Tuesday, March 11, 2014

Certificate for courier esmtpd

To enable SSL/TLS support for the ESMTP, you need to have a server certificate. Usually, the installation process of the package in a Linux distribution will create a default, self-signed certificate for you. However, if you want to create a proper certificate for your site, following is some simple steps to do so.

First, you need to generate a key for your server if you don't already have one: 
openssl genrsa -out server.key 2048
With that key, you can then generate a certificate request: 
openssl req -new -key server.key -out server.csr
If you did not customize your openssl.cnf configuration file, the above command will prompt you for the details of identify for the server in the certificate. Answer all questions as you please except for the common name "CN", which should be the host name to connect to your server.

Now, you need to get a Certificate Authority to sign your request. For example, if you have a demoCA setup for your openssl installation, you can do: 
openssl ca -config openssl.cnf -policy policy_anything -out server.crt -infiles server.csr
This results in the certificate file server.crt. You then can combine the server key and certificate files to create the certificate file for the courier mail server. 
cat server.key server.crt > esmtpd.pem
This used to be sufficient. However, the newer version (0.73) of courier requires a "DH parameters" block in the certificate file. This can be generated and appended with: 
openssl dhparam 1024 >> esmtpd.pem
Now, you can point the "TLS_CERTFILE" in all the configuration files to the certificate esmtpd.pem and restart your server.
Posted by at No comments:
Labels: ,

Tuesday, January 7, 2014

Example: data preprocessing with BASH

Case situation


I have run some batch jobs on a cluster to process data files for different systems (msc, ms, sh, rd) and parameters (i and w). The files are in different subdirectories:
[cjj@gust pattern]$ ls d-*/*.spd
d-msc/i275w042526.spd  d-ms/i285w025017.spd  d-rd/i295w042812.spd
d-msc/i280w040241.spd  d-ms/i290w023034.spd  d-sh/i275w051138.spd
d-msc/i285w036791.spd  d-ms/i295w020787.spd  d-sh/i280w047315.spd
d-msc/i290w031925.spd  d-rd/i270w065151.spd  d-sh/i285w043415.spd
d-msc/i295w026791.spd  d-rd/i275w060475.spd  d-sh/i290w039589.spd
d-ms/i270w034433.spd   d-rd/i280w055777.spd  d-sh/i295w035791.spd
d-ms/i275w030644.spd   d-rd/i285w051257.spd
d-ms/i280w027133.spd   d-rd/i290w046948.spd
[cjj@gust pattern]$
While, the output files are in the current directory:
[cjj@gust pattern]$ ls *.o*
i270w034433.spd.o172489  i275w060475.spd.o172496  i285w036791.spd.o172486
i270w065151.spd.o172495  i280w027133.spd.o172491  i290w023034.spd.o172493
i275w030644.spd.o172490  i280w040241.spd.o172485  i290w031925.spd.o172487
i275w042526.spd.o172484  i285w025017.spd.o172492  i295w026791.spd.o172488
[cjj@gust pattern]$
The format of the output log files are as follows:
[cjj@gust pattern]$ cat i270w034433.spd.o172489
MinTemplateNumber =  3
JT =  5
JN =  1
spikeResolution =  2
Number of initial spike patterns have been found : 562
ans = Creating surrogate data
ans = Creating time jittering surrogate data
ans = Creating neuron jittering surrogate data
Number of spike patterns have been valid by checking with sorrogate : 542
Number of spike patterns have been ruled out because of having less complex : 205
Number of valid spike patterns have been found : 337
[cjj@gust pattern]$

Problem task

Gather the stats in the log files as those marked in red.

Solution 1

This is done with a one-liner:
[cjj@gust pattern]$ for i in d-*/*.spd;do n=${i%/*};n=${n#d-};s=${i#*/};if [ -f ${s}.o* ];then w=${s%.spd};w=${w#*w}; echo ${n} ${s:1:2}.${s:3:1} $((1${w:0:2}-100)).${w:2} `grep ':' ${s}.o* | awk '{print $NF}'`;fi;done > matching_stat.txt
which can be broken down to:
for i in d-*/*.spd;do
  n=${i%/*}
  n=${n#d-}
  s=${i#*/}
  if [ -f ${s}.o* ];then
    w=${s%.spd}
    w=${w#*w}
    echo ${n} ${s:1:2}.${s:3:1} $((1${w:0:2}-100)).${w:2} `grep ':' ${s}.o* | awk '{print $NF}'`
  fi
done > matching_stat.txt
The data file generated is:
[cjj@gust pattern]$ cat matching_stat.txt 
msc 27.5 4.2526 81 75 22 53
msc 28.0 4.0241 237 217 103 114
msc 28.5 3.6791 393 371 156 215
msc 29.0 3.1925 335 322 132 190
msc 29.5 2.6791 445 437 144 293
ms 27.0 3.4433 562 542 205 337
ms 27.5 3.0644 1037 1006 331 675
ms 28.0 2.7133 1141 1093 341 752
ms 28.5 2.5017 1325 1274 462 812
ms 29.0 2.3034 1652 1609 747 862
rd 27.0 6.5151 1031 953 313 640
rd 27.5 6.0475 1042 963 345 618
[cjj@gust pattern]$
Posted by at No comments:
Labels: ,

