Planet HantsLUG

It was a cold day, it had been cold for a while. Outside the sky was grey, had I been at the window rather than at my desk I could have seen the freshly fallen snow making the car park look slightly less shit. My assistant was out of the room, I'd told him I wanted some privacy. I needed some privacy.

The man from the Church of England sat in my office. He wore a slightly nervous face, as he listened. I had been a member of the Church of England for over fifteen years, and ordained into it for nearly eight and a half, but you don't often deal with the actually Church of England, mostly you relate to your local Church or your diocese, but I was a chaplain whose diocese had just made him redundant. The Church of England, as it actually exists is based in three different places. Two of them Bishopthorpe Palace, and Lambeth palace also house an Archbishop, but this chap worked in a place called Church House, Westminster. He had come all the way, he said, 'to listen'.

"I'm supposed to have had a meeting with the Bishop in the New Year, and he's supposed to come back with a definite answer by the end of this month." I said.

"I can't get hold of anyone from the Diocese, I've tried several times." he replied.

"Neither can the students, they seem to have taken the phone off the hook in Winchester. To be honest we've probably sacked the person that answers the phone. With a £1.6 million hole in the budget we needed to sack someone, It's just it should have been our accountant. Mind you I expect we have sacked him. By the time this is done Church House, Winchester will just be an answering machine somewhere, with the beep replaced by the sound of a creaking rope."

"The students seem to be making a lot of noise. That's been..." and here he paused searching for the right word"...noticed."

"Noticed bad, or noticed good?"

"Good, it's quite a testament to you."

"Yeah, well they are the reason I'm going to stay. I have to stay, I'm going to fight this no matter what."

"I don't think the search for alternative funding is going well."

"If they want to take away my pay, I'll just stay anyway. I owe them that. I can live by faith. This is where God wants me."

He'd been listening to me rant on like this for over an hour, but he didn't look bored, he wore the look of concern he'd had since I met him off the train.

"You know" he said gently "there are other options."

That was how this new story started. It all seems so long ago now, in the snow and the cold and recession. Almost a lifetime ago from the vote and the fight and the confusion. It's hard to remember it all now. Some of the details have blurred with time. Really, that car park always looked completely shit.

Three years ago, Alan Pope asked me if I’d like to join him and a few others in making a podcast about Ubuntu from/for the UK. My initial reaction was that I have nothing to offer; sure I’m a bit of a geek but that’s about it, I certainly don’t think I can speak from a position of authority with regard to Linux. The other thing that they possibly hadn’t considered was that, at the best of times I’m more of a listener than a speaker; if you check back to season one of the show you’ll certainly hear that that’s the case!

But I said yes, and the whole team ploughed enthusiastically into producing the show, and we had a great time. Sure it was hard work and we made a lot of changes to make sure the show was what we wanted it to be (as we do now) but it was a lot of fun.

Two and a half seasons later, I think the show is quite successful, we get a massive amount of downloads and there’s a fair sized community behind the show too. Unbelieveably we’ve been on stage twice for live shows as part of OggCamp which is an incredible buzz even though the anticipation isn’t much fun. What some people can’t understand is that we make the show just for the love. That means that every two weeks we drive for 2 hours, spend around 3 hours recording, then about another 6 hours producing the show. Pre-show preparation is continual and we’re always adding bits to the show notes so that we record what we hope is current and relevant to our wide audience.

But now after 3 years it’s time to move on, and I’ll be leaving at the end of this year.

I’m not the kind of person that wants or needs recognition, but I’m not feeling the passion anymore. That’s not just for the show, but for the whole “get involved” nature of Ubuntu. In the the last few episodes of the show I’ve spoken about getting away from the computer and doing other things; I guess that leaving the show was inevitable.

It’s been an absolute blast and I’ve learned a spectacular amount about producing podcasts, Ubuntu and the community, and possbily most importantly working with other people who only have themselves as a driving force. I don’t plan to become a recluse, but as I said at the beginning I’m a quiet chap by nature… we’ll just have to see.

Systems management is very easy.

1. Start with a blank slate.
2. Write on the slate.
3. Demonstrate that, in the event of the slate being wiped clean, you can reproduce the contents of the slate in full.
4. Wipe the slate clean.
5. See 3.

