Setting up a Weather WebCam on Linux

Weather webcams are always popular and it is easy and free to set one up yourself.  This article will show how to setup a simple USB webcam to produce still images and serve them on a local apache webserver.

Continue reading “Setting up a Weather WebCam on Linux”

Formatting xml in emacs

I had this problem of debugging some xml but when reading the output of some log4j it was almost impossible to read so I needed some way of prettifying the xml quickly.

For this example I have the following xml:

<?xml version="1.0"?><xml><iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get"><query xmlns="some:namespace"/></iq></xml>

So how do we pretify this in emacs?

Well the first thing to do is to write an extension function & place it into your ~/.emacs file. Placing it here means that when you open emacs the extension is available:

(defun xml-format ()
  (interactive)
  (save-excursion
    (shell-command-on-region (mark) (point) "xmllint --format -" (buffer-name) t)
  )
)

Now this works by passing the buffer to the xmllint utility and replaces it with the output – in this case nicely formatted xml.

Now we need to install xmllint:

pi@lindesfarne: ~$ sudo apt-get install libxml2-utils

Ok so now open emacs and open the xml. To format first select the xml you want to format then Press Escape then x followed by xml-format & press return. You should then get the xml nicely formatted:

<?xml version="1.0"?>
<xml>
  <iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get">
    <query xmlns="some:namespace"/>
  </iq>
</xml>

Using NFS to provide extra disk to a Raspberry PI

As the Raspberry PI uses an SD Card for it’s boot device there are times when you need either more space than is available on that device or a device that’s faster – writing to flash is slow and flash cards do have a limited number of writes that can be made to them.

Now there’s several ways to accomplish this:

  • Use an external USB drive (the common route)
  • Use a network shared drive

Using a USB drive is simple and is the faster option but it means it’s dedicated to the PI whilst it’s in use, hence this article on using a network drive – in this instance a directory on another Linux box in the network.

Also having it shared on the network means that multiple machines could use it at the same time. Imagine if you are a teacher with a collection of PI’s being used by your students. You could setup a central read-only directory with your class work which they can all access as if it’s installed locally.
Continue reading “Using NFS to provide extra disk to a Raspberry PI”

Whoopsie & how to disable it on Ubuntu 12.04 or Mint 13

New in Ubuntu 12.04 is whoopsie – which sends a crash log to ubuntu. Nice feature? Well no as they don’t tell you about it nor to they ask you, they just do it.

Nice privacy issue guys.

To tell if you have it check the file /etc/default/whoopsie

[General]
report_crashes=true

If you see that then it’s enabled. You’ll also see a process running called whoopsie as well.

To turn it off just change it from true to false & kill the whoopsie process (or reboot).

Note this affects any distribution based on Ubuntu 12.04 including Mint 13 so check you are not infected by whoopsie.

Getting a ubuntu clone in VirtualBox to connect to the network

I’ve spent a large amount of time today trying to get cloning working within Virtual Box with a copy of Ubuntu 12.04 server with limited success.

Now by default a VM is set to use NAT for it’s network interfaces but I needed bridging and this causes a problem – when the clone starts it comes up with no ethernet interfaces, even though the original vm works fine.

In the end it appears to be udev thats causing the problem. The clone gets a new mac address (correctly) but udev knows the original mac address so disables eth0 hence no networking.

The fix is simple – tell udev to bugger off:

$ sudo rm /etc/udev/rules.d/70-persistent-net.rules
$ sudo mkdir /etc/udev/rules.d/70-persisitent-net.rules

Reboot and you should find the network interface reappear. Do this on the original vm and all your clones will work first time.

It’s a bit of a hack but it works – the mkdir simply prevents udev from recreating the rules on startup.

How to fix OpenJDK-7 certificates on Ubuntu 11.10 running on Amazon EC2

After a second crash of my EC2 instance which was running Amazon‘s own Linux distribution I had to rebuild so this time I decided to put the latest official Ubuntu AMI on it. Everything ran fine until I fired up an application which takes a feed from Twitter using their stream api.

When I fired that up I got the following stack trace:

17 Feb 2012 21:13:00,790 ERROR [Twitter Stream consumer-1[Waiting for 500 milliseconds]] [in.setra.twitter.TwitterModule] Exception during processing
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-emptyRelevant discussions can be on the Internet at:
 http://www.google.co.jp/search?q=b5e7486f or
 http://www.google.co.jp/search?q=24943238
TwitterException{exceptionCode=[b5e7486f-24943238 b5e7486f-2494320e b5e7486f-2494320e b5e7486f-2494320e], statusCode=-1, retryAfter=-1, rateLimitStatus=null, featureSpecificRateLimitStatus=null, version=2.2.5-SNAPSHOT}
 at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:200)
 at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:65)
 at twitter4j.internal.http.HttpClientWrapper.post(HttpClientWrapper.java:102)
 at twitter4j.TwitterStreamImpl.getFilterStream(TwitterStreamImpl.java:290)
 at twitter4j.TwitterStreamImpl$7.getStream(TwitterStreamImpl.java:279)
 at twitter4j.TwitterStreamImpl$7.getStream(TwitterStreamImpl.java:277)
 at twitter4j.TwitterStreamImpl$TwitterStreamConsumer.run(TwitterStreamImpl.java:427)
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1660)
 at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1643)
:
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
 at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
 at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
 at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:73)
 ... 23 more

After a brief search I found that for some reason when you install OpenJDK-7-jre-headless you don’t get the certificates installed & most people just switched back to the Sun/Oracle jre.

Now this worked for me – the install was a virgin setup so I hadn’t installed the sun JDK before but I found the Java 6 cacerts installed, so the following two lines fixed the problem:

cd /usr/lib/jvm/java-6-openjdk/jre/lib/security
sudo ln -s /usr/lib/jvm/java-7-openjdk-i386/jre/lib/security/cacerts cacerts

This may work elsewhere, it may not – in this instance it worked & I’m now getting a realtime stream in from Twitter.

Generating private keys with openssl

Keys are the basis of public key algorithms and PKI. Keys usually come in pairs, with one half being the public key and the other half being the private key. With OpenSSL, the private key contains the public key information as well, so a public key doesn’t need to be generated separately.

Public keys come in several flavors, using different cryptographic algorithms. The most popular ones associated with certificates are RSA and DSA, and this  article will show how to generate each of them.

Generating an RSA key

A RSA key can be used both for encryption and for signing and generating a key is quite easy, all you have to do is the following:

  openssl genrsa -des3 -out privkey.pem 2048

That will generate a private key with is password protected (it will prompt you for the password during generation). If you don’t want it password protected (usually for server side use) then leave the -des3 parameter out, i.e.:

  openssl genrsa -out privkey.pem 2048
 The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is considered insecure.

Generating a DSA key

A DSA key can be used for signing only. This is important to keep in mind to know what kind of purposes a certificate request with a DSA key can really be used for.

Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key then to generate the key itself.

  openssl dsaparam -out dsaparam.pem 2048
  openssl gendsa -des3 -out privkey.pem dsaparam.pem

Again like RSA, 2048 is the size of the key, in bits with anything smaller than 2048 being insecure in todays standards.

Also the -des3 parameter will prompt you for a pass phrase – for server use leave it out:

  openssl dsaparam -out dsaparam.pem 2048
  openssl gendsa -out privkey.pem dsaparam.pem