Category Archives: Linux

Fixing HTML Rendering in Wine on Debian Jessie

Some application rely on Internet Explorer to provide HTML rendering capabilities. Wine implements the same functionality based on a custom version of Mozilla’s Gecko rendering engine (the same engine used in Firefox). In Debian Jessie you have a package called libwine-gecko-2.24 (the version is part of the name) which provides this rendering engine for Wine. However, different versions of Wine require different versions of wine-gecko. The package provided in Debian Jessie, matches the Wine version provided by wine-development from the main Jessie repository (1.7.29). Unfortunately wine-development from the jessie-backports if of version 1.9.8 and requires wine-gecko of version 2.44 which is not provided by any Debian repository. This will lead to errors like

Could not load wine-gecko. HTML rendering will be disabled.

and blank spaces where HTML content would be rendered in many applications.

The solution would be to manually install the required version of wine-gecko. We start by downloading the MSI binaries provided by Wine

$ wget https://dl.winehq.org/wine/wine-gecko/2.44/wine_gecko-2.44-x86.msi
$ wget https://dl.winehq.org/wine/wine-gecko/2.44/wine_gecko-2.44-x86_64.msi

Now install the required one, based on whether you are using 32bit or 64bit wine environment:

wine-development msiexec /i wine_gecko-2.44-x86.msi

(be sure the setup the correct $WINEPREFIX if needed).

en_IL: English locale for Israel

Update: The new locale was committed to glibc and should be part of glibc-2.24.

Most Israelis are literate in English, and for a large percentage of them, English is also the preferred language when it comes to computers. They prefer English, as it solves right-to-left issues and general inconsistencies (it might be annoying when some programs are translated ands some not). The downside is, that currently, the existing English locales are not suitable for Israel, as there are cultural differences:

  • American English spelling is more common in Israel.
  • The metric system is used, along with the relevant paper sizes (“A4” instead of Letter).
  • Dates are written in dd/mm/YYYY format, unlike in the USA.
  • The first day of week, and also the first workday is Sunday.
  • The currency used is ILS (₪).

So, up until now users had to choose locales such as en_US or en_GB and compromise on some stuff. To solve this issue, and create a truly suitable English locale for Israel, I wrote a localedef file for the en_IL locale.

To install the new locale, copy the en_IL file from the gist below and place under /usr/share/i18n/locales/en_IL (no extension). Next

# echo "en_IL.UTF-8 UTF-8" >> /usr/local/share/i18n/SUPPORTED

Now, complete the installation by running dpkg-reconfigure locales and enable en_IL.UTF-8 from the list, and set it as the default locale.

Installing Debian Unstable’s source Packages in Debian Jessie

Sometimes a package that you need is not available for Debian Jessie, but you can find it for Sid (unstable). You may be tempted to try to install it manually, by downloading the binary deb package, but it will most likely fail due to binary incompatibilities with different libraries’ versions you have. The better method will be to get the source package used to build the binary package, and build it yourself. Most of the time the process is not as hard as it sounds.

First, a short preliminary setup is needed Add the following lines to /etc/apt/sources.list:

deb http://http.debian.net/debian jessie-backports main
deb-src http://httpredir.debian.org/debian unstable main contrib

You can replace unstable with testing if you prefer to use packages from testing. Update the lists of packages

sudo apt-get update

Next you need, to get the build dependencies for your package. The example below uses the package lyx:

sudo apt-get build-dep lyx/unstable

Now you are ready to fetch and build the source package:

sudo apt-get source -b lyx/unstable

Finally, you will see in the current directory the resulting DEBs. Simply install them:

sudo gdebi lyx-common_2.1.4-2_all.deb
sudo gdebi lyx_2.1.4-2_amd64.deb

You can later mark the dependecies that you manually installed as automatic:

sudo apt-mark auto lyx-common

View man Pages Properly in gVim

Vim’s ability to display man pages easily using the K mapping often comes handy. It been bothering me for a while, that the same thing doesn’t work properly in gVim, which I use more. The reason is that Vim’s ability to display man pages depends on having a terminal emulator, which just isn’t true for gVim, hence the garbled display of man pages one sees if he tries viewing a man page in gVim.

Today, I found a way around this limitation. It turns out, Vim comes with support for displaying man pages in a split window, and does it perfectly – colors, links and all the necessary stuff. The first line, enables this feature which includes by default the K mapping to open the man page in a new split. The second part, which I find very convenient, makes the regular K do the same in gVim. And unlike the original mapping, it also accepts a count before, so pressing 3K will search the 3 man section of the keyword under the cursor.