 

It's not actually possible not to have a job in the Church and get paid, so even though I have resigned I am still officially and legally the Anglican Chaplain to the University of Southampton, but all that ends tomorrow.

Tonight I will pray for the students and staff of Southampton and commend them to God and then I will look back no more.

Tomorrow I get up, (I'll probably shower, shave and have breakfast) and then I will take a short two minute walk to meet an Archdeacon who will be surrogate for the Bishop.

Even though I'm a republican I will take an oath of allegiance to the Queen and her heirs AND SUCCESSORS, and then I will take an oath of allegiance to a Bishop in all things lawful and honest and that will bring my ministry at Southampton to an end. I will look forward then, mostly because at that point the Archdeacon will Licence me to my new job....

...and then the work begins.

Blog Update

I've just updated the home-grown javascript I was using upon this blog to be jQuery powered.

This post is a test.

I'll need to check but I believe I'm almost 100% jQuery-powered now.

AJAX Proxies

It is a well-known fact that AJAX requests are only allowed to be made to the server the javascript was loaded from. The so-called same-origin security restriction.

To pull content from other sites users are often encouraged to write a simple proxy:

• http://example.com/ serves Javascript & HTML.
• http://example.com/proxy/http://example.com allows arbitrary fetching.

Simples? No. Too many people write simple proxies which use PHP's curl function, or something similar, with little restriction on either the protocol or the destination of the requested resource.

Consider the following requests:

• http://example.com/proxy.php?url=/etc/passwd
• http://example.com/proxy.php?url=file:///etc/passwd

If you're using some form of Javascript/AJAX proxy make sure you test for this. (ObRandom: Searching google for inurl:"proxy.php?url=http:" shows this is a real problem. l33t.)

ObQuote: "You're asking me out? That's so cute! What's your name again? " - 10 things I hate about you.

This weekend I attended London Hackspace’s Arduino For Beginners workshop.

Background

I’ve been a member of Hackspace for quite some time, though I have very little hands on experience with electronics or making things or anything like that, and have up until now tended to only use the Hackspace occasionally for somewhere to work from. When the Arduino workshop was announced I thought it sounded not only very good value for money at £80 for a two day instructor-led course, but also would be a great way to broaden my skills.

In the interest of full disclosure, as a minor fanboy of the Hackspace I am prone to want to portray it and all its endeavours in a good light. However I am trying to write this from the point of view of a paying customer of the workshop (which I was), and will try to be fair and objective.

What we got

Included in the £80 (£100 for non-members) workshop fee was an Earthshine Electronics Arduino compatible starter kit worth about £40, containing a DFRduino Duemilanove and over 150 components for use in the various tutorials.

Day one

I arrived early on the first day expecting to touch in with my Oyster card (Hackspace’s members can access the space 24/7 using any compatible RFID card), but the door was already open and the place was a hive of activity. Inside I found Andy “Bob” Brockhurst, Charles, Neil, Mike from Earthshine, Adrian and several others busy tidying the place up making it usable for a workshop. This included attaching a shelf to one wall for the projector to sit on!

Presentation

Eventually the projector was sorted out, a rather makeshift but legible screen put up for it and things began with a presentation from Bob. Bob’s presentation explained what an Arduino is, the sorts of things they might be used for, the concepts behind “open source hardware”, the available software and some resources for getting more information and hardware. Bob’s presentation is available on his github.

Arduino IDE

Once the presentation was concluded, Bob, Mike, Adrian et al went around ensuring we all had the Arduino IDE installed. This is a piece of Java software comprising a basic editor for the C-like language Arduino is programmed with, together with facilities to compile and upload the code to the board, and a few other features.

There was also a brief diversion into Fritzing, which is another piece of open source software used for producing layouts and prototypes of circuits for sharing with others, ease of manufacturing, etc. Fritzing is not necessary to use the Arduino, but was used to display the board layouts for the examples.

Amongst the delegates there was a mix of Windows, Mac and Linux laptops but we were all eventually able to download and install the IDE. The supplied USB cable once connected to an Arduino board appears as a serial port on the computer, and the IDE just has to be told which board model you have and which serial port to use.