Thursday, July 12, 2012

Mental shelter

When one is not capable of standing the elements, one seeks shelter. This is a natural instinct that has facilitated our survival ever since we were weaklings. But, for one to arrive at an oasis, one must first grow capable of leaving the shelter and stand the elements. Such instinct extends to the mental aspect of our capability. There are small things that cater to ones mental comfort: Be it a game, be it a show, be it a sport, be it a habit, be it an article, or be it an addiction. They are all small compare to our goals that set on by our will. However, mental weakness leads to incapability of leaving such shelters.
Posted by at No comments:

Wednesday, June 6, 2012

Remote system upgrade (with grub and bmc-watchdog)

IPMI is a very very powerful tool for system administrators, especially those telecommuting ones. It's serial over LAN (SOL) support eliminates the need to personally sit in front of a server to do any pre-network operations, including reconfiguring the BIOS settings. However, it does require (A) an additional IP address to access the IPMI network interface from the Internet; or, when no additional IP can be allocated, (B) the access to a second server on the same LAN (not necessarily with administrator privilege). When either (A) or (B) is available, you can theoretically do anything remotely including fresh installation of an operation system (starting, for example, with a network boot and/or a remote drive).

Unfortunately, one of my recent situation allowed neither (A) nor (B). So, the first installation had no option but to be done by on-site personnel. But, once a networked system was up and running with a working grub boot manager, I could remotely install a new system on an unused (or a large enough swap) partition and test it out with the "boot once" support of grub. On a Debian based system with grub-2, this involves
  • changing the value of "GRUB_DEFAULT" in /etc/default/grub to "saved",
  • running "update-grub",
  • editing /boot/grub/grub.cfg to make an entry for the new system (if it was not discovered correctly by grub-probe),
  • running "grub-reboot" for the entry, and
  • rebooting the machine.
However, in most cases, you are bound to make some mistakes in the new system and fail to recover network contact to the server until an on-site person can hit the reset button of the machine for you.

Lucky for me, the BMC of the IPMI on the server did have a working watchdog timer. Therefore, I could setup the timer with enough time and start it before rebooting the machine. That way, if the new system worked, I could login to the server through the Internet and stopped the timer. But, if the new system got stuck, the watchdog would do a hard reset on the machine after the time ran out and returned to the original working system... no more waiting for on-site personnel. The actual command I used to setup the timer is bmc-watchdog from freeipmi:
  • bmc-watchdog -s -u 4 -p 0 -a 1 -F -P -L -S -O -i 900
One can consult the man page for the meaning of these options. Simply, this sets up 15 minutes on the timer for a hard reset, which can be checked with
  • bmc-watchdog -g
started with
  • bmc-watchdog -r
and stopped with
  • bmc-watchdog -y
(While, theoretically, one can achieve the same result with ipmitool, it did not work for me on the specific system.)
Posted by at No comments:
Labels: ,

Thursday, September 15, 2011

Portable library for C++ GUI programming

It has been for a few occasions that I find my self wanting to port my GUI programs (most of which were written with gtkmm) to other platforms for the enjoyment of my friends. However, while most GUI toolkits claim to be portable to all platforms (Linux, Windows, and Mac), they generally require installation of multiple shared libraries by the users.

This is a major show stopper for most of my friends and is sufficient to kill any interest in them on the first mention. Therefore, the only viable mean is for me to make and send them statically-linked, monolithic executables that they can happily click on to start the shows. (They generally don't mind waiting a few minutes to download a bloated binary, as long as it remains a single step.)

My recent survey of the GUI library landscape brought my attention to GLUT. While it still requires installation on Windows, I can easily find static versions of FreeGLUT library for MingW that can be used to cross-compile, on Linux, statically-linked executables that can run independently on Windows. Furthermore, the GLUT framework, which, according to this, "is installed with every install of Mac OS X".

However, GLUT library only provides facilities for managing windows and handling user inputs. It is by no means a GUI toolkit and you will have to draw all user-interactive elements by yourself (in OpenGL). I do find a GUI library, GLUI, that is built on and should be as portable as GLUT. However, after porting a couple programs to GLUI, I failed to find it enjoyable for me to break up the C++-elegant logic of gtkmm and redo my work in a less polished API.

What follows is the birth of gltk, it is an implementation of the gtkmm API on GLUT. I actually started with adding the libsigc++'s signal-slot API to GLUI since the original callback mechanism only supported single static callback function and I needed more flexibility to port my programs. But, the hack soon proliferated into the entire source tree, and I decided it would be much more enjoyable for me to start something entirely from scratch.

After a somewhat persisting part-time effort that lasted more than a month, I have just made the first release of the library. It's usable for a simple application that only needs some buttons, checkboxes, sliders, single line text labels or entries to control calculations. For myself, this represent over 80% of the applications that I would have considered porting. I am feeling pretty happy about it and I hope some others will also find it useful.

