guylhem is currently certified at Journeyer level.

Name: Charles Devereaux
Member since: 2011-01-08 05:53:05
Last Login: 2014-09-20 22:04:23

FOAF RDF Share This

Homepage: www.guylhem.net

Notes:

AfterStep window manager, xiterm terminal emulator, TLDP Howtos, former
TLDP leader, perlmsi french healthcare data analysis suite.

Recent blog entries by guylhem

Syndication: RSS 2.0

Unicode Greek and Maths letters with Linux

Here’s my new QWERTY keyboard:

 ¬∞ / ¹≈ / ²≠ / ³∇ / ⁴∀ / ⁵∪ / ⁶∩ / ⁷∈ / ⁸⊂ / ⁹≽ / ⁰≿ / ⁻ ⃗ / ⁺±
 θΘ / ωΩ / ɛƐ / ρϱ / ꚍꚌ / ψΨ / υϒ / ι∫ / ϖϵ / πΠ /  ̂  ̈ /  ̃ ̧  /  ̊  ̀
 α∂ / σΣ / δΔ / φΦ / ɣΓ / ηϘ / ϕϑ / 𝟀κ / λΛ /   ̅ ́ /   ̆ ̇
 ζϟ / ξΞ / ςϚ / √⊥ / βϐ / νͲ / μϡ / ≤≺ / ≥≻ / / ⃝

It’s a xmodmap I wrote to write math easily, using the 3rd and 4th level (AltGr and Shift+AltGr), while keeping the standard layout by default.

For most letters, you’ll find greek letters - including the rare ones, like script theta : ϑ, script phi ϕ, script epsilon ϵ and even the really rare ancient-greek ones (check wikipedia, they all have a cool story)

  • sampi Ͳ : U+0372 U+0373
  • numeric sampi ϡ : U+03E0 U+03E1
  • koppa Ϙ : U+03DE U+03DF
  • numeric koppa ϟ : U+03D8 U+03D9
  • digamma ς : U+03DA U+03DB  (but also U+03C2)

Numeric koppa looks ϟ like thunderbolts : ϟϟ. With koppa I can even add clouds above to make a full storm:-)

ϘϘϘϘϘϘ

ϟϟ ! ! ϟϟ ! !

Not sure I’ll ever use them, but who knows - and they’re fun!!

Digamma ς the last one is still used and goes by many names - waw, epsimmon, stigma, or “final sigma” as that’s what σ should look like when it’s at the end of a words (so says wikipedia!)

You’ll notice my lowercase gamma, taus and chis are not standard, because I hate the way they look in most fonts : a gamma that looks like a y or a chi that looks like a x won’t cut it . So I dug in unicode shapes and found some cool replacements. Likewise for epsilon, which is accompanied by a big epsilon for whenever I need it and the standard awfully round ϵ next to omegapi ϖ (that’s not a creative name, whoever created that one must have been really tired :-)

Beside all this unicode goodness, I have :

 - On the first row, math symbols (with the integral as Shift+AltGr I, the other exception being square root and perpedicular for the letter V, and rounded d ∂ for Shift+AltGr a, to keep company to α)

 - On the right handside, accents - so I can add a macron on any letter, or do vectors like α⃗ (alpha vector says hello!), or strike through things  a⃗⃠ (alpha vector says goodbye!)

I love unicode and xmodmap :-)

Syndicated 2014-12-10 01:28:47 from Guylhem's most recent funny hacks & thoughts

Google apps catchall not catching yahoo recovery email

A very good friend of mine use one of my domains for its password recovery email address - in case something happens to the mainstream account. For such purposes, I keep a  special domain on a grand-fathered “google apps” plans - with no real users, just one administrator and a catchall set to never mark anything as spam and forward everything to a special email.

Recently, my friend forgot his yahoo password and for whatever reason, the mail with the recovery link was *NOT* reaching him, despite the catchall!! It was not in spam, not in the trash, nowhere after the google app- apparently it was just silently discarded by google. Separate tests using another (non yahoo) domain to send a similar email to the recovery address *DID* work, suggesting indeed that  the spare domain setup and the catchall did work, and that the problem was somewhere else.

In the end, I had to create a special user with this given email on this domain so that my friend could log in and receive the recovery link from yahoo.

That’s extra weird - maybe some recently-added Google security feature to avoid yahoo.com account thievery by a catchall. But this raises the question -  is there that much interest for a “premium” yahoo.com account in 2014???