I had a bit of a false start with installing the IDE on Linux, owing to me not reading the documentation. It is necessary on Ubuntu to already have installed gcc-avr and avr-libc otherwise the IDE will be unable to compile your sketch to object code. I think I was in the minority using Linux; it seems Windows is preferred amongst AVR coders. The usual Java blah is needed to run the IDE, but I already had that.

Refreshments

I’m not sure who prepared the refreshments; I know that Clare, Charles’s other half had some hand in it but I don’t know if she was solely responsible. In any case, tea, coffee, cordial, biscuits and flapjacks were provided throughout both days, with sandwiches (two different cheeses, tuna, egg, bacon), crisps and fruit for lunch.

Walk-through of examples

Once everyone had their IDE up and running and had confirmed that the IDE could talk to their Arduino, Bob went through some simple example circuits. While Bob put the circuits up on the projector and explained how they worked, both electronically and software-wise, Mike, Neil and other knowledgeable Arduino hackers moved around the room helping people out where necessary.

Bob’s examples built on each other progressively, and included:

• Making an LED blink
• Simulating a traffic light sequence with 3 LEDs
• Adding a button to simulate a pedestrian crossing feature
• Adding a buzzer which sounds when safe to cross

There was also a final example which used a motor as a spinner to simulate an accessible pedestrian crossing, but most people did not attempt this due to the risks of damaging the Arduino board.

Sample code and Fritzing files available on Bob’s github.

Experimentation

The last few hours of the day were taken at our own individual speeds, practising with the examples and seeing what we could get working. Some people surged ahead, completing all examples and then moving on to their own ideas, whereas others took longer or needed some assistance. As far as I could see everyone made their way through the first four examples.

One person’s Arduino was damaged towards the end of day one and was replaced by Mike.

Wrap up of day one

Some time between 4 and 5pm most people started to pack up and we were reminded to try to think of a personal project to work on the next day if we had not done so already.

Day two

Door debacle

I arrived just before 10am the next day owing to general Sunday public transport fail, Jubilee line closure etc., again expecting to swipe my Oyster and again being confounded. This time however it was by a group of people standing outside the Hackspace.

It transpired that we had perhaps tried to be too clever for our own good and the door computer had crashed some time in the night, preventing all of us from getting in. After about 30 minutes, some IRCing, unsuccessful nmapping and leaving of voicemails, Mark popped up on IRC and kindly rushed over to let us in with a real metal key.

Projects

For the rest of this day we all worked on our own individual ideas, with Bob, Neil, Adrian and others milling around dispensing masses of assistance.

I couldn’t really think of anything practically useful to work on so decided I just wanted to push the limits of what I’d already learned. I’d spied the 8×8 matrix display in the kit box and wanted to play with that, but this first would involve learning how to drive a shift register.

The 8×8 matrix has 64 LEDs (actually 128 since each one is either red or green), and connecting up 64 outputs would not only be extremely tedious, the Arduino doesn’t have that many outputs anyway. The component actually has only 16 pins but even so, 16 outputs is too many. A shift register helps solve this by allowing the control of 8 outputs using only 3 pins.

The basic idea is that you use one pin to tell the shift register when you’re ready to start or finish feeding it data, one pin to tell it there is a new piece of data to read, and a third pin for the data itself. After you’ve indicated that you’re finished, all the data you’ve fed in will be output. The 74HC595 shift registers in the kit box have 8 outputs each.

In order to get a working knowledge of the shift register I decided to first try using one to drive 8 LEDs, first to make them count in binary and then to display various patterns. After that I would go on to try the shift registers with the matrix display.

I put a circuit together by following the commentary in one of the examples in Earthshine’s Complete Beginners Guide to the Arduino. Unfortunately I couldn’t get it to produce sensible results. At times it seemed like I almost had it, with it counting up in binary correctly except for a couple of values. Other times it was just completely messed up with the LEDs cycling through all kinds of patterns.

I found debugging this to be very difficult. Dammit Jim, I’m a sysadmin, not a hardware hacker; when I write awful sysadmin Perl I at least have some idea how to debug it! After a couple of hours of frustration I had to ask Bob for help, and after a good while of him checking everything I’d done several times, he was stumped too.

