Hannes Schmidt's blog

Install Squid 3.2.x on Ubuntu 12.04 (Precise) LTS

Submitted by Hannes Schmidt on Thu, 01/24/2013 - 17:51.

This is how I upgraded the Squid package from 3.1.19 to 3.2.6 on my Ubuntu 12.04 installations. The 3.2.x branch contains support for multiple cores, so that's a pretty important update to have. 12.04 is an LTS release, so I'm really not sure why 3.2.6 hasn't been backported to it. Anyhow, here's how I did it:

Set up the dquilt shell alias as described in the Debian New Maintainer's Guide:

alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg"

Create ~/.quiltrc-dpkg containing

( categories: Unix | Administrator )

Inotify for Python

Submitted by Hannes Schmidt on Thu, 01/24/2013 - 13:27.

The other day, I was trying to use Linux' inotify(7) functionality in a Python script. The obvious contender seems to be pynotify, being the top Google result, as well as being mentioned in the O'Reilly title Python for Unix and Linux System Administration. Unfortunately, I found myself dumbfounded by its API. The native inotify(7) functionality is simple and elegant, what does a scripting wrapper have to add on top of it? If it were an abstraction that unifies the various platform-specific filesystem notification approaches, I would be able to digest a thick, opinionated API, but a mere wrapper for one particular platform should be just that: a wrapper, as thin as possible.

Lightweight and fast HTTP proxies

Submitted by Hannes Schmidt on Sat, 01/19/2013 - 17:24.

I recently evaluated several open-source HTTP proxy servers. I was looking for something lightweight and fast, without a persistent cache or with no cache at all.

( categories: Unix | Administrator )

Debugging System Preference Panes with ARC under Mountain Lion

Submitted by Hannes Schmidt on Tue, 12/18/2012 - 12:47.

First of all, follow the accepted answer in this StackOverflow question. That takes care of the basics. Second, if your application is using ARC (as it should if it targets Lion and higher) you may have to explicitly disable garbage collection for the System Preferences application. System Preferences is using ARC by default but there seems to be some crutch in place that causes it to switch to GC when launched by Xcode. This crutch will cause

Garbage Collection enabled !

in the debug log and the

To use the “...” preferences pane, System Preferences must quit and reopen.

error sheet to be displayed when your preference pane is selected. Clicking OK will restart System Preferences and you will lose your debug session.

I found that setting OBJC_DISABLE_GC to YES will override the crutch and cause System Preferences to start with ARC enabled, letting you debug your preference pane as intended. In Xcode, edit the scheme (Menu Product - Edit scheme), select the Run action and click the arguments tab. To the Environment Variables list, add an entry for OBJC_DISABLE_GC and YES.

This is on Xcode 4.5.2 (4G2008a) on OS X 10.8.2.

Installing Mosh on Ubuntu Hardy

Submitted by Hannes Schmidt on Thu, 07/26/2012 - 23:24.

I recently had to get into the Mosh pit with my good old friend Hardy Heron aka Ubuntu 8.04 TLS.

wget --no-check-certificate https://github.com/keithw/mosh/zipball/mosh-1.2.2
mv mosh-1.2.2 mosh-1.2.2.zip
unzip mosh-1.2.2.zip
cd keithw-mosh-df955aa
sudo sed -i -r 's/#\s*(.*hardy-backports.*)/\1/' /etc/apt/sources.list
sudo apt-get update
sudo apt-get install build-essential autoconf automake libprotobuf-dev \
                     protobuf-compiler libncurses5-dev zlib1g-dev libio-pty-perl
protobuf_CFLAGS=" " protobuf_LIBS="-lprotobuf" ./configure --prefix="/usr"
sed -i s/LITE_RUNTIME/SPEED/ src/protobufs/*.proto
sudo make install

( categories: Unix | Administrator )

NSTreeController's add, addChild, insert and insertChild methods

Submitted by Hannes Schmidt on Fri, 07/09/2010 - 12:59.

I had a hard time interpreting Apple's documentation of NSTreeController's mutator methods and their corresponding canXyz methods. My experiments did reveal symmetry in and consistency among the semantics of these methods, it's just that their naming is a bit odd (I say that coming from a strong Java background). The docs didn't help much either. I only investigated NSTreeController in entity mode, but I would guess that these methods behave identically in object mode as far as the pre-conditions and the position of the new node are concerned.

