a man, a plan, a cake: nirvana

Parallels and Linux: 512MB is your lot

Parallels 3.0 Beta 2 (Build 5120) came out the other day. I updated my copy and checked to see if they had fixed the problem I've been seeing with Linux VMs assigned more than 512MB. Unfortunately, they haven't.

I'm running Slackware 12.0 in a Parallels VM with a vanilla kernel. If I assigned that VM 512MB of RAM it runs just fine. If I give it 768MB or 1024MB, modprobe crashes on startup. Set it back to 512MB and it's happy again. I've seen other people have similar issues trying to get Parallels to run the server version of Ubuntu.

Parallels doesn't have this restriction with a Windows XP VM, so it has to be something they aren't emulating correctly for Linux. It makes me wonder if I ought to have waited for VMWare Fusion, as I use VMWare Workstation at the office a lot, but the beta wasn't even out when I bought Parallels. Ah well, 640KB512MB should be enough for anyone, eh?

Slackware 12 in Parallels

Putting the S back into SSH

A poignant article from Dave Dribin recommending against using SSH without a passphrase. (Link via Daring Fireball.) I am going to have to take a look at SSHKeychain as it looks pretty handy. As an aside, I just got done setting up a Slackware 12 VM on my MacBook and am using MacFuse via MacFusion so that I can edit files on the VM indirectly using TextMate. It works great with public key authentication.

SSH Public Key Authentication

RapidWeaver 3.6.3 just came out, which is the web site publishing application that I use. One of the new features they've added is support for SSH public key authentication for publishing changes to a site to your web server. This reminded me that I've been meaning to post a quick how-to on this under-appreciated feature of SSH. So here goes.

Back in the day we all used TELNET to connect to our servers. This was fine until bad people came along. TELNET sends your username and password in the clear, and so bad people started watching packets fly past and grabbed your account information out of the air. And then came Secure Shell, or SSH, which uses secure sockets technology to encrypt the connection between your client and server machines. No more password grabbing.

By default you use SSH pretty much like TELNET, where you specify your username and password every time you connect. However, SSH also supports public key authentication, which allows you to securely not have to enter your username and password every time you connect. Yes, this sounds counterintuitive but it's true.

What follows is a super-quick how-to. If you want more specifics check out Dave Aaldering's SSH with Keys HOWTO or the various man pages for ssh (try man -k ssh to see what man pages your system has for SSH).

To configure anything for SSH you need to create SSH's configuration directory, if you don't already have it. On your client and server:
mkdir ~/.ssh
chmod 700 ~/.ssh

The chmod is so only your user account has access to the SSH configuration directory. That's important. Once you have done that, you can proceed to creating your key. On your client:
cd ~/.ssh
ssh-keygen -t dsa

Accept all the defaults and specify a blank keyphrase when asked. You can include a passphrase, in which case the server will prompt you for this passphrase each time you connect. I'm assuming you want to skip that step, but feel free to specify a passphrase if you wish. The advantage is not specifying one is convenience. The disadvantage is that anyone with access to the console on your client machine will be able to access your server without a password.

You should now have a public key in ~/.ssh/id_dsa.pub and a private key at ~/.ssh/id_dsa. The public key needs to go on your server. The private key needs to stay where it is (this is what identifies you to the server and lets you log in without needing to specify a password). You may want to backup the private key file, since if you lose it you'll have to go through these steps all over again.

Transfer your newly-created ~/.ssh/id_dsa.pub public key file to the same directory on your server. Then on your server:
cd ~/.ssh
cat id_dsa.pub >> authorized_keys
chmod 600 authorized_keys
rm id_dsa.pub

This tells the SSH daemon on your server that you authorize clients that know the private key that goes with this public key. The >> appends to authorized_keys if it already exists: you authorize as many clients as you wish (one for your laptop, one for your home desktop machine, etc.).

Now that you've told the server it's okay for your client to connect using a key, try it out. On your client:
ssh server-username@server-ip

You should be logged in without being prompted for a password! If not, make sure that ~/.ssh has permissions of 700 and ~/.ssh/authorized_keys is 600. You may also need to tweak your server's SSH daemon configuration file. It's usually at /etc/sshd_config and the entry you want is PubkeyAuthentication yes.

Once you have it working, if you want to disable log ins with a password, so that you can only do it with your key, set PasswordAuthentication in /etc/sshd_config to no. Be sure you don't lose that private key once you've done this though!

