password-free ubuntu login with facebrowser

If you trust everyone who has physical access to a pc (if not then you are encrypting your files, right?) then there seems little point in having to type a password just because more than one user uses the pc.

So here's how to log in from the gdm "face browser" with a single click.
Instructions tested with Ubuntu 8.04 Hardy Heron and 8.10 Intrepid Ibex.


as root, create a new file containing the usernames of all the users you want be able to log in through gdm without entering a password:

sudo -i
echo 'username' >> /etc/gdm/nopassusers

now still as root modify the pam settings for gdm to check this file and allow this user in based on being in the list:
vi  /etc/pam.d/gdm

vi /etc/pam.d/gdm

and modify to contain the new listfile item

#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
auth sufficient pam_listfile.so item=user sense=allow file=/etc/gdm/nopassusers onerr=fail #add this line
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
session required pam_limits.so
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password

now simply restart gdm (or the whole machine) and try your new one-click login

/etc/init.d/gdm restart



Notes:
This means the keyring isn't unlocked, so you may have to type in your password anyway before your wireless connects.


references:
http://mirror.hamakor.org.il/archives/linux-il/05-2004/10149.html
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.html

error "Not a valid object name" filtering an ex-svn git repo with renames

Under git version 1.5.4.3, which as of writing is the current in ubuntu 8.04 hardy heron, trying to split out a folder from a git repo where the repo was an import from subversion (svn), and the folder was renamed in the past causes a failure as show below:

#!/bin/bash -v
rm -rf test-case
mkdir test-case
cd test-case/
svnadmin create svnrepo
export repo="`pwd`/svnrepo"
mkdir -p import/a
echo '1' >> import/a/file.txt
svn import -m 'initial import' import file://$repo/trunk/
svn co file://$repo/trunk/ checkout
echo '2' >> checkout/a/file.txt
svn ci -m "file modified" checkout
svn mv -m "moving file" file://$repo/trunk/a file://$repo/trunk/b
svn up checkout
echo '3' >> checkout/b/file.txt
svn ci -m "modified again" checkout
svn log -v checkout
mkdir -p gitcopy/a
git svn clone file://$repo/trunk/ gitcopy/a
cd gitcopy/a
git filter-branch --subdirectory-filter a #fails [1]
cd ../../
mkdir gitcopy/b
git svn clone file://$repo/trunk/ gitcopy/b
cd gitcopy/b
git filter-branch --subdirectory-filter b

The marked line above fails with the following error:
[1] Rewrite bcfe73ef303832b6112a2419dc1da5f782672c14 (3/3)fatal: Not a valid object name bcfe73ef303832b6112a2419dc1da5f782672c14:a

This has been fixed in the latest build of git: version 1.6.0.1.294.gda06a and no longer fails.

The "fatal: Not a git repository" error message that filter branch produces doesn't seem to matter.

reseting home folder permissions in ubuntu linux

If you are like me and my coworkers, you often end up running stuff as root in your home folder and end up not able to access your own files.

For the record, here's the commands to reset the permissions (leaving all execute flags off, which may not be what you want).

Warning, this could have undesired side effects. If you have executable files in your home folder that you actually want to be executable, you will have to manually mark them as executable again.

# Become root (as you don't currently have permissions to modify your own files)
sudo -i

# Reset ownership & group to yourself
chown -R tim:tim /home/tim

# give yourself the default read-write permissions, set group and other to read only
chmod -R 644 /home/tim

# re-apply excecute permissions on all the directories
find /home/tim -type d -print0 | xargs -0 -II chmod 755 'I'

# Don't leave your private keys showing:
chmod -R 700 /home/tim/.ssh

My latest use for this was after extracting files from my p910i with p3nfs, which as with so many desktop/device tasks needed root to work.

You could do this slightly more neatly if you know what permissions you have ended up with by using chmod u+w etc so you don't have to re-apply directory permissions, but I wanted to easily guarantee permissions are right regardless of what state they have ended up in.

It occurs to me it might be sensible to set the sticky bit on the home folders so that anything added by root stays owned by the user. (chmod u+s g+s /home/tim)

Don't trust audible.com, it's drm infected and they don't tell you

If there's one thing I hate (there isn't, there's lots, but this is today's) it's companies being economical with the truth to get you to part with your money, only to have you disappointed when you find out the whole truth.

