Older blog entries for mchirico (starting at number 47)

4 May 2005 (updated 4 May 2005 at 19:54 UTC) »
Google Gmail on Home Linux Box using Postfix and Fetchmail

Yes, you can relay all your mail to Google Gmail from your home system, if you have a Gmail account. Plus, you can get it delivered, fetched, locally.

Postfix has to be configured with TLS and SASL. The following listing will probably make sense, if you're familiar with Postfix. If you've never used Postfix, then, you might want to read the complete tutorial ``Google Gmail on Home Linux Box using Postfix and Fetchmail''

      transport_maps = hash:/etc/postfix/transport
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
     smtp_generic_maps = hash:/etc/postfix/generic

/etc/postfix/transport # Contents of /etc/postfix/transport # # This sends mail to Gmail gmail.com smtp:[smtp.gmail.com] # # Except mail going to the tape and closet server tape.squeezel.com relay:[tape.squeezel.com] closet.squeezel.com relay:[closet.squeezel.com]

/etc/postfix/generic # Note hostname is squeezel.squeezel.com chirico@squeezel.squeezel.com mchirico@gmail.com

/etc/postfix/sasl_passwd # Contents of sasl_passwd # [smtp.gmail.com] mchirico@gmail.com:pa33w0r8


I would strongly recommend using Fetchmail with the ``sslcertck'' option, after you verify and copy the certificates. See the tutorial for a complete step by step approach on how to do this.

    # Sample /home/chirico/.fetchmailrc file for Gmail
    # Check mail every 90 seconds
    set daemon 90
    set syslog
    set postmaster chirico
    #set bouncemail
    # Google Gmail  is mchirico but on computer it is chirico
    #  To keep mail on the server use the you would put keep at the end.
    # user 'mchirico@gmail.com' with pass "pa33w0r8"  is 'chirico' here options ssl sslcertck  sslcertpath '/home/chirico/certs/.certs' keep    
    poll pop.gmail.com with proto POP3 and options no dns 
         user 'mchirico@gmail.com' with pass "pa33w0r8"  is 'chirico' here options ssl sslcertck  sslcertpath '/home/chirico/certs/.certs' 
         smtphost localhost    
    # You would use this to by-pass Postfix
    # mda '/usr/bin/procmail -d %T'


Mike Chirico

8 Apr 2005 (updated 8 Apr 2005 at 02:07 UTC) »
Microsoft DNS cache poisoning

I noticed a lot of Internet Explorer users complaining about annoying pop-ups. And when they run ad-aware, it looks like lots of spyware. Also, I hear an inordinate number of complaints regarding ISP service yesterday and today...check the DNS, especially Comcast users.

Maybe you've noticed a slow email day?

I think this cache poisoning is going to get worse. But, I've been wrong before.


Microsoft has posted an update on this.

The following is the DNS CACHE POISONING DETAILED ANALYSIS REPORT Version 2, which gives a history and some good details.

30 Mar 2005 (updated 31 Mar 2005 at 00:39 UTC) »
C++ Tip

I picked up a copy of ``C++ Common Knowledge: Essential Intermediate Programming'' by Stephen C. Dewhurst, 2005. I like his example (Item 6: Array Formal Arguments), dealing with array formal arguments. In fact, there are no array formal arguments. Arrays decay to a first element pointers. What does this mean? It's not possible to find the size of an array, that is passed to a function with ``sizeof(array)/sizeof(Array[0])'', because sizeof(array) finds the size of the pointer, and not the array. Yes, when you create the array, you can find the size of it; but, when it decays to a pointer, which it does when you pass an array to a function, you cannot use this method. Don't take my word for it. Try it.

Dewhurst gives an interesting way around this - I've added initialization of the array as well.

#include <iostream>
#include <string>
using namespace std;

template <typename T,int n, typename T2> int give_size_init(T (&array)[n],T2 init_val) { int i; for(i=0; i<n; i++) array[i]=init_val; return n; }

int main(void) { int a[13]; string s[15]; string s_init; cout << "Size of array is " << give_size_init(a,5) << endl; cout << "Size of array is " << give_size_init(s,"ta da") << endl; s_init="more"; cout << "Size of array is " << give_size_init(s,s_init) << endl; return 0; }

OpenSSH and PuTTY This article was updated that details connecting beyond a firewall. In addition, I rarely see people using the config option with openSSH, which is peculiar, since it's convenient and powerful. Also the RemoteForward option for presenting remote websites through multiple firewalls, is my favorite option.

