Archive for the 'Safe For Seneca' Category

Rockbox firmware for Sansa Clip Zip

Tuesday, July 23rd, 2013

I used to have a Sansa Clip Plus. After years of awesome service the clip from the Clip Plus broke off, which made it much less useful. For the last year I have been using a Sansa Clip Zip – a much newer model.

I wasn’t as happy with it as I was with the old one because the software on it wasn’t configured as well as the old one. Some nonsense about MTP and categorising songs based on their tags drove me to write shell scripts that would reset tags on my downloaded podcasts, just to disable that feature.

Thankfully I have a friend named Cesar who also has one of these players and mentioned a thing called Rockbox – open source firmware for several players, including the Sansa Clips. I installed it – the installation was almost newbie-proof but a couple of things would have stumped a non-engineer. The Rockbox firmware allows me to change just about every setting imaginable, so I configured the player to work exactly the way I want it to work.

I love it, thanks Cesar!

We used to write real shell scripts

Saturday, June 29th, 2013

I got a few requests from readers of my Newfoundland trip to give them maps so they can more easily figure out where I’ve been. Should be easy given that I recorded most of the trip using a OpenGPSTracker, but that’s a story for another time. This post is about the dying practice (not art) of shell scripting.

To add the screenshots (which I already had) to the website (which was already written) I had to write a script like this:

for F in *jpg; do echo -n '<a href="'; LONG=`echo -n $F | awk -F/ '{printf "OpenGPSTracker/screenshots/"$NF;}'`; echo -n "OpenGPSTracker/screenshots/"`basename $LONG .jpg`'.png">'; echo -n '<img src="'; echo -n $F | awk -F/ '{printf "OpenGPSTracker/screenshots/"$NF;}'; echo '"></a>'; done

Which produced output like this, which I pasted into appropriate places in the HTML file:

<a href="OpenGPSTracker/screenshots/day01-1.png"><img src="OpenGPSTracker/screenshots/day01-1.jpg"></a>
<a href="OpenGPSTracker/screenshots/day01-2.png"><img src="OpenGPSTracker/screenshots/day01-2.jpg"></a>
<a href="OpenGPSTracker/screenshots/day01-3.png"><img src="OpenGPSTracker/screenshots/day01-3.jpg"></a>
<a href="OpenGPSTracker/screenshots/day01-4.png"><img src="OpenGPSTracker/screenshots/day01-4.jpg"></a>
...

I could have done it manually, adding one image at a time in Seamonkey, but for 47 images that would have been an awful lot of clicking, probably a half an hour’s worth.

I couldn’t have written a script like that when I was a student, that’s not what bothers me. What does bother me is that I don’t know a lot of people who can write something like this on the fly, in order to save themselves the time and trouble of manual work. I know less than 5 people who would do it voluntarily, and maybe another 5 who could do it if you made them.

Yes it’s unreadable and I won’t be able to figure out how it works tomorrow, but this is not software, it’s a single-use shell script. I remembered how it works long enough to get the menial task done.

There has got to be a way to make writing, debugging, and learning shell scripting easier. A GUI of some sort.. I’ll put it on my never ending TODO list.

Measuring project effort in something other than Lines-Of-Code

Thursday, May 16th, 2013

It occurred to me recently that when it comes to a software project – it takes more than just code to make it successful but at the same time we typically only measure the scope of a software project in lines of code (LOCs). In most organisations it’s laughed at as an official measure of productivity, but think about it – when was the last time your manager put socialising or pondering or answering email or relearning your own code on the project plan?

I don’t have the time to go looking at the mass of research about measuring programmer productivity or project complexity, but I’ve had this quick idea I can share: instead of lines of code (which is just a part of the effort involved in maintaining a project) we can measure the entire effort it takes to conceive it, design it, build it, and maintain it.

What unit of measurement? Days of effort, of course, or DOE. Unless it’s a big project, in which case we can measure in months of effort, or MOE. If it’s a really big project – years of effort, YOE. But tiny projects should not be forgotten – so hours of effort must also be accounted for, as HOEs.

I think I will suggest that to my project manager if I have one again some time soon..