I just bought an audio book on audible.co.uk. And now I can't even listen to it. I thought I was buying an mp3, or maybe even an ogg file. It is only on actually attempting to download the thing I have just paid for that I discover to my utter disgust that all the download links are for some kind of evil drm type program (I presume here, but there sure as hell was no mp3 in sight).



As you can see from the screenshot above, they clearly imply an mp3 download. I haven't seen such a clear use of weasel sales words for some time.

Next time I'll read the god damn small print, but I still think this is totally out of order not warning that they are providing crippled versions of what you think you are buying.

Thank fsm for people like the FSF. Their logo really sums up how I feel about being treated in this way.

Protect your freedom!

---

Update: credit where due. 24th July 2008.
My complaint about the website still stands, and my aversion to drm has not diminished, however the responses I have received from their customer service (by email), have been prompt, courteous and have totally resolved my outstanding problem. I have been given a full refund. I've been especially impressed given the hot blooded content of my initial contact. A lot of companies could learn lessons in good customer relations from these people.

work at emapsite

The company I work for, emapsite is hiring a developer.
Interviews are starting so you'll have to be quick.

More details available on their news item.

New wiki, mostly for car pc

I've created a wiki at wikispaces.com, to document things that are less transient than a blog entry.

Take a look at http://timwise.wikispaces.com/

I've started adding information about the car pc, and won't make any promises about what else I'll be adding (personal motto: under promise, over deliver).

I've made it open to all editors, and licensed under the GNU Free documentation licence to ensure the maximum value, reach and participation.

Nightly Shutdown, a new product from Proven Works

Congratulations to Joel Mansford, a good friend of mine, and his company Proven Works on getting the first release of Nightly Shutdown out of the door.

This looks to be a great product and hopefully will make system administrators' lives easier and greener. It's a utility for ensuring that the computers are off when you want them to be, and can be deployed through active directory making the sys admin's life easier. There's a 10 PC free trial available, so check it out at the download page.

Without even looking I know this will be a good product and fantastically well supported. Best of luck to all at Proven Works, and to all the potential users and buyers out there, don't forget to check it out and provide any feedback you can.

A vision of open in-car computing systems

I have a vision. A vision that puts you in control of your in car computing experience.

There are many superb appliances and embedded devices available for your in-car enjoyment, such as the sat navs, the dvd players, the built in games consoles. But they all share one thing in common, they are closed to you. You don't have the freedoms defined by Stallman because they are designed, intentionally or otherwise, to be hard for you to modify as you wish.

I feel deep in my heart that there is enormous potential for in-car computing. There are more possibilities than any individual or company can imagine or provide on their own. I'm sure my imagination is not big enough to list them here, so I leave the ideas for you to contemplate.

Add to this, the evidence and my experience that open source when done right produces the better engineered solution at a lower cost, and you have a compelling argument for such a system.

I have seen the freedom that open source and the GPL provide on the desktop computer, and I believe that this culture of openness and freedom for the users can be applied to the in-car computing market to the benefit of all.

My mission is to provide a basis for this innovation, and cultivate a thriving ecosystem in the way that only open systems can. And so, my vision is a range of affordable flexible and most importantly open computing devices for your car.

And so, I introduce to you in the above photo, the mark one of my in-car pc. It has no name, and the software and hardware needs some work to say the least, but in the tradition of openness on the internet, I will present here my ups and downs, successes and failures, genius and downright stupidity for your entertainment.

I have minimal spare time and numerous other projects, but there is no rush, as I think this plan will stand the test of time, and all the while hardware gets cheaper, smaller, faster and less power hungry. As I progress in fits and starts I will post photos to flickr under the tag carpc (first set) and progress updates to this blog under tag carpc.

All feedback welcome. I will announce new articles on my twitter feed, twitter.com/tim_abell, and can be contacted using the links at the bottom of my blog.

sharing work between computers with a usb flash drive and git

I couldn't find anything exactly matching this on the net when I was figuring it out, so here's what I did.

This is working against a remote svn (subversion) server, but applies even without one.