Syndicated 2014-08-19 21:29:37 from Guylhem's most recent funny hacks & thoughts

Automatically creating reverse DNS PTR from an IPv6 zone file

If you are like me, you don’t want to create the PTR by hand. I saw several articles online, but nothing remotely good (http://strugglers.net/~andy/blog/2012/11/29/converting-an-ipv6-address-to-its-reverse-zone-in-perl/ is recreating Net::IP)

So I created a perl script where you just update the domain name and the IPv6 prefix

#!/usr/bin/perl

# Copyright (c) Guylhem http://guylhem.net, 2014

use Data::Dumper;

use warnings;

use strict;

use Net::IP;

my $domain = “.yourdomain.com”;

my $prefix = “2001:470:8:1000”;

my $subnet = “/64”;

my @slaves = (“ns2.whatever.net”, “ns3.whatever.net”, “ns4.whatever.net”, “ns5.whatever.net”);

unless ( scalar @ARGV == 1 ) {

    die “Usage:\n\t$0 named-zone.txt\n”;

}

my $zone_file = $ARGV[0];

open( ZONE_FD, “<$zone_file” ) or die( “Can’t read zone file ” . $zone_file . ” !\n”

 );

my @records;

while (my $line = <ZONE_FD>) {

    chomp $line;

    if ($line =~ /AAAA/) {

     if ($line =~ /$prefix/) {

      (my $name = $line) =~ s/(\s+|\t+).*//;

      (my $host = $name) =~ s/.*.//;

      my $fqdn = $host . $domain;

      (my $aaaa = $line) =~ s/.*$prefix/$prefix/;

      my $ip = new Net::IP($aaaa) or die (Net::IP::Error());

      my $raaa=$ip->reverse_ip();

      my @new = ($fqdn . “.”, $raaa);

      push (@records, \@new);

     } #fi

    } #fi

} #while

close (ZONE_FD);

my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();

$year += 1900;

my $month = sprintf(“%02d”, $mon);

my $day = sprintf(“%02d”, $mday);

# number of seconds / 86400 = maximum 1000 at midnight.

my $stamp = 3600*$hour + 60*$min;

# Alternative: add warning about not running that at midgnigh

if ($stamp == 86400) { $stamp=86399 };

# We keep 3 numbers of the ratio

my $relstamp = sprintf(“%03d”, 1000*($stamp/(24*3600)));

my $prefixip = new Net::IP($prefix . “::” . $subnet) or die (Net::IP::Error());

my $rprefix = $prefixip->reverse_ip();

print $rprefix . “\t86400\tIN\tSOA\tns1$domain. hostmaster$domain. (\n”;

print “\t\t\t\t” . $year . $month . $day . $relstamp . “\t;serial\n”;

print “\t\t\t\t10800\t;systematic refresh 3h

\t\t\t\t1800\t;retry on refresh fail 30 min

\t\t\t\t604800\t;expire on secondary 1 week

\t\t\t\t86400 )\t;minimum TTL 1 day\n”;

print “$rprefix\t86400\tIN\tNS\tns1$domain.\n”;

foreach my $slave (@slaves) {

     print “$rprefix\t86400\tIN\tNS\t$slave.\n”;

}

foreach my $record (@records) {

     print @$record[1] . “\t86400\tIN\tPTR\t@$record[0]\n”;

}

To run that automatically when there is a change, add to your crontab:

#!/bin/bash

DATE=$(date -u +”%Y-%m-%d-%H_%M_%S”)

/etc/named/createptr.pl /etc/named/db.yourdomain.com | uniq > /etc/named/db.2001_470_8_1000.new

grep PTR /etc/named/db.2001_470_8_1000 > /tmp/$DATE-db.2001_470_8_1000

grep PTR /etc/named/db.2001_470_8_1000.new > /tmp/$DATE-db.2001_470_8_1000.new

if ! cmp /tmp/$DATE-db.2001_470_8_1000 /tmp/$DATE-db.2001_470_8_1000.new >/dev/null 2>&1

then

  mv /etc/named/db.2001_470_8_1000.new /etc/named/db.2001_470_8_1000

  /usr/sbin/rndc reload

else

  rm /etc/named/db.2001_470_8_1000.new

fi

rm /tmp/$DATE-db.2001_470_8_1000.new

rm /tmp/$DATE-db.2001_470_8_1000

Syndicated 2014-07-16 00:30:20 from Guylhem's most recent funny hacks & thoughts

OSX removing IPv6 addresses from openvpn

Recently, I tried to set up Viscosity.app to do VPN, and found one interesting bug : the interface is configured with IPv4 and IPv6 addresses, but a few seconds later OSX removes the IPv6 addresses!