" Properly display man pages
" ==========================
runtime ftplugin/man.vim
if has("gui_running")
	nnoremap K :<C-U>exe "Man" v:count "<C-R><C-W>"<CR>
endif

Ubuntu Freezes When Booting with Degraded Raid

I tried testing my software raid (mdadm) setup by removing one of the disks. When I tried to boot the degraded system, the system hanged displaying a purple screen. If I try booting the system in recovery mode, I get the following error:

** WARNING: There appears to be one or more degraded RAID devices ** The system my have suffered a hardware fault, such as a disk drive failure. The root device may depend on the RAID devices being online. Do you wish to start the degraded RAID? [y/N]:

** WARNING: There appears to be one or more degraded RAID devices **
The system my have suffered a hardware fault, such as a disk drive failure. The root device may depend on the RAID devices being online.
Do you wish to start the degraded RAID? [y/N]:

Continue reading

Securing Access to phpMyAdmin on Lighttpd via SSH

phpMyAdmin lets easily manage your MySQL databases, as such it also presents a security risk. Logging in to phpMyAdmin is done using a username and password for the database. Hence, if someone is able to either eavesdrop or guess by brute-force the username and password could wreak havoc of your server.

A possible solution to the eavesdropping problem, is to use SSL to secure the communication to the phpMyAdmin. However, SSL certificates don’t present any method to stop brute-forcing. To prevent brute-forcing attempts, you could limit access to your IP address. However, most of us don’t have static IPs at home. The solution I came up with, kinds of combines both approaches.

Instead of using SSL to encrypt the data sent, I’m using SSH and instead of limiting access to my IP address, I’ll limit access to the server’s IP address. How will it work? First we start by editing the phpMyAdmin configuration for lighttpd. This usually resides in /etc/lighttpd/conf-enabled/50-phpmyadmin.conf. At the top of the file you’ll find the following lines:

alias.url += (
        "/phpmyadmin" => "/usr/share/phpmyadmin",
)

These lines define the mapping to the phpmyadmin installation, without it the phpMyAdmin wouldn’t be accessible. We use lighttpd’s conditional configuration to limit who is able to use that mapping by changing the above lines to:

$HTTP["remoteip"] == "85.25.120.32" {
        alias.url += (
                "/phpmyadmin" => "/usr/share/phpmyadmin",
        )
}

This limit access to the phpMyAdmin only to clients whose IP is the server’s IP (of course you’ll need to change that IP to your server’s IP). This stops curtails any brute-forcing attempts, as only someone trying to access the phpMyAdmin from the server itself will succeed.

But how can we “impersonate” the server’s IP when we connect from home? The easiest solution would be to use to the SOCKS proxy provided by SSH.

ssh user@server.com -D 1080

This will setup a SOCKS proxy on port 1080 (locally) that will tunnel traffic through your server. The next step is to instruct your browser of OS to use that proxy (in Firefox it can be done via Preferences->Advanced->Network->Connection Settings, it can also be defined globally via Network Settings->Network Proxy under Gnome). This achieves both of our goals. We are now able to connect to the server while using its own IP and our connection to the server is encrypted using SSH.

This method can be used to secure all kinds of sensitive applications. We could have achieved the same thing by using a VPN, but it’s more hassle to setup compared to SSH which is available on any server.

Sending Desktop Notification from Cron

Usually when one wants to keep track of one’s cron jobs, one tells the cron daemon to email the output of the commands. While this is probably the best solution for servers, on desktop machines is problematic. Many ISPs block outgoing traffic on port 25 (SMTP), and if you want to send the emails via external SMTP server (such as GMail) this requires you to store authentication details in plain text. A better solution for the desktop would be to harness the desktop notifications available in Ubuntu.

There is a useful tool called notify-send which is able to send desktop notifications directly from the command line. However, there are few caveats:

  • notify-send expects its input on the command line, it can’t read from stdin.
  • If you run from cron you must tell it which display to use.

The first issue can be worked around by using cat to pick up the input. The second issue is handled by adding a DISPLAY environment variable to the crontab. So your crontab will look something like this:

DISPLAY=:0
10 1 * * sun some_cool_command | notify-send "Backup Documents" "$(cat)"

The first argument to notify-send is the title of the notification. The second is the actual text to appear in it, in our case it’s whatever comes in the stdin. If you want to store the output in a log file as well as displaying it in a desktop notification, you can use tee, which basically saves its input to a given file and also pipes it again to stdout.

DISPLAY=:0
10 1 * * sun some_cool_command | tee -a ~/some_log.log | notify-send "Backup Documents" "$(cat)"

Auto-Detect Dependencies when Building .debs Using CMake

CMake (via CPack) as a great feature that allows you to automatically generate Debian/Ubuntu (.deb) packages. One of the annoying things to do when you create a package is listing its dependencies. CMake asks you do it via the CPACK_DEBIAN_PACKAGE_DEPENDS variable. For example:

set (CPACK_DEBIAN_PACKAGE_DEPENDS "libc6 (>=2.7-18)")

But what happens when you work on a more complex project? Keeping track of all the dependencies by hand is a tedious task. Debian provides a tool named dpkg-shlibdeps which makes this task easier by updating the debian/control file with dependencies extracted from the dynamic libraries needed by a given executable. Luckily since CMake 2.8.3, CMake also supports running this tool automatically to figure out the required dependencies. The documentation is sparse, and I had hard time finding how to do so (I actually found it via a bug report and a commit message, but afterwards I’ve seen it the official documentation too). To enable it, you need to add the following line to your CMakeLists.txt file:

# autogenerate dependency information
set (CPACK_DEBIAN_PACKAGE_SHLIBDEPS ON)