Whee, I got DDOSed

Thursday, May 9th, 2013

Once a month I archive my Apache logs. Which involves downloading them from the server and analysing them a little.

This month (last month actually, I am slow with my blogging) there was something obviously unusual from the beginning: instead of the typical six or seven logrotated 50MB access logs I had 15.

While I did hope for a couple of seconds that all of a sudden the popularity of one of my projcts doubled – I suspected immediately that the extra logs were full of bad rather than good things.

And so they were! I opened one of the middle files, access_log.07 and found many many lines like this:

178.65.217.96 – - [24/Mar/2013:04:40:09 -0400] “GET /isomaster/releases/isomaster-1.3w-installer.exe HTTP/1.1″ 404 3121 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
77.35.44.146 – - [24/Mar/2013:04:40:10 -0400] “GET /isomaster/releases/isomaster-1.3w-installer.exe HTTP/1.1″ 404 3121 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
94.51.3.138 – - [24/Mar/2013:04:40:10 -0400] “GET /isomaster/releases/isomaster-1.3w-installer.exe HTTP/1.1″ 404 3121 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
178.65.217.96 – - [24/Mar/2013:04:40:10 -0400] “GET /isomaster/releases/isomaster-1.3w-installer.exe HTTP/1.1″ 404 3121 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
77.35.44.146 – - [24/Mar/2013:04:40:11 -0400] “GET /isomaster/releases/isomaster-1.3w-installer.exe HTTP/1.1″ 404 3121 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”

Yep, that’s 3 requests per second. And how long has it been happening? Some quick grep commands found that it started on “21 Mar 08:01:11″ and ended on “1 Apr 14:36:26″, that’s 12 days of constant hammering!

The file the requests are for has been removed months ago, I got tired of dealing with the windows version of ISO Master, so my first thought was that this was someone’s broken script that was supposed to download the latest version or something, but then I noticed that the IPs are different. Note that even in the random 5 lines I pasted in above the requests are coming from 3 different IPs!

Sure is starting to smell like a DDOS attack, but why? Who cares enough about my server, or about me to bother wasting valuable botnet nodes on it?

Let’s do some more grep magic, this attack:

  • | wc -l: Made a total of 2.6 million requests, that’s 260 thousand requests per day.
  • | cut -f 1 -d’ ‘ | sort | uniq | wc -l: Used 1183 unique machines (or at least IP addresses).
  • | cut -f 1 -d’ ‘ | sort | uniq -c | sort -b -g | tail -20: Had these 20 worst offenders, check out that last one, two hundred and seventy thousand requests!

24209 46.41.102.187
33104 95.27.161.96
34276 109.201.122.167
35827 178.159.30.31
37249 109.201.103.230
41455 91.124.244.192
41603 176.96.64.243
42493 109.201.119.242
43714 158.46.46.195
47652 95.106.16.222
54098 178.65.217.96
59760 37.229.68.141
67490 188.122.249.84
67596 46.118.177.113
68509 5.142.224.71
107007 178.213.194.220
109235 92.240.209.14
183352 46.185.61.81
197865 109.185.126.177
273314 5.35.29.186

John recently told me that you can use the host command to do reverse DNS lookups, and I did a few, but didn’t record the results, though I remember that 2 out of 3 were russian. Let’s try again now (do you like my mad commandline skills? :))

for IP in `grep ‘/isomaster/releases/isomaster-1.3w-installer.exe’ 2011-mar-access_log | cut -f 1 -d’ ‘ | sort | uniq -c | sort -b -g | tail -20 | sed ‘s/ *//’ | cut -f 2 -d’ ‘`; do host $IP; done