26 Mar 2005 (updated 28 Mar 2005 at 02:31 UTC) »
Breaking Firewalls with OpenSSH and PuTTY

If the system administrator deliberately filters out all traffic except port 22 (ssh), to a single server, it is very likely that you can still gain access other computers behind the firewall. This article shows how remote Linux and Windows users can gain access to firewalled samba, mail, and http servers. In essence, it shows how openSSH and Putty can be used as a VPN solution for your home or work place.

man shutdown

           $  shutdown -k +1

I love the man page on this one.

      -k     Don't really shutdown; only send the warning messages to every-

Doesn't that sound a bit sinister? I picture an evil System Administrator, having malice aforethought and obvious premeditation, going around executing repeated ``shutdown -k'' commands.

149 Linux Tips

I'm up to 149 tips. I'm a bit of a numbers freak. Tip 23 was special because the numbers PI and E sync on the number 23. So I had to come up with a unique tip for that one.

Temperature of Hard Disk

So, how hot does your hard disk run? smartmontools will tell you.

My hard drive is currently 31C

194 Temperature_Celsius     0x0002   177   177   000    Old_age   Always       -        
31 (Lifetime Min/Max 16/44)

There is a good article in Linux Journal.

21 Mar 2005 (updated 21 Mar 2005 at 13:09 UTC) »
Unionfs - Very Impressive.

When this Linux Journal article first appeared, Unionfs wouldn't compile on the 2.6 kernel. But now, as long as you're using a 2.6.9+ kernel, it works like a charm.

I can't emphasize it enough; take a close look at the last part of that linux journal article. You've probably heard that KNOPPIX is using Unionfs; but, the real power is putting it in your own hands. Especially, if you create your own live Linux cds.


Fedora Core 3 currently uses the 2.6.10 kernel, so you won't have any trouble with this distro. Or, if you don't want to mess with your kernel, download and burn my iso - more on this approach later; but, lets just get started on your local system

Step 1: Download and Compile

Download the latest tar.gz from ftp://ftp.fsl.cs.sunysb.edu/pub/unionfs/

   # tar -xzf unionfs-1.0.9.tar.gz
   # cd unionfs-1.0.9
   # make

The above steps should compile, leaving you with unionfs.ko

Step 2: Load unionfs.ko

This is the quick way of load the module, assuming you have ``su -'' to root.

   # insmod unionfs.ko

You can check that is loaded correctly by executing the following command:

   # cat /proc/modules |grep 'unionfs'
unionfs 1021460 0 - Live 0xf8ee9000

By the way, if you need to unload the module, the command is ``rmmod unionfs.ko''.


If you read the Linux Journal article, you'll see that it creates a ``union'' of two directories. So you can have an NFS mounted home directory combined with local home. Everything shows up under one directory. It doesn't matter if there are duplicates.

I have an NFS mounted home ``/home2/chirico'' that I combine with the local home ``/home/chirico''.

    # mount -t unionfs -o dirs=/home/chirico:/home2/chirico none /home/chirico

The union of the two directories show up under ``/home/chirico''; and if there are duplicate filenames, then, the file in ``/home/chirico'' will take priority.

Unionfs with CD

I have a live Linux CD, which is a base install to get Linux running in RAM. But, it has Unionfs so when it boots, I can mount the ``/etc'', ``/lib'', ``/bin'' and even ``/dev'' directories from the hard drive of the computer. See Create a Custom Live Linux CD (f.2) in the FAQ section. By the way, if you unionfs ``/dev'' you get additional access to devices.

OK, so what. Well, my goal was to create a rescue cd so that the system could be up and running in the time it takes to reboot. Ideally swap in a second computer without a HD and boot from the CD. Assuming the critical files exist as an NFS mount, on another server they can be NFS/unionfs mounted. Now, as the other files are restored from tape, they too can be unionfs mounted. Since unionfs can also parse out changes to these directories, once the initial computer gets fix, these changes can be merged into a single directory.

Screen and Emacs

I'm a big fan of screen; but, the default settings for screen conflict with Emacs. So, to fix this problem I added the following to my .bashrc file.

                alias s='screen -e^Pa -D -R'

Now ctl-p will bring up all the screen options. This way you can run emacs and screen together. Running ``s'' at the command prompt brings up screen.

Common Screen Commands

I use the following all the time with this new setup. Note, if you're reading the man page substitute C-a with C-p, or ctl-a with ctl-p.

           ctl-p ctl-c                             Creates a new window
           ctl-p shft-a   ``name''            Name the window
           ctl-p shft-s                           Split window
           stl-p shft-q                           Unsplit window

With screen you can disconnect from work, then, reconnect to the same session at home.



           $ mypipe="|"
           $ eval ls $mypipe wc

Did you catch that? The above statement is the same as

$ ls | wc

Where "|" is put into the variable $mypipe

38 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!