This time last year was a very exciting time at linux.conf.au 2008. The conference organisers had arranged for 100 XO laptops to be given away to conference attendees.

The XOs came with the following message attached.

Please do something wonderful with this XO, or inspire someone else and pass it on.

I was fortunate enough to get one of these XOs. I knew however that I wouldn’t have any time in the foreseeable future to actually do anything cool with my XO. At the same time I didn’t simply want to give it away to someone, since I knew at some stage I would actually want to do something with it.

After chatting this over with a few other people I came up with the idea of putting together an OLPC Library. (It was originally going to be OLPC Bank but after chatting it over with Pia we decided that a Library seemed to fit the ideals of the project much better).

So as part of the work I’m doing with OLPC Friends we have finally launched OLPC Library. At the moment this is just a place holder page but hopefully soon we will have a site up to actually enable people to loan out OLPCs whether that be to a developer wanting to write a new piece of software/port an application or a community advocate putting on a demo at a school or trade show.

If you are interested in helping out you can see the beginnings of the ideas for the website at the OLPC Library Project page and you can also join the mailing lists.

This seems to be related to the image at http://howtoforge.com/themes/htf_glass/images/bg_header_bottom_left15.png. I suggest you don’t click on that link

Apparently this image is 10,000 pixels wide. It looks like this is probably a GTK issue since the same problem happended when I opened the image with evince!

I tried writing a greasemonkey script to get around this problem but it loads too late to avert the crash. So iptables to the rescue.

iptables -I OUTPUT -d howtoforge.com -m string –algo bm –to 70 –string “GET /themes/htf_glass/images/bg_header_bottom_left15.png” -j DROP

iptables  
    -I OUTPUT \ # Match packets levaing my laptop
    -d howtoforge.com  \ # Only packets going to howtoforge
    -m string \ # Invoke the string matcher
    --algo bm \ # Pick a matching algorithm
    --to 70 \ # Only check the first 70 bytes of each packet
    --string "GET /themes/htf_glass/images/bg_header_bottom_left15.png" \ 
    -j DROP # Drop the sucker

In your .vimrc file simply add

setlocal spell spelllang=en_au

Note: By default vim only installs en_us spell files. If you are running debian then there is a vim-spellfiles package. There is an ubuntu bug to do something about this as well. Since I’m using ubuntu I simply grabbed the en directory from ftp://ftp.vim.org/pub/vim/runtime/spell/ and dumped it in /usr/share/vim/vim71/spell

Vim will now highlight words it thinks are misspelled. The magic incarnations you will need are:

z= – Suggest alternatives for the word
zg – Add word to dictionary
zw – Remove word from dictionary

WARNING: If you have registered but haven’t gotten around to paying yet then you are going to miss out.

So hop to it. Otherwise you are going to be a sad panda.

Those who have know me for a while will know that up until recently I exclusively used linux virtual consoles (ie what CTRL-ALT-F1 gives you from within X) to do all my work except for browsing the web. Recently I stopped using them all together and moved totally into the land of X and started using gnome-terminal instead.

Well I suppose it wasn’t that big a step as my processes havn’t changed that much. I simply have a gnome-terminal with tabs full screen in the monitor on my left and a full screen firefox in the monitor on my right

I took another step today moving from centericq to pidgin for my IM needs. I’m quite liking it so far especially some of the pop up notification plugins since I can follow channel conversations without switching away from what I’m doing.

Now does anyone know if there is a plugin to sync all my configuration settings between different machines. That was the handiest thing about running centericq from inside a screen.

But have no fear I’m still using mutt for mail and doubt that will ever change.

In the last few weeks the amount of spam in my INBOX had been getting progressively worse to the point where I noticed no spam whatsoever was making its way into my spam folder.

Looking through my logs I eventually found the following

May 10 10:03:03 fozzie dspam[30287]: Unable to find a valid signature. Aborting.
May 10 10:03:03 fozzie dspam[30287]: process_message returned error -5.  dropping message.

I process my spam by using a mutt macro which bounces emails to johnf-spam at inodes dot org. This then passes the email to DSPAM which reclassifies it. It does this by looking at a header it added to the email.

X-DSPAM-Signature: 464400d0223642194712985

However these were appearing in my INBOX as

X-Dspam-Signature: 464400d0223642194712985

I use procmail and a perl script to pre-process some of my email and it uses Mail::Internet which in turn uses Mail::Header. It bestows this piece of wisdom upon the world.

# attempt to change the case of a tag to that required by RFC822. That
# being all characters are lowercase except the first of each word. Also
# if the word is an `acronym' then all characters are uppercase. We decide
# a word is an acronym if it does not contain a vowel.

sub _tag_case
{

Now I can’t see where in RFC822 it specifies this but in section B.2 it does specify

Upper and lower case are not dis-tinguished when comparing field-names.