Extra Credit

If your username is different on your client than on your server then create ~/.ssh/config on your client and add an entry like the following:

Server server-name-or-ip
User your-server-username

You can also add Port and Hostname entries for your server which can be convenient if you want to refer to the host by a different name when connecting (or if it a name if it doesn't have a DNS entry), or if the port is not the usual 22 and you don't want to remember to have to use the -p option to the ssh command. See man ssh_config for all the details.

Linux MCE: wow

I just watched the demonstration video for Linux MCE 0704, and it's pretty darn impressive. It is well produced and the set of features are very impressive. The low-resolution video is on Google Video:

There are higher resolution versions in WMV and OGM formats available via torrents from the Wiki downloads page. I downloaded the DVD ISO to play with it on my P4 linux box, but after the 2 and a half day download it failed the MD5 check. I burned it to a DVD+RW anyway, trying to be optimistic, but it failed a CRC check while untarring something. Oh well; I'll keep an eye on it and try downloading it again some other time. It's based on Kubuntu and integrated MythTV for PVR functionality. I've run a Myth box before but had some stability issues with it, so I'll be curious to see if things have gotten any better.

The new Fiire Chief gyroscopic remote control from Fiire that's featured in the video looks like a winner, but at $149 it's a bit out of my mad-money range for right now.

Fiire Chief picture

Correct dates on Flickr photos

When I drank the Flickr cool-aid, I had to move all of my pictures from my home-grown Perl/CGI webserver setup. They uploaded to Flickr just fine, but quite a few of them had incorrect dates due to incorrect or missing EXIF information. Fortunately I had all of the image files named in the YYMMDD_n.JPG format, so I knew there had to be a way to fix their dates programmatically.

Starting from the python script I had previously written to archive my photo tagging information (see this post), I just had to add a function that used a regular expression to parse the date information out of the photos' filenames and call photos.set_Data in the Flickr API. The function is up on TextMate's pastie site for those interested.

iPhoto 7 first impressions

My iLife '08 family pack arrived yesterday and I eagerly installed it on the G4 PowerMac (yes, it refuses to install the new iMovie on a G4, but that's for another day) and on my MacBook. I downloaded the iPhoto 7.0.1 update and started it up. It said it need to update my library and the process took hardly any time at all, in spite of being on the G4 and there being about 5000 pictures in the library.

When the main window appeared I was presented with a surprisingly small number of the much-touted Events. On closer inspection it seems that Events, at least from an upgrade, are pretty-much synonymous with the old Rolls, albeit given equal billing with Photos in the sidebar and a very pretty facelift. This was a little disappointing. I had understood that events were created based on their date taken, not the date they were imported into iPhoto (who cares about that date). I often batch import several days worth of pictures. Of course iPhoto will let you split an event, but the whole point of Steve's pitch was that you didn't have to do it manually. What made this more disappointing was the 3000 or so pictures I imported when I switched; these all showed up as 1 event spanning multiple years.

Since I didn't feel like splitting that mega-event up, I decided to create events from the albums I had created. This proved to be a little clumsy, but perhaps I just didn't find the simplest way to do it.

For each album, I:
  1. Selected the album in the side bar.
  2. Selected all the photos.
  3. Picked Create Event... from the Events menu.
  4. Accepted the warning about photos only being in one event at a time. (which can silence after the first time)

This created an event. I could tell because the count after "Events" in the sidebar went up by one, but it left me with my pictures selected back in the album. I then had to:
  1. Click Events in the sidebar.
  2. Find the new Event (which fortunately was selected).
  3. Edit the title of the new event and pick my key photo.

Moving forward this shouldn't be so tedious, but had iPhoto created events based on the date each photo was shot, I think it wouldn't have giving me a better starting point.

I use the excellent FlickrExporter to public my photos to my Flickr account (Fraser has updated it to use the new official Apple API in iPhoto 7 by the way). One of the many nice things about FlickrExporter is that it turns iPhoto keywords into Flickr tags. However, getting keywords added to photos in iPhoto 6 was a pretty tortuous experience; or it was until I discovered Ken Ferry's Keyword Assistant. With Keyword Assitant I just wouldn't have been able to contemplate keeping my tagging up-to-date. A few days ago, Ken posted on the Keyword Assistant blog:

I'm happy to report that I won't be updating Keyword Assistant for iLife '08 for one reason: The native keyword interface in iPhoto 7 is good enough that Keyword Assistant is unnecessary! You can enter keywords by typing, the keywords autocomplete, use of a non-existent keyword will implicitly create it, and you can assign keywords for an entire album without using the mouse.

And boy was he right. If you enable viewing of keywords in iPhoto 7, you can simply click in the space where the keywords are (or would be if there aren't any yet) and start typing. And I mean right under the photo in the main Photos view, not in the information popup in the sidebar. The keywords tab-complete, and you can use comma to accept one and start adding another, just like Mail does with contacts when you're addressing an email. Same goes for the photo's title: click on it and start typing.