Neil then wandered over and measured the frequencies the Arduino was producing, confirming that my code and the Arduino were working correctly, narrowing the breakage down to my circuit. He got his magnifying glass out, we got the datasheet for the shift register, and after a short while he noticed that I was trying to use the shift register’s latch pin as a clock and vice versa.

It turned out that while the pinout of the shift register was correct in the Earthshine guide, the commentary in the guide had switched around the purpose of the shift register clock input pin and the storage register clock input pin, which accounted for the bizarre behaviour I was seeing. It worked! A similar example on the Arduino site has things the correct way around.

I went ahead and wrote the code to do binary counting and then to put some simple patterns on the LEDs, but after all that I felt a bit too burnt out to go on to the matrix display and decided to quit while I was ahead. I definitely feel confident enough to tackle this on my own now though.

• Code
• Breadboard

I think two more people’s Arduinos were damaged on the second day.

Conclusion

Wins

This workshop was indeed incredible value for money. I think the components, presentation and walk through of examples alone were easily worth £80 and could have been done in one day. What was worth so much more was having knowledgeable people in the same room as you for two days, personally guiding you through the examples and discussing your own ideas. I’ve paid 5 times as much for one day courses that were nowhere near as good.

This could and probably should have justified a doubling or more of price, but I can understand that this was the first workshop put on in the Hackspace and there was a desire to sell it out and gain some experience from the host side.

I hope the workshop is repeated. If it is, and you’re interested in this sort of thing, you should book it quickly.

Suggestions for improvement

• Many Bothans diedTwo or three Arduinos died during the course of the workshop. As far as I could tell through overhearing conversation, every case was related to running them from the power supply instead of the USB power. I think someone put a multimeter on one and found it was supplying over voltage. I understand better PSUs will be sought in future.
• We struggled to fit everyone in. The last two late-comers had less than ideal seating during the presentation because Bob needed to stand in one of the seating places in order to do the presentation. This could probably be easily remedied by tidying up the Hackspace a bit before the day of the workshop. I don’t think there’s any need to reduce the number of participants.
• The screen for the projector was rather tatty and ramshackle. It didn’t matter much for Bob’s presentation because his slides were very simple and just about fitted on the screen, but anything more demanding than that would have real problems.
• The door episode was extremely unfortunate timing. A suggestion was made that at least two of the people running any workshop should have keys in case of similar emergencies. Sounds reasonable.

It looks like the Hackspace are conducting a debrief and some of these issues have already been raised, so it should be easy to improve for next time.

I don't like repeating myself, but I'm very tempted to past my mini-review of the Roomba Vacuum Cleaner robot into this blog.

Instead I will practise restraint and summerise:

• It works. It works well.
• It is a little noisy, but despite this it is great fun to watch.
• It takes a long time to clean a few rooms, due to the "random walk" it performs. Despite this it is still fun to watch and actually useful.
• Have I mentioned I grin like a child when it doesn't crash into things, and hums away past me on the floor?

£250. Worth. Every. Penny.

In more Debian-friendly news I've been fighting HTTP proxies today. I've noticed a lot of visitors to the various websites I host are logged as 127.0.0.1 - which is an irritation. My personal machine looks like this:

Internet -> Apache listening on *:80 -> thttpd on 127.0.0.1:xxxx

(This has been documented previously - primarily it is a security restriction. It means I can run per-UID web-servers.)

I had previous added a patch to thttpd to honour the X-Forwarded-For: header - so that it would receive the correct remote address passed on from Apache. However the fact that so many visitors are logged as coming from 127.0.0.1 meant it wasn't working 100% correctly, and I wanted to understand why.

Today I used ngrep to capture the incoming headers and the source of the problem became apparent:

skx:~# ngrep  -d lo  X-For ' port 1007'
..
T 127.0.0.1:41886 -> 127.0.0.1:1007 [AP]
  GET /about/ HTTP/1.1..Host: images.steve.org.uk..If-Modified-Since: Mon, 07
   Jun 2010 15:24:33 GMT..User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-U
  S; rv:1.9.1.10) Gecko/20100701 Iceweasel/3.5.10 (like Firefox/3.5.10)..Acce
  pt: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Accept
  -Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: I
  SO-8859-1,utf-8;q=0.7,*;q=0.7..Referer: http://images.steve.org.uk/2009/11/
  20/img_0471.html..X-Forwarded-For: 127.0.0.1, 11.22.33.123..Cache-Control:
  max-age=0..X-Forwarded-Host: images.steve.org.uk..X-Forwarded-Server: image
  s.steve.org.uk..Connection: Keep-Alive....