So on that basis I choose to blame DSPAM and applied the following diff

diff -ur dspam-3.8.0.orig/src/dspam.c dspam-3.8.0/src/dspam.c
--- dspam-3.8.0.orig/src/dspam.c        2006-12-13 02:33:45.000000000 +1100
+++ dspam-3.8.0/src/dspam.c     2007-05-11 16:25:11.000000000 +1000
@@ -2165,7 +2165,7 @@
           while(node_header != NULL) {
             head = (ds_header_t) node_header->ptr;
             if (head->heading &&
-                !strcmp(head->heading, "X-DSPAM-Signature")) {
+                !strcasecmp(head->heading, "X-DSPAM-Signature")) {
               if (!strncmp(head->data, SIGNATURE_BEGIN,
                            strlen(SIGNATURE_BEGIN)))
               {

Now to work out the best way to push that upstream.

auto eth0
ifconfig eth0 inet manual
    pre-up /sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD || true

auto vlan7
iface vlan7 inet manual
    pre-up /sbin/vconfig add eth0 7 || true
    post-down /sbin/vconfig rem vlan7 || true

auto br0
    pre-up brctl addbr br0
    pre-up brctl addif br0 vlan7
    post-down brctl delbr br0
    address 10.38.38.1
    netmask 255.255.255.0
    network 10.38.38.0
    broadcast 10.38.38.255

Now the bridge-utils and vlan packages provide hooks into the ifup and ifdown commands so you can simply do

auto br-vlan4
iface br-vlan4 inet static
    address 10.38.38.1
    netmask 255.255.255.0
    network 10.38.38.0
    broadcast 10.38.38.255
    vlan-raw-device eth1
    bridge_ports vlan4
    bridge_maxwait 0
    bridge_fd 0
    bridge_stp off

Which will automagically

• Bring up eth1
• Create vlan4 bound to the eth1 interface
• Bring up vlan4
• Create the br0 with vlan4 attached
• Give eth1 the same HW address as br0
• Bring up br0 with the IP address

Nifty!

So for those that are wondering I will attempt to cover the following topics in no particular order or level of detail

• VoIP
• Codecs, which one should I use
• VoIP Hardware (Phones, ATAs, ISDN and PSTN cards, Mobile Pods)
• VoIP Providers and what they offer
• Asterisk and what it can do
• Beagle Internet IVR and distributed VoIP Call Centre as a case study
• Asterisk@Home

If there is anything else that in particular you are interested in or would like me to talk about then let me know.

I’ll also be bringing along various bits of hardware and hope to have a full demonstration running.

At Jeff’s request I will be doing an in depth overview of the difference between FXO and FXS and why it is critically important to any VoIP implementation. This will most likely require at least 20 slides and about 50 minutes of explanation

Matt suggested we do some DNS poisoning or do some transparent proxying using squid or similar. While these would have worked they required firewall changes through three levels of firewalls and extra infrastructure.

So I turned to an evil solution, iptables. Most people use DNAT on the inbound connection from the Internet to their internal private network to port forward to internal servers, or perform one-to-one NAT mappings. There is nothing stopping you using it the other way around.

Lets say that every time someone browses to http://bulletproof.net we want them to hit http://inodes.org instead. All you need to do is use DNAT to translate one IP address into the other.
[code]
animal:~ johnf$ host bulletproof.net
bulletproof.net has address 202.44.98.174
animal:~ johnf$ host inodes.org
inodes.org has address 202.125.41.97
animal:~ johnf$ sudo iptables -t nat -A PREROUTING -d 202.44.98.174 -j DNAT --to 202.125.41.97

[/code]

Now for some testing, a ping looks normal

[code]

animal:~johnf$ ping www.bulletproof.net
PING www.bulletproof.net.au (202.44.98.174) 56(84) bytes of data.
64 bytes from 202.44.98.174: icmp_seq=1 ttl=241 time=198 ms

[/code]

but a tcpdump looks like

[code]

animal:~johnf$ sudo tcpdump -ni eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:35:25.099510 IP 211.30.227.143 > 202.125.41.97: icmp 64: echo request seq 1
16:35:25.301712 IP 202.125.41.97 > 211.30.227.143: icmp 64: echo reply seq 1

[/code]

Of course if anyone needs to try and debug this they are going to have a really fun time working out what is going on.

If you want to test this yourself you can do it on your own machine using the OUTPUT chain instead of PREROUTING.

So here are some interesting stats of the attendee breakdown so far:

By Country

Australia by state