Project Homepage: http://gltk.ccdw.org/
Posted by at No comments:
Labels: ,

Tuesday, April 26, 2011

Permutation

The following spaghetti prints all permutations of a string ("abcd"). I wrote it as an example to show the benefit of structured programming in my class.
#include <iostream>
using namespace std;
int main()
{
        char c[] = "abcd\n";
        int size = sizeof(c) - 2;
        int n[size + 1];
        n[size] = 1;
        int idx = size;
        char t;
new_round:
        for (int i = 0; i < idx; i ++) n[i] = i + 1;
        cout << c;
start_shift:
        idx = 0;
        t = c[0];
shift_next:
        if (n[idx]) goto shift_done;
        idx ++;
        c[0] = c[idx];
        c[idx] = t;
        t = c[0];
        goto shift_next;
shift_done:
        n[idx] --;
        if (idx == size) return 0;
        if (n[idx] == 0) goto start_shift;
        goto new_round;
}
The structured version is as follows: 
#include <iostream>
using namespace std;
int main()
{
        char c[] = "abcd\n";
        int size = sizeof(c) - 2;
        int n[size + 1];
        n[size] = 1;
        int idx = size;
        char t;
        do {
                if (n[idx]) {
                        for (int i = 0; i < idx; i ++) n[i] = i + 1;
                        cout << c;
                }
                idx = 0;
                t = c[0];
                while (n[idx] == 0) {
                        idx ++;
                        c[0] = c[idx];
                        c[idx] = t;
                        t = c[0];
                }
                n[idx] --;
        } while (idx < size);
        return 0;
}
The idea is to rotate a string by n times, where n is the length of the string. While, before each rotation, rotate the n-1 substring at the front n-1 times. And while, before each rotation, rotate the n-2 substring at the front n-2 times. And so on... We can see that this is more elegantly done recursively:
#include <iostream>
using namespace std;
char c[] = "abcd\n";
int size = sizeof(c) - 2;
void rotate(int l)
{
        char ch = c[l - 1];
        for (int i = l - 1; i; i --) c[i] = c[i - 1];
        c[0] = ch;
}
void perm(int l)
{
        if (l == 1) cout << c;
        else for (int i = 0; i < l; i ++) {
                perm(l - 1);
                rotate(l);
        }
}
int main()
{
        perm(size);
        return 0;
}
The above thinking counts on the string to have all distinct chars. When this isn't the case, a different approach is to consider the lexical order of the permutations. From a given permutation, we simply need to figure out the next in the lexical order until the order is "maximized". It turns out that this is in the C++ STL. My reimplementation is as follows:
#include <iostream>
using namespace std;
void swap(char & a, char & b)
{
        char c = a;
        a = b;
        b = c;
}
// increase the order of string
bool incr(char * str, size_t len)
{
        size_t i = 1;
        while (i < len && str[i - 1] >= str[i]) i ++;
        if (i == len) return false; // no kink
        // found a kink
        size_t j = i - 1;
        while (j > 0 && str[j - 1] < str[i]) j --; // size kink
        swap(str[i], str[j]); // shave kink
        // reverse rest
        for (i --, j = 0; j < i; i --, j ++) swap(str[i], str[j]);
        return true;
}
int main()
{
        char c[] = "aabbc\n";
        int size = sizeof(c) - 2;
        do cout << c; while (incr(c, size));
}
Posted by at No comments:
Labels:

Thursday, March 17, 2011

Building driver for AverMedia A827 on Linux kernel 2.6.38

Vendor: AVerMedia
Product: AVerTV Hybrid Volar HX
Model: A827

This is a Analog+DVB-T USB TV receiver with official support for Linux up until 2009-11-26. The latest driver can be downloaded from the product page above.

The "Normal" automatic process of installing the driver fails for 2.6.38 kernel. Using the "Expert" process to extract the driver source code to a selected location allows one to compile the driver manually and track down the problems. First, the function calls for mutex initialization are gone and should be replaced with those of semaphore initialization. Second, the Teletext support is also gone and should be eliminated from the driver source code. These fixes are summarized in this patch.

However, compiling the driver with "make" results in the WARNINGs that the symbols "param_array_get" and "param_array_set" are undefined. This is due a prebuilt object file, "aver/osdep_dvb.o_shipped", that was built with an older version of kernel. Building this file requires some internal header files from kernel source tree that are not normally available in, e.g., linux-headers or kernel-headers packages. Provided that the kernel source tree for building the running kernel is installed/available in the system, the shipped object file can be removed. After this, the "make" command can complete without incidence. Installing the drivers ("averusbh826d.ko"  "h826d.ko") to the module directory, e.g., "/lib/modules/2.6.38/kernel/drivers/media/dvb/dvb-usb" and updating the module dependency with "depmod -a", the adapter seems to work normally afterwards.
Posted by at 6 comments:
Labels:
Subscribe to: Posts (Atom)