On the first computer, grab your git working copy from svn with git-svn clone (or clone a git repo, or just start a new one).

mkdir ~/project.git
cd ~/project.git
git-svn clone svn://project-server/trunk
git repack #for good measure

Plugin your usb flash drive/stick/external harddrive, I'll presume it's a vfat/fat32/fat16 formated device mounted at /media/flash.
Create an empty repository on the drive, I'll use a bare one as there's no need to keep the working copy as well.

mkdir /media/flash/project.git
git --bare init /media/flash/project.git

Then add the flash drive git repo as a remote source in your local git repo. "flash" is the name I've given to the remote branch reference, you can call it whatever you like.

git remote add flash /media/flash/project.git

If you push immediately it will fail (as I discovered) because fat doesn't support the execute flag on files, so all the hooks are automatically active. I deleted all the hooks as I wasn't planning on using them, this may be wrong so no promises, but it seems ok so far for me. So remove the hooks with:

rm /media/flash/project.git/hooks/*

Then push your current local copy to the flash drive with:

git push flash

This will copy all your committed work onto the flash drive, even if you haven't pushed it upstream to the svn server with "git-svn dcommit" yet. Bonus! It won't copy any of your branches across though, so you if you want them you can add those independently with:

git push flash mybranch

Now move over to the second computer and plug the flash drive in. I'm making the same assumptions on paths and devices. Do another completely independent svn checkout as above:

mkdir ~/project.git
cd ~/project.git
git-svn clone svn://project-server/trunk
git repack #for good measure

Then add the flash drive's repo to the git repo on the second pc and pull all changes from the flash drive, optionally including any branches:

git remote add flash /media/flash/project.git
git pull flash master
git pull flash mybranch #if you like

When you've committed changes to git or pulled the latest changes from svn on either pc, you can then update the flash drive with the simple command:

git push flash

Which pushes all your changes on your master branch on to the flash drive. You are now ready to run the pull command on the other computer to get back in sync:

git pull flash master

If you don't push changes to the flash drive before committing to svn then things will be very simple. If you push changes to the flash drive, and then commit them to the svn server you will need to do a little more work. This is because when you run "git svn dcommit" it pushes your latest git commits to the svn server, deletes your locally committed changes, and then fetches them back from the svn server. This means that git won't recognise your local changes as being the same as the ones on the flash drive because they have different commit message and SHA1 hash. Attempting to push to the flash drive fails with the message "! [rejected] master -> master (non-fast forward)" as the old copy of the commits are still there.

To resolve this you need to throw away the matching set of changes on the flash drive. To do this you can use git reset as follows, where HEAD~1 should be the number of commits you need to throw away (eg HEAD~3 to throw away the last 3 commits that were pushed to the flash drive):

cd /media/flash/project.git
git --bare log #to see how many changes don't have svn information
git --bare reset HEAD~1

You can then push your changes as above.

cd ~/project.git
git push flash

I've glossed over subtleties with fetch vs pull, but hopefully you will find this useful.

This howto makes use of git's ability to pull from multiple sources, and I've found that git quite happily copes with changes that were checked in to svn coming via the flash drive, even when later running "git-svn rebase".

Please do comment or contact me with any problems, errors, extra info and feedback, and let me know if it was useful.

Removing the execute flag from many files

Here's how to recursively remove execute permissions on files that have been copied from a windows system.

find * -type f -exec chmod -x {} \;

ie, find all files (not directories), and execute a command to remove all execute permissions for each file.

My bash prompt

I like a new line in my prompt so that if I'm deep in a path I don't end up with 10 characters left to type in, and pretty colours so that it's easy to spot the prompt when scrolling through lots of output.

Update 26/04/2008, added red for root.

From my ~/.bashrc
# Comment in the above and uncomment this below for a color prompt
if [ $UID = 0 ] ;then
PS1='${debian_chroot:+($debian_chroot)}\[\033[00;31m\]\u@\h\[\033[00m\]:\[\033[00;34m\]\w\[\033[00m\]\n\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\[\033[00;32m\]\u@\h\[\033[00m\]:\[\033[00;34m\]\w\[\033[00m\]\n\$ '
fi

The result (more or less):
tim@lap:~/Documents
$ echo "That's better"

Enjoy.

stop motion animation on linux

A quick howto...