187.102.41.46.in-addr.arpa domain name pointer 187.102.41.46.donpac.ru.
96.161.27.95.in-addr.arpa domain name pointer 95-27-161-96.broadband.corbina.ru.
Host 167.122.201.109.in-addr.arpa. not found: 3(NXDOMAIN)
31.30.159.178.in-addr.arpa domain name pointer peer31-30-159-178.ll.magnitogorsk.multinex.ru.
Host 230.103.201.109.in-addr.arpa. not found: 3(NXDOMAIN)
192.244.124.91.in-addr.arpa domain name pointer 192-244-124-91.pool.ukrtel.net.
Host 243.64.96.176.in-addr.arpa. not found: 3(NXDOMAIN)
Host 242.119.201.109.in-addr.arpa. not found: 3(NXDOMAIN)
Host 195.46.46.158.in-addr.arpa. not found: 3(NXDOMAIN)
Host 222.16.106.95.in-addr.arpa. not found: 3(NXDOMAIN)
96.217.65.178.in-addr.arpa domain name pointer pppoe.178-65-217-96.dynamic.avangarddsl.ru.
141.68.229.37.in-addr.arpa domain name pointer 37-229-68-141-broadband.kyivstar.net.
84.249.122.188.in-addr.arpa domain name pointer 188-122-249-84.clients.tlt.100megabit.ru.
113.177.118.46.in-addr.arpa domain name pointer SOL-FTTB.113.177.118.46.sovam.net.ua.
Host 71.224.142.5.in-addr.arpa. not found: 3(NXDOMAIN)
Host 220.194.213.178.in-addr.arpa. not found: 3(NXDOMAIN)
Host 14.209.240.92.in-addr.arpa. not found: 3(NXDOMAIN)
81.61.185.46.in-addr.arpa domain name pointer 46-185-61-81-sum.broadband.kyivstar.net.
177.126.185.109.in-addr.arpa domain name pointer host-static-109-185-126-177.moldtelecom.md.
Host 186.29.35.5.in-addr.arpa. not found: 3(NXDOMAIN)

Some of the hosts are no longer online, but pretty much every other one is either from Russia or Ukraine (except the one from Moldova). Interesting. Actually they are not offline, they just don’t have reverse DNS working. The biggest one I found via whois (thank you Gnome Network Tools) has an address and everything:

address:        LLC “Multiscan”
address:        I.Lukyanova
address:        ul. Sokolova, 8
address:        141090 Yubileynyy, Moscow Region
address:        RUSSIAN FEDERATION
phone:          +74959743623
fax-no:         +74957555344

Hm, suspicious looking building, it’s too nice for where it is:

DDOSed from here

I don’t recall having any enemies back home, in fact I remember eastern europe with fondness. So my guess is this had nothing to do with me (since noone contacted me about it) and is rather some practice or testrun for something or someone or another.

I won’t be able to figure out much more than that (cause I’ll be busy with other things), oh well, it was an interesting experience and I’m quite smug about that my server took it so well that I haven’t even noticed the attack during the 10 days it was going on. And I use this server all day long! Sackware rocks.

APNG in Chromium

Thursday, March 28th, 2013

Max Stepin (the APNG maintainer) has added APNG support to Chromium. Good job, man!

Mageia-APNG

GtkFileChooser not choosing

Saturday, December 29th, 2012

I maintain a reasonably popular app called Asunder. This app has in its preferences a GtkFileChooserButton, and implementation of the (supposedly) interface GtkFileChooser.

I’ve been getting bug reports about the selected directory not being saved when you save the preferences and looked into it again today. I could hardly believe what I found.

If I double-click on the directory I want selected and click “Open”, what I get looks like this:

gtkfilechooserbutton

But gtk_file_chooser_get_filename() returns.. “/home/andrew”. I dug and dug through my code and the GTK reference looking for an explanation, but found none. After experimenting some more I found the problem:

This only happens if I double-click on the directory I want (“temp” in this case). If instead I single-click on the directory I want – I get it. Using other GtkFileChooser getters doesn’t fix anything. So this is not a bug in my code (in fact I don’t think I could hack around this even if I wanted to), this is probably some retard deciding that his 0.001% use case is more important design-wise than everyone else who uses GTK.

I guess that’s just the way things are in a lot of open source. Instead of being brushed aside because you’re not the highest-paying customer your needs are brushed aside because they aren’t matching someone else’s vision.

There’s a chance that this is an honest bug (not a design decision), but how is one to know for sure? I mean look at what they’ve done to KDE4 and Gnome3.. my faith in open source is starting to waver.