Apparently, this is a long know bug, with the first references being in 2004 (10 years ago!!) on the archive.org copy of afp548.com in  https://web.archive.org/web/20050316003941/http://www.afp548.com/article.php?story=20041015131913324 :

"There is another agent, however, that drives Unix admins into fits. The Kernel Event Monitor (KEM) waits for kernel events that tell it that an interface has gone down. When this happens it informs configd which interface has gone down. Configd then re-reads its config from the preference.plist file and sends out the new settings to the configuration agents which make sure the interfaces are configured they way they should be. This then triggers the IPMA which redoes the routing table according to the new information.


And that is what trips up the admins. They use their traditional methods of configuring an interface and use ifconfig to make it so. This works great. Until, for whatever reason, the KEM tells Configd things have changed. Configd then reverts everything back to whatever is held in the preference.plist file. This cheeses Unix admins off.”

Indeed, that’s a problem - especially since there’s nothing in preference.plist to fix.

There is no know workaround either (cf http://apple.stackexchange.com/questions/98467/preventing-osx-from-removing-ipv6-from-a-tap-interface suggestion to use “ipconfig set tapN AUTOMATIC-V6” that does not work)

While I was still investigating, I was suggested the following by Viscosity support :

I’d recommend turning off Viscosity’s “Accept IPv6 Router Advertisements” option if it is on (under Preferences->Advanced). If this option is on it’s probable Mac OS X is trying to configure IPv6 on the tap adapter itself and overriding any OpenVPN settings. Mac OS X/configd will not attempt to do automatic IPv6 configuration on a layer-3 (TUN) adapter.

Another thing to try is to turn off DNS support for the connection (under the Networking tab when editing the connection). Obviously  in most cases this is less than ideal, but if it solves the issue it may help identify where the problem lies.

I’d also recommend adding a small “route-delay” to the connection, as occasionally OpenVPN may attempt to configure a TAP interface before it is ready. You can do this by adding the command “route-delay 10” (without quotes) under the Advanced tab for your connection.

Finally, as a work-around, you can try enabling IPv6 router advertisements on the router of your remote VPN network and allow the TAP interface to auto-configure itself rather than have OpenVPN manually attempt to do so.

Of course, nothing of that works, the 2nd was already turned off, and the 3rd only delays the routes.

The first doesn’t do anything, because the problem is due to the interface itself.

If when tap0 appears you try to do a ifconfig, you will see the correct IPv6 addresses, which are then removed by configd and its minions.

The statement “Mac OS X/configd will not attempt to do automatic IPv6 configuration on a layer-3 (TUN) adapter” is wrong.

I could ascertain that when I tried tun mode : apparently the interface type is set differently in the tun driver, which causes arp_client_init to fail and configd to stop trying to remove the ipv6 address. In syslog:

2014-07-11 3:30:05.240 PM configd[18]: arp_client_init(tun0): unsupported network type
2014-07-11 3:30:05.240 PM configd[18]: MANUAL tun0: arp_client_init failed
2014-07-11 3:30:05.244 PM configd[18]: IPConfiguration: failed to start link-local service on tun0, invalid operation

Look at http://sourceforge.net/p/tuntaposx/code/ci/master/tree/tuntap/src/tap/tap.cc line 100 :

this->family_name = TAP_FAMILY_NAME;
this->family = IFNET_FAMILY_ETHERNET;
this->type = IFT_ETHER

Now look at http://sourceforge.net/p/tuntaposx/code/ci/master/tree/tuntap/src/tun/tun.cc line 55:

this->family_name = TUN_FAMILY_NAME;
this->family = IFNET_FAMILY_TUN;
this->type = IFT_OTHER;

It’s not that OSX won’t attempt to do automatic IPv6 configuration on a layer-3 (TUN) adapter - it will try, but fail, and therefore give up.

The real fix would be to pass the tap address to OSX configuration layer to prevent it from removing it, which is almost impossible, since in “networksetup” command line tool the tap0 interface is not considered as “hardware” - and therefore the information can’t be stored.

There might be a possibility with “scutil”, if the tap0 entry can be populated when tap0 is up and before configd decides to remove things, but it would require passing some commands with the right timing, which can only be done by inspecting viscosity source code, which I don’t have.

tunnelblick had the exact same problem (http://code.google.com/p/tunnelblick/issues/detail?id=116) and had to resort to tricks, so I also used a dirty trick : an applescript that runs when the interface is up that’s basically reading the correct ip and route from the syslog and restores them.