1. Take a series of photos on your digital camera.
2. Copy them onto your linux box.
3. shrink the photos to a more managable size:
   mogrify -verbose -resize 600x400 -quality 60% *.JPG
4. Preview the animation with animate:
   animate -delay 8 *
5. Optionally rotate the image to match the exif information from your camera (mine was sideways):
   exiftran -ai *
6. Convert the jpg files to png:
   mogrify -format png *.JPG
   
7. Create the flash animation from the PNG files:
   png2swf -r 15 -o flower2.swf -v -X 399 -Y 600 *.png
8. Create an html file to hold the animation containing the following:
   

   <object>
   <param name="movie" value="flower2.swf" />
   <param name="loop" value="true" />
   <param name="quality" value="high" />
   <embed src="flower2.swf" width="399" height="600" />
   </object>
   

9. Write a blog article to tell everyone about it ;-)
   "history" is a handy command for reviewing your activities for writing up your achievements.
   

And here it is, providing I've kept up with my hosting fees and not been slashodotted:

Tech support at its worst

As you may know, I'm working through a Microsoft e-learning course at the moment. Having had a few problems with the service I've been trying to extract some common sense from their support services. Having failed to get anything vaguely helpful I thought I'd ask them about who they were, and I think the following response really sums up the level of idiocy I have encountered thus far.

When asked a simple direct question about who I was communicating with, the response is either hilarious or depressing, I'm not sure which. It would seem that before they can tell me where they are based, they need to know what operating system I run, what version of flash I have, what my login is etc etc. Talk about customer disservice. The finishing touch for me is the addition of upbeat advertising added to a response to an evidently already irritated customer.

Here are the last two messages for your entertainment (identifiers stripped out):

-------- Original Message --------
Subject: Re: MCP Ref: C ###### \ site broken. (########)
Date: Thu, 24 Jan 2008 16:03:12 +0000
From: Tim
To: emeamcp@msdirectservices.com


I have a couple of questions for you:

What company are you directly employed by?
Where are you based?

Thanks

Tim

The highly considered response:

-------- Original Message --------
Subject: MCP Ref: C ##### \ site broken. (#######################)
Date: Wed, 30 Jan 2008 15:59:21 +0100 (CET)
From: emeamcp@msdirectservices.com
To: Tim


Hello Tim,

Thank you for contacting Learning Manager Support.

In order for us to process this request, we need the following
information from you:

- Step by step screen shots of the entire process including the error
message

- Your log in Live ID and the Unique ID associated to it.

To obtain your Unique ID, please follow the steps provided:

1) Visit http://account.live.com

2) Sign in using your passport account.

3) After singing in you will see a page with more options. Please click
on 'Registered information'

4) At the bottom of this page you will see your Unique ID. It will look
like this: '000XXXXXXXXXXXXX'

- Detailed description of what the problem/issue is that you are
experiencing.

- What is the Operating System that you are using?

- What is the Internet Browser and version that you are using?

- What version of Flash and Shockwave are you using?

- Screenshot of the following webpage: https://learning.microsoft.com/Commerce/PurchaseHistory.aspx


While some of the above information may not seem applicable to your
issue, it is important that we must receive them in order to best
resolve your issue.

Please also note that we unfortunately are not allowed to provide you
any information about our location.

Looking forward to receiving your reply.

Kind Regards

Natalia Wojtaszek

Microsoft Regional Service Center
E-Mail: emeamcp@msdirectservices.com
Tel.: 0800-9170758 or 0800 0960137
Fax: ++49 5 24 11 79 60 77

In order to keep up to date with the MCP/ MCT program your contact
details need to be correct.

Don´t forget: You can update your contact details yourself in the
Profile Editor on the MCP/ MCT Secure Site at
!

NOW AVAILABLE: Virtual PC-enabled Labs in Official Microsoft Learning
Products https://partnering.one.microsoft.com/mct/vpc/default.aspx

Microsoft highly recommends that users with Internet access update their
Microsoft software to protect against viruses and security
vulnerabilities. The easiest way to do this is to visit the following
website: http://www.Microsoft.com/protect

It's worth noting that this is totally consistent with the level of service I have experienced with Microsoft e-learning. As far as I can fathom, the e-learning system has been set up on a pile of servers and then been left to rot whilst paying customers are fobbed off by a nameless and faceless 3rd party. It may be profitable in the short term, but this kind of behaviour may well be the cracks in the foundations of Microsoft's empire. I for one am certainly plotting a course for fairer pastures.