I thought LibreOffice was going to be better

Monday, December 24th, 2012

I ran into a major issue with LibreOffice today, the version (3.6.22) that comes with LinuxMint14. It will not open the spreadsheet with my grades for last semester! It just hangs there at “Loading document”. Same thing happening on both computers I have that are both running the same Mint.

I hope this is not a sign of things to come.. There is no alternative for linux. I don’t want to be as screwed as the Mac people!

Thankfully the file opened in a Windows vm where I installed 3.6.4

lobroken

To solve

Saftey first at York University

Monday, December 24th, 2012

I’m the last guy to be anal about safety, but this is just hilarious!

safetyfirstatyork

If I had a car like this when I was young…

Monday, December 24th, 2012

Things would have been different! I guess that’s not the type of machine you can transport on the highway other than in pieces, so here are just the enormous tires:

bigtires

 

Install all the -dev and -doc packages in Debian/Ubuntu/Mint

Wednesday, December 12th, 2012

Hey look, it’s 2012/12/12 – cool! But that’s not what this post is about.

It always pissed me off big time that the more popular Linux distros don’t install the development files (like header files) or the documentation for the software that comes with them. Being a developer – this is a big pain in the ass for me. It became a really big pain in the ass when I switched from Slackware to Linux Mint a couple of months ago.

I’m no free software fanatic, but damn, why the hell not include the development tools and documentation with Linux? Not only will that make my life easier, but it may encourage some other people to dabble in programming on Linux. Otherwise, do you know what a serious roadblock it is to get a newbie to figure out that there’s a metapackage called build-essential and a package called libgtk2.0-dev which you have to type in exactly like that, with the lib and the dot and the (wrong) version and the dash and the dev? Hell, it’s easier to set up a development environment in Windows (you should be ashamed, Debian).

Whining about it would have been enough, but I actually needed to solve this problem, so here is the solution, you can use it too. It’s a shell script you can download here or copy paste from here:

#!/bin/sh
#
# install-all-dev-packages.sh
#
# Author: Andrew Smith http://littlesvr.ca
# Version 1.0 (12 Dec 2012)
#
# The following script installs all the -dev and -doc packages that should have
# been installed with your software but were omitted for some stupid reason.
#
# Tested on Linux Mint 13 but should work on any Debian/Ubuntu/Mint 
# or really on any Debian derivative.
#
# If you get errors like A : Conflicts: B but C is to be installed
# then add those packages (all of the A) into the following list:  
BADPKGLIST="libdb5.1 libglew1.5 libglew1.6 librdf0"

# List of all available packages
apt-cache pkgnames > /tmp/allpackages

NEWPKGLIST="build-essential"

echo "Searching for required -dev and -doc packages..."
for PKG in `dpkg --get-selections | cut -f 1`
do
  # Make sure it's not in the ignore list
  echo $BADPKGLIST | grep -q $PKG
  if [ $? -eq 0 ]
  then
    continue
  fi
  # See if a -dev package is available
  grep -qe "^$PKG-dev$" /tmp/allpackages
  if [ $? -eq 0 ]
  then
    NEWPKGLIST=" $NEWPKGLIST $PKG-dev"
  fi
  # See if a -doc package is available
  grep -qe "^$PKG-doc$" /tmp/allpackages
  if [ $? -eq 0 ] 
  then
    NEWPKGLIST=" $NEWPKGLIST $PKG-doc"
  fi
done

echo "The following packages have been found:"
echo
echo sudo apt-get install $NEWPKGLIST
echo
echo -n "Do you want to install them? (y/n) "
read YN
if [ a$YN = ay ]
then
  sudo apt-get install $NEWPKGLIST --install-suggests
fi

if [ $? -eq 100 ]
then
  echo
  echo "If you got apt-get erros such as 'A Conflicts: B but C is to be installed'"\
       " then make a change at the top of this script to ignore those packages,"\
       " hopefully that will work."
fi

There is potential for some typical apt-get quircks with the “bla bla is to be installed screw you haha” messages but that’s solvable, you just need to edit the script and blacklist those packages that are erroring. Presumably the list will be different on different OS versions.

Enjoy, you’re welcome!