, approximately 1000 of them are reserved for system calls. The other 64,000 and change are shared among all the services provided by the server. And, yup, you guessed it, each connection uses up a port.

May not seem like a big deal. But say, you have an account. Thunderbird caches 5 connections by default. If you have 5 folders, it will use all 5 connections and cache them. If your e-mail is on a dedicated machine: 64,535/5 = 12,907. Only 13 thousand users can check their mail (if they all have 5 or more folders). If you have a big company, this would be bad if the CEO or POB (pointy haired boss) can’t check his or her e-mail. Most servers will limit you (as did mine and probably yours if you’re reading this article to solve your problem) to 4 connections from the same IP address. While it helps solve the connection volume problem, Thunderbird gets confused.

See, if you need a new connection on the same account, thunderbird will use any active ones. But if you have multiple accounts, Thunderbird assumes the connections are independent. Apparently, this is a mistake.

An Expert Fix

I suggest that Thunderbird take note of refused connections and give up active connections from other accounts if they resolve to the same server. That will expand the already automatic connection cycling feature among connections on the same account to connections on the same client.

Posted in  | Tags , , , , ,  | 1 comment

UPE (Zeta) Freshman Unix Talk

Posted by Christopher Wojno Thu, 13 Dec 2007 20:51:00 GMT

UPE wanted to hold a Freshman Unix Talk to introduce new students to USC’s shared computing resources. It is to help them understand the system so they can program their assignments with it and not pull out their hair in the process. Naturally, I jumped at the opportunity to give the talk.

It is an overview of Unix as an operating system from the user’s perspective. So I’ve included some charts of commonly used programs.

I gave this talk a few months back and had forgotten to post it here.

You’re free to use it so long as I remain credited and you don’t make any money from it.

Freshman Unix Talk

Posted in ,  | Tags , , , , ,  | no comments

X11R6-R7 Upgrade Problem: elf_load_section: truncated ELF file

Posted by Christopher Wojno Sun, 18 Nov 2007 05:09:00 GMT

The Problem

I attempted to update X11 from X11R6.7 to X11R7.3 about a month ago. However, I was not successful and after getting this cryptic message when running startxfce4:

elf_load_section: truncated ELF file
Abort

Launching startx yields that same message repeated six times. Oddly enough, launching X worked and also had two truncated ELF files (or the same one repeated). So, X worked, despite the inability to read a few files. I was confounded to say the least.

I spent hours, which lead to days trying to find what ELF file was truncated. Google searches and digging through help forums turned up nothing. I did:

pkg_delete -rx ".*xorg.*" 
pkg_delete -rx ".*font-.*"

(deleted everything xorg and that which depended on it), then reinstalled xorg (/usr/ports/x11/xorg) to no avail. I even updated from FreeBSD-6.1-RELEASE to FreeBSD-6.2-RELEASE.

As of today, I have resolved the problem and I almost lost my mind when I discovered that xinit, a critical component of startx (startx is invoked by startxfce4), was not even installed. Keep in mind, I was getting this error before I deinstalled everything, so I did not deinstall it inadventently and send myself on a wild goose chase.

I assume the port maintainers moved this component out of the xorg port for some reason when they went from X11R6.9 to R7.2. Indeed, the dist file for the port xinit supports that conjecture.

In Summary

Simply INSTALL: /usr/ports/x11/xinit and you’ll be able to use X11 again. You need not deleted everything. Oh, please be sure you updated according to the /usr/ports/UPDATING file’s directions. X11 upgrades have always required special treatment (this one’s no different).

Best of luck to you.

Posted in  | Tags , , , , , , ,  | no comments