  • add: Creates a new entity and makes it the last sibling of the selected entity. IOW, the new entity becomes the last child of the selected entity's parent. Without a selection, the entity becomes the last top-level (orphan) entity. Think appendSibling.
  • canAdd: Have never observed it to be false.
  • insert: Creates a new entity and makes it a sibling of the selected entity, immediately preceding it. Without a selection, the entity becomes the first top-level entity. Think prependSibling.
  • canInsert: Have never observed it to be false.
  • addChild: Does nothing if the selected entity is a leaf. Otherwise, creates a new entity and adds it as the last child of the selection. Think appendChild.
  • canAddChild: False if selection is a leaf.
  • insertChild: Does nothing if the selected entity is a leaf. Otherwise, creates a new entity and adds it as the first child of the selection.Think prependChild.
  • canInsertChild: False if selection is a leaf.

Please not that these are empirical findings. I am pretty confident that they are accurate for the mutators, I am pretty sure that they are incomplete for the canXyz methods. In other words, even if canAdd seems to be true all the time, I wouldn't assume that add always succeeds and still bind to canAdd.

Debian/Ubuntu packages for Hudson CI

Submitted by Hannes Schmidt on Wed, 05/05/2010 - 10:19.

The awesome Hudson Continuous Integration project seems to be undergoing some organizational changes at the moment. Its leader, Kohsuke Kawaguchi has left Sun/Oracle and started up his own company revolving around professional services for Hudson, it seems. Let's hope this is not going to be one of those messy "open-source project going commercial" scenarios. Anyways, one of the more immediate problems caused by the changes is that the Debian package repository did not get any updates since late March. In a Hudson mailing list Kohsuke casually announced that he'd be pushing packages to this Hudson CI Debian and Ubuntu package repository but this fact isn't reflected on the official Hudson website yet which is why I am mentioning it here, putting all of my SEO weight behind the link ;-).

( categories: Unix )

Bind9 with DLZ and MySQL backend on Ubuntu Jaunty (9.04), Lucid (10.04) and Precise (12.04)

Submitted by Hannes Schmidt on Thu, 12/24/2009 - 15:48.

Update 06/27/2010: This workaround is still necessary for Lucid (10.04 LTS) and Precise (12.04 LTS). These instructions still work for those releases with minor adjustments (see the updates at the end of the article).

This forum post got me started but I got stuck in various places and thought I'd summarize what worked for me. I'm not going to explain much but if you're going to work with Bind and DLZ you probably know what you're dealing with. I also won't go into configuring DLZ because that depends on your particular DB schema and there is sufficient documentation on the DLZ website.

We need MySQL of course:

( categories: Unix )

Domain Name (Dis)service

Submitted by Hannes Schmidt on Fri, 09/18/2009 - 09:41.

There are plenty of openly accessible DNS servers available that do name resolution for you. Most Internet providers run them for their customers. There are also DNS providers that encourage you to replace your ISP's name server with theirs. OpenDNS is one example. They even do it without charging you! But remember, hardly anything on the Internet is free. Someone will have to pay the bill. AFAIK, OpenDNS' business model is based on advertising revenue, so the advertiser pays the bill. This is how it works: If you accidentally type a URL with a nonexistent domain name, OpenDNS will resolve it to one of their web servers instead of returning an NXDOMAIN error. The web server will then serve a page with web search results related to the mistyped domain name and some advertisements.

( categories: Administrator )

Installing dbd-mysql for 64-bit binary installation of MySQL

Submitted by Hannes Schmidt on Sat, 06/20/2009 - 18:02.

The dbd-mysql gem assumes (?) an i386 architecture when building the native component of the driver. You'll need to set ARCHFLAGS appropriately and point the build at the installation of MySQL.

sudo env ARCHFLAGS="-arch x86_64" \
     gem install mysql -- \

That should fix it.

( categories: Mac OS X | Administrator )

Multiple Google Notifier instances for multiple accounts on Mac OS X

Submitted by Hannes Schmidt on Fri, 06/19/2009 - 12:29.