Tab takes you to the next photo's title; tab again and you're at that photo's keywords. You can create new keywords inline and it doesn't say boo. Very very nice.

iPhoto Library a package
The iPhoto Library folder under /Users/username/Photos is now a package (so you have to right- or Ctrl-click on it and select Show Package Contents to get to your photos. iPhoto never really did like you poking about under its hood; I guess Apple want to make that even clearer with version 7.

Web Gallery
Now that .Mac accounts have been bumped to a health 10GB, I decided to give the new Web Gallery feature a go. Creating a Web Gallery album was straightforward and they look nice in the browser. I did noticed that in Firefox, the slideshow option's fade doesn't work: each picture flashes off and on alarmingly during the transition to the next one. In Safari 3 Beta 3.0.3 when the new picture fades it, the old pictures shows once then disappears. I didn't noticed either of these quirks with Safari 2.
Minor browser quirks aside, the new Web Gallery looks great. The drag-to-see-the-pictures-inside feature of events in iPhoto also works in the Web Gallery, and the thumbnail size slider too is straight out of iPhoto. Apple did a nice job here. I expect I will stick to using Flickr, but for others who don't feel the need to post every single photo of their kid for others to 'enjoy', Web Gallery looks like it will be just the ticket.

Backing up your Flickr photo info

I gave up on my Perl/CGI scripted website for my kids' photos a couple of years back and moved them lock, stock and barrel to Flickr. It's a great service and I'm very happy with it. My initial upload was more than a thousand pictures, but I wanted to start out the right way so I tagged them all with people's names and so on. As you can imagine, this was pretty tedious, so I decided I would try and make sure I would never have to do that again. I did some digging around and came across the Flickr API. The authentication mechanism is a trifle cumbersome but some kind soul had already gone through the pain and posted a CC-licensed Python script that did most of the work. I messed around for a little bit and ended up with a little Python script that downloads an XML file for each photo in my photostream. The XML file contains all the metadata for the photo, including its title, description, tags, dates taken and posted. I run this script every week or so and it grabs the data for the pictures I've posted since the last time I ran it. This way I have all my photos' metadata in a parse-able form, so if Flickr should ever go away I can write something to parse the files and import them to whomever at that time.

I posted the script via TextMate's excellent Pastie service, in case anyone is interested. I had to strip out my Flickr API key and its shared secret (which you need in order to access the Flickr API) for obvious reasons, but it's simple enough to get your own from Flickr.

UPDATE April 3rd, 2008:
I had to update the script to pass the authorization token when looking up your username as it started returning "failed to find user". The updated script is linked above.

PayPal Security Key

I received my PayPal security key a couple of days ago. It's a device that generates a different 6-digit PIN every 30 seconds. Once activated on PayPal and/or eBay you have to append these 6 digits to your regular password. If you don't, it will ask you for the PIN once you've entered your password. According to the Director of Account Protections at PayPal, who was interviewed on a recent episode of Security Now, this is part of Verisign's VIP network, which is to include banks and such. So you should be able to use the same security key for your online banking, rather than ending up with a pocketful of dongles.

PayPal Security Code Page

The key worked for me to begin with, but then today both eBay and PayPal started rejecting the PIN I entered. Finally, PayPal made me go through the setup process again, to resync the server to the key's internal clock. Hopefully that won't happen too often. I also tried out the "I don't have my Security Key" option, and it just made me answer the usual security questions, so I'm not sure how much more secure the key is really making my account, but it's an interesting development nonetheless.

.Mac Storage Increase

Apple has made good on its promise to bump .Mac accounts from 1GB to 10GB:

Maybe I will be able to do something with it other than syncing my Keychains and Address Book now. I use Flickr for sharing my photographs, but the new iLife '08 Web Gallery might be useful for sharing movies (I've never had much luck with YouTube: it always seems to end up mangling my videos too much).

ZX81 Nostalgia

I happened upon my Timex Sinclair 1000 the other day, while looking for something in the cupboard. I bought it a few years back on eBay because my very first computer as a kid was a Sinclair ZX81. The T1000 is basically the same but has 2K of RAM instead of 1K. I plugged it in and it still seems to be working just fine.

still works

It's been an awfully long time since I've coded in Sinclair BASIC but I threw something quick together:

oh, it wants it in radians...

and behold its graphic prowess:

Behold my graphical power

irony is...

...wearing your EFF t-shirt on the day you happen to get a meritorious award for a patent disclosure.