I bolded the important input; just in case that didn't jump out it was:

X-Forwarded-For: 127.0.0.1, 11.22.33.123

My patch to thttpd was making it read the first address, rather than the second - which meant that requests were being logged as coming from 127.0.0.1 and avoiding my efforts to track sources.

Now I understand the problem - The X-Forwarded-Host header is being tweaked by a proxy server, such as Squid, upstream of my server.

For the moment I've updated the thttpd patch to read:

        else if ( strncasecmp( buf, "X-Forwarded-For:", 16 ) == 0 )
          { char *tmp = NULL;

            /* Jump to the header-value  */
            cp = &buf[16];
            cp += strspn( cp, " \t" );

            /*
             * If the first change is a 127.0.0.1, then we'll
             * jump over it.  Cope with Squid, et al.
             */
            if (  ( tmp = strstr( cp, "127.0.0.1, " ) ) != NULL )
              cp = tmp + strlen( "127.0.0.1, " );

            /* Parse the IP */
           inet_aton( cp, &(hc->client_addr.sa_in.sin_addr) );
        }

That's not perfect, but the alternative would be:

• Install a patched version of libapache2-mod-rpaf to add a X-HONEST-REMOTE-IP
• Update thttpd to use that header.

Or something equally hacky and security-by-obscurity-alike.

Really I just want a simple way of always getting the correct remote IP. Shouldn't be so hard, should it? *pout*.

ObQuote: "You don't mess with fate, Peanut. People die when they are meant to die. There's no discussion. There's no negotiation. When life's done, it's done." - Dead Like Me.

You might have heard us talk about this on the latest episode of the Ubuntu Podcast from the UK, but we’re going to be at OSSBarCamp in Dublin on the 24th and 25th September. We went last year and had a great time. Now it’s grown to a two day event, has two streams and a coding competition. There’s a already a lot on the timetable, including talks from Alan, me and my good friend Matt Revell. We’re also going to be doing a live podcast recording on the Saturday, so come along and watch us sweat and prattle our way through an hour show! I’m really looking forward to doing another live show, and we’ll certainly be ready for the party at the Landsdown Hotel afterwards…

Come along and say hello!

Debian package building scripts consist of several inter-related tools, which are documented well with manpages, but not in the code itself.

Should you have some free time I urge you to take a peak at the source code of dpkg-buildpackage, debsign, and debuild. They work. They work well, but they're not shining examples of clear code are they?

Given that they work, and that they are complex I'm not sure I'm interested in improving things, but I do have a personal desire to run something like:

debuild -sa --output=/tmp/results/

What would that do? Instead of placing the resulting package in the parent directory, which is what we have by default, it would place them in the named directory.

However looking over the code I see that there are too many places where "../$file" is hardwired. e.g. Take a look at dpkg-buildpackage and you see:

my $chg = "../$pva.changes";
..
open OUT, '>', $chg or syserr(_g('write changes file'));

If you change that to the simple code below it works - but suddenly debsign fails to find the file:

my $dir = $ENV{'OUTPUT'} || "..";
my $chg = $dir . "/" . $pva . ".changes";

Ugh.

I guess I can come up with some hack to index files in the parent, run a build process, and move the only new files into place. But that's sleazy at best, and still doesn't solve the problem that we have tools which we rely upon which are .. unfriendly to changes.

I thought I could handle this via:

debuild \
 --post-dpkg-buildpackage-hook="move-changes-contents /tmp/output/ ../%p_%v_`dpkg-architecture -qDEB_HOST_ARCH`.changes" \
 --no-tgz-check -sa -us -uc

(Here "move-changes-contents" would read the given .changes file and move both it and the contents listed in it to the specified directory.)

Unfortunately %v corresponds to the package version - which isn't the same as the version in the .changes filename. (i.e. epochs are stripped out.)

ObQuote: I am the servant of the power behind the Nothing - The Neverending Story.