I use Google Notifier to have my Gmail account checked for new mail periodically and automatically. I have a secondary Gmail account that I don't use that often but that I would like to have notifier check as well. Unfortunately, Google Notifier currently supports a single Gmail account only. Here's a simple hack that works well for a few gmail accounts. In a nutshell, you need to clone the application package and modify the bundle id in the clone's Contents/Info.plist file.

  1. Copy the Google Notifier application from Applications to a temporary location.
( categories: Mac OS X | Geek )

Overriding DHCP- or VPN-assigned DNS servers in Mac OS X Leopard

Submitted by Hannes Schmidt on Sun, 05/03/2009 - 13:13.

I'll have to break sad news to you: /etc/resolv.conf has been made redundant in Mac OS X. The dig and nslookup utilities still read it but most applications use a different mechanism for picking DNS servers when resolving host names. They generally go through Darwin's resolver library which instead of reading /etc/resolv.conf looks up DNS servers via the SystemConfiguration framework backed by configd. Survival of the fittest, I guess, or, Darwin's intelligent design.

Ok, ok, I'll stop trying to be funny ... Anyways, this would be all swell if there wasn't the occasional need for manually specifying DNS servers. For me this need typically arises when I connect to a VPN managed by an operator from hell. After hours and hours of hard work (my fingertips still hurt from all the googling) I present to you a solution:

With the VPN connected, launch scutil with root privileges:

hannes-mbp:~ Sysop$ sudo scutil
List all network services with DNS configuration:
> list State:/Network/Service/[^/]+/DNS
  subKey [0] = State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
  subKey [1] = State:/Network/Service/F194302A-846C-4321-9325-6813DAE148F2/DNS
Pick one and show its contents.
> show State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 : 
  ServerAddresses : <array> {
    0 :
    1 :
  SupplementalMatchOrders : <array> {
    0 : 100000
Ahh, this is the one! So let's get rid of those pesky servers. Obtain a working copy of the DNS configuration entry. It's called ... drum roll ... well, obviously: "d" (rolls eyes).
> d.init
> get State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
> d.show
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 : 
  ServerAddresses : <array> {
    0 :
    1 :
  SupplementalMatchOrders : <array> {
    0 : 100000
Reset the ServerAddresses entry to an empty array:
> d.add ServerAddresses *
> d.show
<dictionary> {
  ServerAddresses : <array> {
  SupplementalMatchDomains : <array> {
    0 : 
  SupplementalMatchOrders : <array> {
    0 : 100000
Write the working copy back:
> set State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
Note, that the line
d.add ServerAddresses *
clears the ServerAddresses array, thereby removing all DNS-servers tied to that particular connection ("service" in Apple-talk). Without service-specific DNS servers, Mac OS will fall back to DNS servers from other network services. Not sure how exactly that works. If you want to specify particular DNS servers, use
d.add ServerAddresses *

By the way, the "*" signifies array values, so it's not some kind of wild card.

( categories: Mac OS X | Administrator )

Pimp Da Kitty

Submitted by Hannes Schmidt on Sat, 12/13/2008 - 00:46.

I have been converted. After having preferred Windows on the desktop for the past 15 years, after six generations of

Yet Another Way To Screw Up The Control Panel,

I felt the urge to try something else. Something that

Just Works.

Those fifteen years were an interesting ride but for some reason the pride and satisfaction of finding just the right combination of registry settings that would let me mount a Samba share had worn off. I want to spend my time on something creative. Defragmenting the registry, scanning regularly for malware, and trying to find anti-virus software that doesn't take five minutes to load is fun and all, but how about an operating system that doesn't need any of that? You guessed right, I have become a Mac user. Enough of the trivialities, in this article I would like to list a handful of very useful Mac OS X applications and utilities I couldn't live without anymore.

( categories: Mac OS X )

Increase Wireshark Font Size on Mac OS X

Submitted by Hannes Schmidt on Sun, 12/07/2008 - 18:58.

Wireshark has a preference setting for the font of the capture display but it won't let you change the main font used for other UI elements such as like menu, toolbar and dialog windows. The default for the main font is illegibly small on my Mac OS X Leopard system -- I used Macports to install Wireshark and its dependencies. To fix it you need to add the gtk-font-name setting to your .gtkrc-2.0 preference file:

echo 'gtk-font-name = "Sans 14"' >> ~/.gtkrc-2.0

This will affect all applications using the GTK 2.0 toolkit but I guess that's ok.