— add to /etc/sudoers:

— yourusername ALL=(ALL) NOPASSWD: /sbin/ifconfig

— yourusername ALL=(ALL) NOPASSWD: /sbin/route

set ifconfig to do shell script “grep `pgrep openvpn` /var/log/system.log | grep ifconfig |grep inet6 |sed -e ‘s/.*\/sbin/\/sbin/g’ -e ‘s/^/sudo /g’”

set route to do shell script “grep `pgrep openvpn` /var/log/system.log|grep route |grep \/56 |sed -e ‘s/.*(/route add -inet6 /g’ -e ‘s/->.*)//g’ -e ‘s/dev/-interface/g’ -e ‘s/^/sudo /g’”

do shell script ifconfig

do shell script route

Ugly.

Viscosity, please run some scutil command as soon as tap0 comes up.

Syndicated 2014-07-15 19:34:00 from Guylhem's most recent funny hacks & thoughts

IPv6 tunnel on OSX while travelling


I need IPv6. I have it at home - not when I travel.

Let’s look at several different options, depending on how “cooperative” the ISP you are using is:

A) Tunnelbroker, from http://dice.neko-san.net/2012/02/creating-a-6in4-router-using-mac-os-x-10-7/

If you can be pinged on the IPv4 address and are behind a router that passes on protocol-41, then configure this IPV4 in your tunnelbroker account and do:

sysctl -w net.inet6.ip6.forwarding=1
ifconfig gif0 tunnel LOCALIPV4ADDRESS TUNNELIPV4ENDPOINT
ifconfig gif0 inet6 TUNNELCLIENTIPV6ADDRESS TUNNELSERVERIPV6ADDRESS prefixlen 128
route -n add -inet6 default TUNNELSERVERIPV6ADDRESS
ifconfig en0 inet6 LOCALIPV6ADDRESS prefixlen 64

For example, with:
Tunnel info from HE:
Server IPv4 Address: 216.66.80.26
Server IPv6 Address: 2001:470:1f08:f23a::1/64
Client IPv6 Address: 2001:470:1f08:f23a::2/64

Local IPv4 router address: 10.233.0.8
Local IPv6 /48 network assigned by HE: 2001:470:f23f::/48

Then do:
ifconfig gif0 tunnel 10.233.0.8 216.66.80.26
ifconfig gif0 inet6 2001:470:1f08:f23a::2 2001:470:1f08:f23a::1 prefixlen 128
route -n add -inet6 default 2001:470:1f08:f23a::1
ifconfig en0 inet6 2001:470:f23f::3e07:54ff:fe10:b870 prefixlen 64

If you want to pass IPv6 information to other systems, use rtadvd.

If you want to update the dynamic IPv4, use wget or curl with http://ipv4.tunnelbroker.net/ipv4_end.php

If your IPv4 changes, i.e. if you are assigned a dynamic IPv4 by your ISP instead of a static one, just create a simple script and do as before:

# Instead of using your username as $USER, get the userid on top of the page
HEUSER=fb3f06c821388858cafe95cea2489533
HEPASS=420cc447758fe38e9df69a3a17c77c22
HETUNNEL=123456
NEW_IP=`curl -s “http://www.networksecuritytoolkit.org/nst/cgi-bin/ip.cgi”`
# curl https://$USER:$HEPASS@tunnelbroker.net/nic/update?hostname=$HETUNNEL&myip=$NEW_IP
curl -k -s “https://ipv4.tunnelbroker.net/ipv4_end.php?ip=$NEW_IP&pass=$HEPASS&apikey=$HEUSER&tid=$HETUNNEL”

The password can be a tunnel specific password set in the advanced tab.

B) If you can’t use tunnelbroker, because you can’t be pinged, or if proto 41 is filtered

Some ISP filter ICMP ping. Apple time capsule is famous to only allow ICMP ping on its public IP if “Enable default host” in NAT is an existing IP address that does respond to ping

If you’re in that situation, or if proto 41 is filtered, you are out out luck. There are others thing, like teredo, but chances are they will also be blocked - and they’re not that good to begging with!

Your best bet may be to use freenet6 or aiccu/sixxs.net. Creating a login on sixxs.net is too complicated and too long, so I suggest you use freenet6 instead - your login will be working within minutes, and if you don’t want to spend a minute doing that, there’s also an anonymous mode (!!)

NB: In case of “Operation not permitted”, during your ping6 tests check the firewall :
sudo ip6fw show
65535 0 0 allow ipv6 from any to any

Syndicated 2014-07-08 06:33:28 from Guylhem's most recent funny hacks & thoughts

16 older entries...

 

guylhem certified others as follows:

  • guylhem certified jimray as Master
  • guylhem certified dmerrill as Master
  • guylhem certified godoy as Master
  • guylhem certified olea as Master
  • guylhem certified esr as Master
  • guylhem certified rms as Master

Others have certified guylhem as follows:

  • redi certified guylhem as Journeyer
  • badvogato certified guylhem as Apprentice

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page