( categories: Mac OS X | Administrator | Geek )

Drupal vs. Wordpress

Submitted by Hannes Schmidt on Sun, 11/30/2008 - 18:46.

A close relative of mine asked me to help him with choosing, installing and maintaining a blog for him. I am a big fan of Drupal (the software behind this blog, in case you were wondering) but just couldn't bring myself to recommend it. Don't get me wrong, Drupal is IMHO superior in almost all technical aspects but its user interface is just not as easy to use as WordPress. The person in question being a fairly inexperienced user of web technologies, usability was a major concern. The result can be admired at Hartwig Schmidt's blog.

( categories: Drupal | Webmaster )

"No DBD Authn configured!" with Apache, Digest Auth and DBD

Submitted by Hannes Schmidt on Sat, 02/02/2008 - 14:10.

I use mod_authn_dbd to check HTTP authentication credentials against a MySQL database. After switching from Basic to Digest authentication I got 500 errors and No DBD Authn configured! in the server's error log. It took me a while to realize that it wasn't enough to change

( categories: Unix | Web Servers | Administrator )

Sending DNS notify messages (update notifications) using Ruby

Submitted by Hannes Schmidt on Sun, 01/20/2008 - 15:49.

… is actually easy thanks to Dnsruby. The following code illustrates that:

( categories: Ruby | Unix | Web Servers | Windows )

Quickly enable/disable default gateway for VPN on Windows

Submitted by Hannes Schmidt on Thu, 01/10/2008 - 14:53.

Whether a VPN connection has the "Use default gateway on remote network" option enabled has big impact on how network traffic from your machine is routed.

( categories: Windows | Administrator | Dummy )

Windows Vista's DNS server priority issues in VPNs

Submitted by Hannes Schmidt on Thu, 12/27/2007 - 18:27.

Today I ran into a subtle issue regarding the order in which Windows Vista queries connection-specific DNS servers. I tested a setup with a PPTP VPN server that also provides DNS name resolution services to its VPN clients. For that purpose I ran both a BIND 9 name server and a Poptop PPPD daemon on the same box. It is dual-homed, i.e. one interface is the private interface of the VPN tunnel endpoint and the other one is the public Ethernet interface through which the server is linked to the internet. I configured BIND to listen on both interfaces.

( categories: Unix | Windows | Administrator )

Ubuntu 6.01.1 "Dapper Drake" DVD Torrents

Submitted by Hannes Schmidt on Sat, 09/02/2006 - 00:57.

It took me sometime to find Ubuntu torrents that work. I noticed that the .torrent files on the official Ubuntu server and its mirrors point to dead torrents. After some digging, I found this tracker to be most up to date. In case you're stumbling over this problem too, give it a try. It seems to be the official Ubuntu tracker.

( categories: Unix | Administrator | Geek )

Why the iPod sucks ...

Submitted by Hannes Schmidt on Wed, 05/17/2006 - 15:15.

Update: Apparently, I forget easily. Or should I say forgive? Just came back from the Apple Store with a brand-new iPod touch. Good news is that it doesn't have a hard-drive but uses Flash memory instead. Also, the Hold switch is gone/virtual. Make of it what you want but I'm leaving this article up.

Being what's usually referred to as an early adopter, I was one of the first people to buy an 1st generation iPod. And I didn't even have a Mac. So I relied on a software called ephPod to upload and manage songs from my PC. That software still exists but is bug ridden and not as versatile as iTunes, which is what I use now with with my 40G 3rd generation iPod.

( categories: Dummy )

Relaunch of Diary Products

Submitted by Hannes Schmidt on Tue, 02/28/2006 - 11:34.

[02/28/2005: Update - More Changes]
[03/02/2005: Update - Still Bugs in IE]

After this site has been using the old, boring, standard Drupal theme for two years, I am now proud to present my own creation: the new Diary Products theme. It uses the phptemplate engine and is a hybrid between table-based and CSS-based layouts as I am not a follower of the pure "Look Ma, No Tables" approach. There are still a few glitches here and there but overall I am quite happy with it.

( categories: Drupal | LightTPD | Geek | Webmaster )

Filtered: NMAP Port Scanner Sees Through IPtables Firewall

Submitted by Hannes Schmidt on Thu, 02/23/2006 - 15:02.

Ever wondered why port scanners like nmap are able to tell that some of the ports on your server are protected by a firewall? Have a peek at this nmap transcript:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-02-23 22:54 CET
Interesting ports on doodah.com (
(The 1658 ports scanned but not shown below are in state: closed)
21/tcp   open     ftp
22/tcp   open     ssh
53/tcp   open     domain
80/tcp   open     http
3306/tcp filtered mysql

I'm quite sure my firewall blocks access to the mysql port. Yet it bugs me that it is possible to tell that I have MySQL installed on my system simply by performing a port scan.

( categories: Unix | Administrator )

Tab Mix Plus: Tabbed Firefox Browsing the Way It Should Be

Submitted by Hannes Schmidt on Thu, 01/26/2006 - 10:37.

I stumbled upon the Tab Mix Plus extension for Firefox yesterday and I fell in love with it on the spot. Finally there's someone who understands tabbed browsing and realizes what's missing in Firefox' default implementation. I urge the devs to incorporate this extension into head. This is not an extension, it's crucial! If you use tabs, go get it! If you understand the difference between Ctrl-Tab Ctrl-Tab and Ctrl-Tab-Tab, run and get it!

Some of the features:

  • Session saver (When starting Firefox, it restores all tabs that were open when you quit Firefox)
  • Undo closing a tab
  • Open new tabs next to existing ones instead of at the end of the list.
  • Ctrl-Tab moves to the previously active one instead of the next one in the tab list.
  • Organizes tabs in multiple rows if you have many tabs open.
  • Ctrl-W'ing the last tab doesn't close Firefox anymore.
  • Customize mouse and keyboard events, tab font and color.

All of these are optional. If you don't like one, you can switch it off.

( categories: Geek )

Visual SourceSafe 2005 Internet and IIS Setup

Submitted by Hannes Schmidt on Mon, 12/05/2005 - 18:28.

One might think that it wouldn't be so difficult to setup Visual SourceSafe 2005 on Windows Server 2003 with IIS such that users can access the SourceSafe database using the Visual SourceSafe 2005 Internet plugin. But dude, I was so wrong! I managed to get it working in the end but it took me an etire day. Anyway, this isn't a complete HowTo. I would just like to point out a few not so obvious caveats.

( categories: Windows | Administrator | Programmer )

Gentoo Linux on a Dell Latitude X300

Submitted by Hannes Schmidt on Thu, 01/20/2005 - 14:42.

I'm currently struggling to get Gentoo to install from a Live CD on a new Dell Lattitude X300. It boots the kernel just fine but the init script can't mount the live CD because it doesn't find the cdrom drive. The X300 comes with a docking station which holds the CD drive which is connected internally via USB.

( categories: Unix | Administrator )

Microsoft RTF Specification Nightmare

Submitted by Hannes Schmidt on Tue, 06/08/2004 - 13:55.

Have you ever seen a word processor other than Microsoft's own office suite member Word that can import an RTF (Rich Text Format) file properly? I have not. The reason for this lies in RTF's inherent complexity and its strong dependency on Microsoft's internal Word document implementation. The RTF format is basically a 7-bit-safe, serialized version of a Word document's in-memory representation plus some tweaks that ensure backward compatibility with older programs that read RTF files.

( categories: Geek )

CorelDraw 11 vs. Illustrator CS

Submitted by Hannes Schmidt on Mon, 06/07/2004 - 13:29.

For my web comps I usually use Adobe Illustrator CS and I am quite pleased with it. Recently, I had the chance to review CorelDraw 11. The first time I ever used CorelDraw was more than 10 years ago and it must have been ancient version 2. The most recent version is 12. I reviewed version 11. For a client, I had to update a document created in CorelDraw 7, import it into version 11, apply a few modifications to it and do some streamlining. I was able to do the job, but it wasn't a very pleasant experience. Here's a list of nuisances.

( categories: Geek )
XML feed